{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T19:00:34Z","timestamp":1742929234508,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":51,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642402029"},{"type":"electronic","value":"9783642402036"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-40203-6_20","type":"book-chapter","created":{"date-parts":[[2013,8,14]],"date-time":"2013-08-14T02:48:53Z","timestamp":1376448533000},"page":"345-362","source":"Crossref","is-referenced-by-count":15,"title":["A Cryptographic Analysis of OPACITY"],"prefix":"10.1007","author":[{"given":"\u00d6zg\u00fcr","family":"Dagdelen","sequence":"first","affiliation":[]},{"given":"Marc","family":"Fischlin","sequence":"additional","affiliation":[]},{"given":"Tommaso","family":"Gagliardoni","sequence":"additional","affiliation":[]},{"given":"Giorgia Azzurra","family":"Marson","sequence":"additional","affiliation":[]},{"given":"Arno","family":"Mittelbach","sequence":"additional","affiliation":[]},{"given":"Cristina","family":"Onete","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"20_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-540-30580-4_6","volume-title":"Public Key Cryptography - PKC 2005","author":"M. Abdalla","year":"2005","unstructured":"Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol.\u00a03386, pp. 65\u201384. Springer, Heidelberg (2005)"},{"key":"20_CR2","doi-asserted-by":"crossref","unstructured":"Albrecht, M.R., Paterson, K.G., Watson, G.J.: Plaintext recovery attacks against SSH. In: 2009 IEEE Symposium on Security and Privacy, pp. 16\u201326. IEEE Computer Society Press (May 2009)","DOI":"10.1109\/SP.2009.5"},{"key":"20_CR3","unstructured":"Smart Card Alliance: Industry technical contributions: Opacity (April 2013), \n                    \n                      http:\/\/www.smartcardalliance.org\/pages\/smart-cards-contributions-opacity"},{"key":"20_CR4","unstructured":"ANSI X9-63-199X \u2013 Public key cryptography for the financial services industry: Key agreement and key transport using elliptic curve cryptography (1999)"},{"key":"20_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology - CRYPTO \u201993","author":"M. Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol.\u00a0773, pp. 232\u2013249. Springer, Heidelberg (1994)"},{"key":"20_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/978-3-642-33383-5_7","volume-title":"Information Security","author":"J. Bender","year":"2012","unstructured":"Bender, J., Dagdelen, \u00d6., Fischlin, M., K\u00fcgler, D.: Domain-specific pseudonymous signatures for the german identity card. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol.\u00a07483, pp. 104\u2013119. Springer, Heidelberg (2012)"},{"issue":"2","key":"20_CR7","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/s00145-004-0016-3","volume":"18","author":"J. Black","year":"2005","unstructured":"Black, J., Rogaway, P.: CBC MACs for arbitrary-length messages: The three-key constructions. Journal of Cryptology\u00a018(2), 111\u2013131 (2005)","journal-title":"Journal of Cryptology"},{"key":"20_CR8","doi-asserted-by":"crossref","unstructured":"Boyd, C., Mao, W., Paterson, K.G.: Deniable authenticated key establishment for internet protocols. In: Security Protocols Workshop, pp. 255\u2013271 (2003)","DOI":"10.1007\/11542322_31"},{"key":"20_CR9","doi-asserted-by":"crossref","unstructured":"Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy. The MIT Press (2000)","DOI":"10.7551\/mitpress\/5931.001.0001"},{"key":"20_CR10","doi-asserted-by":"crossref","unstructured":"Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Atluri, V., Pfitzmann, B., McDaniel, P. (eds.) ACM CCS 2004, pp. 132\u2013145. ACM Press (October 2004)","DOI":"10.1145\/1030083.1030103"},{"key":"20_CR11","unstructured":"Brzuska, C., Fischlin, M., Smart, N., Warinschi, B., Williams, S.: Less is more: Relaxed yet composable security notions for key exchange. Cryptology ePrint Archive, Report 2012\/242 (2012), \n                    \n                      http:\/\/eprint.iacr.org\/"},{"key":"20_CR12","doi-asserted-by":"crossref","unstructured":"Brzuska, C., Fischlin, M., Warinschi, B., Williams, S.C.: Composability of Bellare-Rogaway key exchange protocols. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM CCS 2011, pp. 51\u201362. ACM Press (October 2011)","DOI":"10.1145\/2046707.2046716"},{"key":"20_CR13","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136\u2013145. IEEE Computer Society Press (October 2001)","DOI":"10.1109\/SFCS.2001.959888"},{"key":"20_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/3-540-44987-6_28","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"R. Canetti","year":"2001","unstructured":"Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol.\u00a02045, pp. 453\u2013474. Springer, Heidelberg (2001)"},{"key":"20_CR15","doi-asserted-by":"crossref","unstructured":"Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28 (October 1985)","DOI":"10.1145\/4372.4373"},{"key":"20_CR16","doi-asserted-by":"crossref","unstructured":"Dagdelen, \u00d6., Fischlin, M., Gagliardoni, T., Marson, G.A., Mittelbach, A., Onete, C.: A cryptographic analysis of OPACITY. Cryptology ePrint Archive, Report 2013\/234 (2013), \n                    \n                      http:\/\/eprint.iacr.org\/","DOI":"10.1007\/978-3-642-40203-6_20"},{"key":"20_CR17","unstructured":"Deeg, M., Eichelmann, C., Schreiber, S.: Programmed insecurity \u2014 SySS cracks yet another usb flash drive, \n                    \n                      http:\/\/www.syss.de\/fileadmin\/ressources\/040_veroeffentlichungen\/dokumente\/SySS_Cracks_Yet_Another_USB_Flash_Drive.pdf"},{"key":"20_CR18","unstructured":"Deeg, M., Schreiber, S.: Cryptographically secure? SySS cracks a usb flash drive, \n                    \n                      https:\/\/www.syss.de\/fileadmin\/ressources\/040_veroeffentlichungen\/dokumente\/SySS_Cracks_SanDisk_USB_Flash_Drive.pdf"},{"issue":"4","key":"20_CR19","doi-asserted-by":"publisher","first-page":"572","DOI":"10.1007\/s00145-009-9044-3","volume":"22","author":"M. Raimondo Di","year":"2009","unstructured":"Di Raimondo, M., Gennaro, R.: New approaches for deniable authentication. Journal of Cryptology\u00a022(4), 572\u2013615 (2009)","journal-title":"Journal of Cryptology"},{"key":"20_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1007\/978-3-642-00457-5_10","volume-title":"Theory of Cryptography","author":"Y. Dodis","year":"2009","unstructured":"Dodis, Y., Katz, J., Smith, A., Walfish, S.: Composability and on-line deniability of authentication. In: Reingold, O. (ed.) TCC 2009. LNCS, vol.\u00a05444, pp. 146\u2013162. Springer, Heidelberg (2009)"},{"issue":"6","key":"20_CR21","doi-asserted-by":"publisher","first-page":"851","DOI":"10.1145\/1039488.1039489","volume":"51","author":"C. Dwork","year":"2004","unstructured":"Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. J. ACM\u00a051(6), 851\u2013898 (2004)","journal-title":"J. ACM"},{"key":"20_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-540-88733-1_22","volume-title":"Provable Security","author":"S. Gajek","year":"2008","unstructured":"Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.-R., Schwenk, J.: Universally composable security analysis of TLS. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol.\u00a05324, pp. 313\u2013327. Springer, Heidelberg (2008)"},{"issue":"2","key":"20_CR23","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/s10623-011-9604-z","volume":"67","author":"I. Goldberg","year":"2013","unstructured":"Goldberg, I., Stebila, D., Ustaoglu, B.: Anonymity and one-way authentication in key exchange protocols. Des. Codes Cryptography\u00a067(2), 245\u2013269 (2013)","journal-title":"Des. Codes Cryptography"},{"key":"20_CR24","unstructured":"INCITS: 504-1, Information Technology - generic identity command set part 1: Card application command set"},{"key":"20_CR25","unstructured":"ISO\/IEC: Identification cards - Integrated circuit(s) cards with contacts - Part 4: Organization, security and commands for interchange. Tech. Rep. ISO\/IEC 7816-4, International Organization for Standardization, Geneva, Switzerland (2005)"},{"key":"20_CR26","unstructured":"ISO\/IEC: Identification cards - Integrated circuit(s) cards with contacts - Part 8: Security related interindustry commands. Tech. Rep. ISO\/IEC 7816-8, International Organization for Standardization, Geneva, Switzerland (2009)"},{"key":"20_CR27","unstructured":"ISO\/IEC: Identification Cards \u2013 Integrated Circuit Cards Programming Interface \u2013 Part 6: Registration procedures for the authentication protocols for interoperability. Tech. Rep. ISO\/IEC FDIS 24727-6, International Organization for Standardization, Geneva, Switzerland (2009)"},{"key":"20_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-540-39887-5_11","volume-title":"Fast Software Encryption","author":"T. Iwata","year":"2003","unstructured":"Iwata, T., Kurosawa, K.: OMAC: One-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol.\u00a02887, pp. 129\u2013153. Springer, Heidelberg (2003)"},{"key":"20_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-32009-5_17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"T. Jager","year":"2012","unstructured":"Jager, T., Kohlar, F., Sch\u00e4ge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol.\u00a07417, pp. 273\u2013293. Springer, Heidelberg (2012)"},{"key":"20_CR30","doi-asserted-by":"crossref","unstructured":"Juels, A., Weis, S.A.: Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006\/137 (2006), \n                    \n                      http:\/\/eprint.iacr.org\/","DOI":"10.1109\/PERCOMW.2007.37"},{"key":"20_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1007\/3-540-44647-8_19","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"H. Krawczyk","year":"2001","unstructured":"Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.\u00a02139, pp. 310\u2013331. Springer, Heidelberg (2001)"},{"key":"20_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"549","DOI":"10.1007\/11593447_30","volume-title":"Advances in Cryptology - ASIACRYPT 2005","author":"C. Kudla","year":"2005","unstructured":"Kudla, C., Paterson, K.G.: Modular security proofs for key agreement protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol.\u00a03788, pp. 549\u2013565. Springer, Heidelberg (2005)"},{"key":"20_CR33","doi-asserted-by":"crossref","unstructured":"K\u00fcsters, R., Tuengerthal, M.: Composition theorems without pre-established session identifiers. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM CCS 2011, pp. 41\u201350. ACM Press (October 2011)","DOI":"10.1145\/2046707.2046715"},{"key":"20_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-75670-5_1","volume-title":"Provable Security","author":"B.A. LaMacchia","year":"2007","unstructured":"LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol.\u00a04784, pp. 1\u201316. Springer, Heidelberg (2007)"},{"key":"20_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1007\/11745853_25","volume-title":"Public Key Cryptography - PKC 2006","author":"K. Lauter","year":"2006","unstructured":"Lauter, K., Mityagin, A.: Security analysis of KEA authenticated key exchange protocol. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol.\u00a03958, pp. 378\u2013394. Springer, Heidelberg (2006)"},{"key":"20_CR36","unstructured":"Le, T.V., Burmester, M., de Medeiros, B.: Universally composable and forward-secure RFID authentication and authenticated key exchange. In: Bao, F., Miller, S. (eds.) ASIACCS 2007, pp. 242\u2013252. ACM Press (March 2007)"},{"key":"20_CR37","doi-asserted-by":"crossref","unstructured":"Menezes, A., Ustaoglu, B.: Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard. In: Abe, M., Gligor, V. (eds.) ASIACCS 2008, pp. 261\u2013270. ACM Press (March 2008)","DOI":"10.1145\/1368310.1368348"},{"issue":"2","key":"20_CR38","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/s00145-009-9052-3","volume":"23","author":"P. Morrissey","year":"2010","unstructured":"Morrissey, P., Smart, N.P., Warinschi, B.: The TLS handshake protocol: A modular analysis. Journal of Cryptology\u00a023(2), 187\u2013223 (2010)","journal-title":"Journal of Cryptology"},{"key":"20_CR39","unstructured":"NIST: Security Requirements for Cryptographic Modules. Tech. Rep. FIPS 140-2, National Institute of Standards and Technology (2002)"},{"key":"20_CR40","unstructured":"NIST: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. Tech. Rep. SP 800-38B, National Institute of Standards and Technology (2007)"},{"key":"20_CR41","unstructured":"NIST: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. Tech. Rep. SP800-56A, National Institute of Standards and Technology (2007)"},{"key":"20_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/3-540-44586-2_8","volume-title":"Public Key Cryptography","author":"T. Okamoto","year":"2001","unstructured":"Okamoto, T., Pointcheval, D.: The gap-problems: A new class of problems for the security of cryptographic schemes. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol.\u00a01992, pp. 104\u2013118. Springer, Heidelberg (2001)"},{"key":"20_CR43","unstructured":"OPACITY: Reference Implementation - \n                    \n                      sourceforge.net\/projects\/opacity\/"},{"key":"20_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/978-3-540-79104-1_19","volume-title":"Information Security Practice and Experience","author":"K. Ouafi","year":"2008","unstructured":"Ouafi, K., Phan, R.C.-W.: Privacy of recent RFID authentication protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol.\u00a04991, pp. 263\u2013277. Springer, Heidelberg (2008)"},{"key":"20_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"372","DOI":"10.1007\/978-3-642-25385-0_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"K.G. Paterson","year":"2011","unstructured":"Paterson, K.G., Ristenpart, T., Shrimpton, T.: Tag size does matter: Attacks and proofs for the TLS record protocol. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol.\u00a07073, pp. 372\u2013389. Springer, Heidelberg (2011)"},{"key":"20_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1007\/978-3-642-28368-0_9","volume-title":"Cryptography and Security: From Theory to Applications","author":"K.G. Paterson","year":"2012","unstructured":"Paterson, K.G., Watson, G.J.: Authenticated-encryption with padding: A formal security treatment. In: Naccache, D. (ed.) Cryphtography and Security: From Theory to Applications. LNCS, vol.\u00a06805, pp. 83\u2013107. Springer, Heidelberg (2012)"},{"key":"20_CR47","unstructured":"Saint, E.L., Fedronic, D.L.J.: Open protocol for authentication and key establishment with privacy (July 2010)"},{"key":"20_CR48","unstructured":"Saint, E.L.: Opacity - the new open protocol of choice (August 2012), \n                    \n                      http:\/\/www.itsecurityhub.eu\/2012\/08\/opacity-the-new-open-protocol-of-choice\/"},{"key":"20_CR49","unstructured":"Saint, E.L.: Personal communication (July 2012)"},{"key":"20_CR50","unstructured":"Saint, E.L., Fedronic, D., Liu, S.: Open protocol for access control identification and ticketing with privacy (July 2011), \n                    \n                      http:\/\/www.smartcardalliance.org\/resources\/pdf\/OPACITY_Protocol_3.7.pdf"},{"key":"20_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-642-03356-8_4","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"M. Stevens","year":"2009","unstructured":"Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol.\u00a05677, pp. 55\u201369. Springer, Heidelberg (2009)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2013"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-40203-6_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,2]],"date-time":"2019-06-02T20:44:50Z","timestamp":1559508290000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-40203-6_20"}},"subtitle":["(Extended Abstract)"],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642402029","9783642402036"],"references-count":51,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-40203-6_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}