International Journal of Open Information Technologies

In this paper, we propose a method for formalizing the anonymous authentication property based on the ”provable security”paradigm. The article presents the pseudocode of the model, as well as comments regarding the potential capabilities of an attacker that are taken into account in the model and the security properties that it describes. A number of attacks that can be formalized using the model are considered, a comparison is made with similar models for (P)AKE protocols, and directions for further model extensions are highlighted. Finally, a step-by-step description of the formalization process is provided using the example of a specific authentication protocol, which is based on the authentication key agreement procedure in 5G networks.

A cryptographic analysis of the TLS 1.3 handshake protocol / B. Dowling, M. Fischlin, F. Gunther, D. Stebila // Journal of Cryptology. — 2021. — Vol. 34, no. 4. — P. 1–69.

On the security of one password authenticated key exchange protocol / S. V. Smyshlyaev, I. B. Oshkin, E. K. Alekseev, L. R. Ahmetzyanova // Cryptology ePrint Archive. — 2015.

Boyd C., Mathuria A., Stebila D. Protocols for authentication and key establishment. — Springer, 2003.

Choo K. K. R. Secure key establishment. — Springer Science & Business Media, 2008.

Brzuska C. On the foundations of key exchange. — 2012.

Fischlin M., Gunther F. Multi-stage key exchange and the case of google’s QUIC protocol // Proceedings of the 2014 ACM SIGSAC

Conference on Computer and Communications Security. — 2014. — P. 1193–1204.

Key Confirmation in Key Exchange: A Formal Treatment and Implications for TLS 1.3 / M. Fischlin, F. Günther, B. Schmidt, B. Warinschi // 2016 IEEE Symposium on Security and Privacy (SP). — 2016. — P. 452–469.

Bellare M., Rogaway P. Entity authentication and key distribution // Annual international cryptology conference / Springer. — 1993. — P. 232–249.

On the security of one RFID authentication protocol / A. Chichaeva, S. Davydov, E. Griboedova, K. Tsaregorodtsev // The 12th Workshop on Current Trends in Cryptology (CTCrypt 2023). — 2023.

Vaudenay S. On privacy models for RFID // International conference on the theory and application of cryptology and information security / Springer. — 2007. — P. 68–87.

Paise R. I., Vaudenay S. Mutual authentication in RFID: security and privacy // Proceedings of the 2008 ACM symposium on Information, computer and communications security. — 2008. — P. 292–299.

A zero-knowledge based framework for RFID privacy / R. H. Deng, Y. Li, M. Yung, Y. Zhao // Journal of Computer Security. — 2011. — Vol. 19, no. 6. — P. 1109–1146.

A new RFID privacy model / J. Hermans, A. Pashalidis, F. Vercauteren, B. Preneel // European symposium on research in computer

security / Springer. — 2011. — P. 568–587.

Koutsos A. The 5G-AKA Authentication Protocol Privacy. — 2019. — 06. — P. 464–479.

The privacy of the TLS 1.3 protocol / G. Arfaoui, X. Bultel, P. A. Fouque et al. // Proceedings on Privacy Enhancing Technologies. — 2019. — Vol. 2019. — P. 190–210.

Osnovy kriptografii [Foundations of Cryptography] / A. P. Alferov, A. Yu. Zubov, A. S. Kuz’min, A. V. Cheremushkin. — Moscow :

Helios, Association of Russian Universities, 2005. — P. 480. — In Russian.

Cheremushkin A. V. Cryptographic protocols: main properties and vulnerabilities // Prikladnaya Diskretnaya Matematika. Supplement. — 2009. — no. 2. — P. 115–150.

On the cryptographic properties of algorithms accompanying the applications of standards GOST R 34.11-2012 and GOST R 34.10-

/ E. K. Alekseev, I. B. Oshkin, V. O. Popov, S. V. Smyshlyaev // Mathematical Aspects of Cryptography. — 2016. — Vol. 7, no. 1. — P. 5–38.

Mao W. Modern Cryptography: Theory and Practice. — Williams publishing, 2005. — In Russian.

Alekseev E., Kyazhin S. Probing the security landscape for authenticated key establishment protocols // The 12th Workshop on Current Trends in Cryptology (CTCrypt 2023). — 2023.

Katz J., Lindell Y. Introduction to modern cryptography. — CRC press, 2020.

Mittelbach A., Fischlin M. The theory of hash functions and random oracles. An Approach to Modern Cryptography. — Springer Cham,

On symmetric encryption with distinguishable decryption failures / A. Boldyreva, J. P. Degabriele, K. G. Paterson, M. Stam // Fast Software Encryption: 20th International Workshop, FSE 2013, Singapore, March 11-13, 2013. Revised Selected Papers 20 / Springer. — 2014. — P. 367–390.

New privacy issues in mobile telephony: fix and verification / M. Arapinis, L. Mancini, E. Ritter et al. // Proceedings of the 2012 ACM

conference on Computer and communications security. — 2012. — P. 205–216.

New privacy threat on 3G, 4G, and upcoming 5G AKA protocols / R. Borgaonkar, L. Hirschi, S. Park, A. Shaik // Cryptology ePrint

Archive. — 2018.

Alekseev E., Kyazhin S., Smyshlyaev S. The threat of forcing the identical roles for authenticated key establishment protocols // Journal of Computer Virology and Hacking Techniques. — 2024. — Vol. 20, no. 2. — P. 225–230.

Brands S., Chaum D. Distance-bounding protocols // Workshop on the Theory and Application of of Cryptographic Techniques / Springer. — 1993. — P. 344–359.

So near and yet so far: Distance-bounding attacks in wireless networks / J. Clulow, G. P. Hancke, M. G. Kuhn, T. Moore // European

Workshop on Security in Ad-hoc and Sensor Networks / Springer. — 2006. — P. 83–97.

Security of distance-bounding: A survey / G. Avoine, M. A. Bingöl, I. Boureanu et al. // ACM Computing Surveys (CSUR). — 2018. —

Vol. 51, no. 5. — P. 1–33.

Nesterenko A. Yu., Semenov A. M. Methodology for assessing the security of cryptographic protocols // Prikladnaya Diskretnaya Matematika. — 2022. — no. 56. — P. 33–82. — In Russian.

Li Y., Schäge S. No-match attacks and robust partnering definitions: defining trivial attacks for security protocols is not trivial // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. — 2017. — P. 1343–1360.

Bellare M., Pointcheval D., Rogaway P. Authenticated key exchange secure against dictionary attacks // International conference on the theory and applications of cryptographic techniques / Springer. — 2000. — P. 139–155.

A new framework for RFID privacy / R. H. Deng, Y. Li, M. Yung, Y. Zhao // European Symposium on Research in Computer Security /

Springer. — 2010. — P. 1–18.

Alekseev E. K., Kyazhin S. N., Smyshlyaev S. V. Forcing future public ephemeral keys to attack authenticated key establishment protocols // Prikladnaya Diskretnaya Matematika. — 2024. — Vol. 66. — P. 60–77.

Beth T., Desmedt Y. Identification tokens—or: Solving the chess grandmaster problem // Conference on the Theory and Application of Cryptography / Springer. — 1990. — P. 169–176.

Abdalla M., Bellare M., Rogaway P. The oracle Diffie-Hellman assumptions and an analysis of DHIES // Topics in Cryptology — CT-RSA 2001: The Cryptographers’ Track at RSA Conference 2001 San Francisco, CA, USA, April 8–12, 2001 Proceedings / Springer. — 2001. — P. 143–158.

Smart N. P. The exact security of ECIES in the generic group model // IMA International Conference on Cryptography and Coding /

Springer. — 2001. — P. 73–84.

Tsaregorodtsev K. On the confidentiality and integrity of ECIES scheme // Mathematical Aspects of Cryptography. — 2024. — Vol. 15, no. 2. — P. 101–136.

GPP TS 33.501 V 18.0.0. Security architecture and procedures for 5G system.

Belsky V., Drynkin A., Davydov S. A subscriber’s privacy on the 5G radio interface // International Journal of Open Information Technologies. — 2021. — Vol. 9, no. 7. — P. 32–54.

R 1323565.1.026-2019. Information technology. Cryptographic data security. Block cipher modes implementing authenticated encryption. — 2019.

GOST 34.13-2018. Information technology. Cryptographic data security. Modes of operation for block ciphers. — 2018.

Bellare B., Namprempre C. Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm //

Journal of Cryptology. — 2000. — Vol. 21. — P. 469–491.

R 50.1.113-2016. Information technology. Cryptographic data security. Cryptographic algorithms accompanying the application of electronic digital signature and hash-function. — 2016.