| Abstract | In the analysis of many cryptographic protocols, it is useful to distinguish two classes of attacks:passive attacks in which an adversary eavesdrops on messages sent between honest users and active
attacks (i.e., “man-in-the-middle” attacks) in which — in addition to eavesdropping — the adversary
inserts, deletes, or arbitrarily modifies messages sent from one user to another. Passive attacks
are well characterized (the adversary’s choices are inherently limited) and techniques for achieving
security against passive attacks are relatively well understood. Indeed, cryptographers have long
focused on methods for countering passive eavesdropping attacks, and much work in the 1970’s and
1980’s has dealt with formalizing notions of security and providing provably-secure solutions for
this setting. On the other hand, active attacks are not well characterized and precise modeling has
been difficult. Few techniques exist for dealing with active attacks, and designing practical protocols
secure against such attacks remains a challenge.
This dissertation considers active attacks in a variety of settings and provides new, provably-
secure protocols preventing such attacks. Proofs of security are in the standard cryptographic model
and rely on well-known cryptographic assumptions. The protocols presented here are efficient and
practical, and may find application in real-world systems.
|
