25 Some Key Establishment Goals

Key Freshness

The key established is new (either from a trusted third party or because it uses a new nonce).

Key Exclusivity

The key is only known to the principals in the protocol.

Good Key

A good key is both fresh and exclusive.

Far-end Operative:

A knows that “B” is currently active. For instance, B might have signed a nonce generated by a, e.g.

• $A\to B:N_a$
• $B\to A:S_B(N_a)$ Not enough on its own (e.g. Needham-Schroeder Protocol).

Once Authentication :

A knows that B wishes to communicate with A. For instance, B might have the name A in the message, e.g.

• $B\to A:S_B(A)$

Entity Authentication

Both of these together give : Entity Authentication : A knows that B is currently active and wants to communicate with A. e.g.

• $A\to B:N_a$
• $B\to A:S_B(A,N_a)$

A Hierarchy of Goals

The Highest Goal

A protocol provides Mutual Belief in a key $K$ for Alice with respect to Bob if, after running the protocol, Bob can be sure that :

• $K$ is a good key with $A$.
• Alice can be sure that Bob wishes to communicate with Alice using $K$.
• Alice knows that Bob believes that $K$ is a good key for $B$.