Security Models and Proofs for Key Establishment Protocols
In this thesis we study the problem of secure key establishment, motivated by the construction of secure channels protocols to protect information transmitted over an open network. In the past, the purported security of a key establishment protocol was justified if it could be shown to withstand popular attack scenarios by heuristic analysis. Since this approach does not account for all possible attacks, the security guarantees are limited and often insufficient. This thesis examines the provable security approach to the analysis of key establishment protocols. We present the security models and definitions developed in 2001 and 2002 by Canetti and Krawczyk, critique the appropriateness of the models, and provide several security proofs under the definitions. In addition, we consider the importance of the key compromise impersonation resilience property in the context of these models. We list some open problems that were encountered in the study.