Secure Key Exchange
February 11-15, 2018
Secure key exchange is a fundamental primitive used to secure the digital world. The most well known examples are SSL/TLS and IPsec, although many different key exchange protocols are used to connect devices (wireless, bluetooth, and much more). Although the task of achieving secure key exchange may seem straightforward, it is remarkably tricky and is extremely hard to get right. Numerous attacks on real-world systems are due to poorly designed and implemented key exchange. Despite being so basic and important, key exchange is rarely taught in introductory cryptography courses. This is problematic given the ubiquity of key exchange in practice. In addition, secure key exchange is still a very active area of research in the crypto community. In the 8th BIU Winter School on Cryptography, we will study the problem of constructing secure key exchange protocols in depth. The program will cover definitional issues, protocol constructions, attacks, password protocols, and formal analysis. The following topics will be included:
1) Intro: motivation, intuition, examples, definitional approaches, design principles, advanced protocols, key derivation
2) Indistinguishability formalisms and proofs (selected protocol(s)) plus extensions (TLS 1.3), UC key exchange formalism, 0-RTT
3) Password protocols, hash proof systems
4) Attacks (incl. side channels) and automated tools
5) Secure channels (attacks and formalism)
The winter school program is designed to teach the topic from its basics up to the latest research. The program this year will be both comprehensive and in-depth, and will provide participants the understanding necessary to analyze existing protocols and carry out research in the area.
The target audience for the school is graduate students and postdocs in cryptography (we will assume that participants have taken at least one university-level course in cryptography). However, all faculty, undergrads and professionals with the necessary background are welcome. The winter school is open to participants from all over the world; all talks will be in English.
- Karthik Bhargavan, INRIA. France
- Marc Fischlin, Darmstadt University of Technology, Germany
- Hugo Krawczyk, IBM T.J. Watson Research Center, US
- Kenny Paterson, Royal Holloway University of London, UK
- David Pointcheval, ENS Paris, France
Where: The winter school will take place at the Rayman hall at Kfar Hamaccabiah events & conference center in Ramat Gan
When: Sunday, February 11, 2018 to Thursday, February 15, 2018
Registration: Due to rising costs, registration is 750 shekels for the entire school. Registration is free for overseas participants (due to costs already incurred due to travel). Israeli participants who have difficulty paying the registration fee can request a waiver; please include this in the special request box in the registration form. After registration has been confirmed, Israeli participants will receive a link to carry out the payment. Registration will be considered complete only after payment.
Registration includes school participation, lunch, refreshments and the excursion (accommodation is not included). Please register by January 15, 2018.
Contact: For any questions or queries, please send an e-mail to: email@example.com
Hotel: We have arranged a special rate at the Kfar Hamaccabiah Hotel where the conference center is located. The rate is $170 a night for a single room, $190 a night for a double room (with two occupants) and $215 for a triple room (with three occupants). The rate includes breakfast. Hotel reservation form will be available soon.
Support: A limited number of stipends of $800 each (for flight and accommodation) will be awarded for overseas students needing support. The deadline for stipend application is December 15, 2018. Please have your advisor send a letter justifying the need for financial support.
Sponsorship: This winter school is graciously sponsored by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office and Bar-Ilan University.
Program Schedule: The detailed schedule for the winter school can be downloaded here
Sunday, February 11 – Introduction
Lecturer: Hugo Krawczyk
- What Are Key Exchange Protocols?
- Overview of Security Definitions
- Diffie-Hellman Protocols and Authenticators
- STS, SIGMA and IKE (IPsec’s Key Exchange)
- Implicitly Authenticated KEPs
- More on Implicit Authentication; Key Derivation
Monday, February 12 – Advanced Definitions and Proofs
Lecturer: Marc Fischlin
- Bellare-Rogaway-Security of Key Exchange (passive adversaries)
- Bellare-Rogaway-Security of Key Exchange (active adversaries)
- Forward Secrecy
- TLS 1.3 and other protocols
- Zero Round-Trip Time (0-RTT)
- Universally Composable Key Exchange
Tuesday, February 13 – Password-Based Key Exchange
Lecturer: David Pointcheval
- Hash Proof Systems
- Definitions and Models for Password-Authenticated Key Exchange
- Constructions of Password-Authenticated Key Exchange from Hash Proof Systems
Wednesday, February 14 – Attacks and Automated Tools
Lecturer: Karthik Bhargavan
- Man-in-the-Middle Attacks on Authenticated Key Exchange
- Downgrade Attacks on Agile Real-World Protocols
- Automated Symbolic Protocol Verification
- Mechanized Computational Protocol Proofs
- Verified Cryptographic Libraries
- Verified Cryptographic Protocol Implementations
Thursday, February 15 – TLS and Secure Channels: Definitions and Attacks
Lecturer: Kenny Paterson
- Overview of the TLS Handshake
- Vulnerabilities in the TLS Handshake
- From Key Exchange to Secure Channels
- Security Proofs for Fragments of TLS
- Security Issues in Real-World Secure Channels
- Modelling Secure Channels