{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T15:01:31Z","timestamp":1770735691100,"version":"3.49.0"},"reference-count":54,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2014,11,17]],"date-time":"2014-11-17T00:00:00Z","timestamp":1416182400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2014,11,17]]},"abstract":"<jats:p>We present a symbolic framework, based on a modular operational semantics, for formalizing different notions of compromise relevant for the design and analysis of cryptographic protocols. The framework\u2019s rules can be combined to specify different adversary capabilities, capturing different practically-relevant notions of key and state compromise. The resulting adversary models generalize the models currently used in different domains, such as security models for authenticated key exchange. We extend an existing security-protocol analysis tool, Scyther, with our adversary models. This extension systematically supports notions such as weak perfect forward secrecy, key compromise impersonation, and adversaries capable of state-reveal queries. Furthermore, we introduce the concept of a protocol-security hierarchy, which classifies the relative strength of protocols against different adversaries.<\/jats:p>\n          <jats:p>In case studies, we use Scyther to analyse protocols and automatically construct protocol-security hierarchies in the context of our adversary models. Our analysis confirms known results and uncovers new attacks. Additionally, our hierarchies refine and correct relationships between protocols previously reported in the cryptographic literature.<\/jats:p>","DOI":"10.1145\/2658996","type":"journal-article","created":{"date-parts":[[2014,11,24]],"date-time":"2014-11-24T15:29:41Z","timestamp":1416842981000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":30,"title":["Know Your Enemy"],"prefix":"10.1145","volume":"17","author":[{"given":"David","family":"Basin","sequence":"first","affiliation":[{"name":"ETH Zurich"}]},{"given":"Cas","family":"Cremers","sequence":"additional","affiliation":[{"name":"University of Oxford"}]}],"member":"320","published-online":{"date-parts":[[2014,11,17]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266977.1266978"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1049\/ip-ifs:20055073"},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the Conference on Computer Security (ESORICS\u201910)","volume":"6345","author":"Basin D."},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the 24th International Workshop on Computer Science Logic (CSL\u201910)","volume":"6247","author":"Basin D. A."},{"key":"e_1_2_1_5_1","volume-title":"Lecture Notes in Computer Science","volume":"1807","author":"Bellare M."},{"key":"e_1_2_1_6_1","volume-title":"Advances in Cruptology---CRYPTO. Lecture Notes in Computer Science","volume":"773","author":"Bellare M."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/225058.225084"},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the Selected Areas in Cryptography (SAC\u201998)","author":"Blake-Wilson S."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/872752.873511"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.1"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/1576303.1576304"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJACT.2009.023466"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368310.1368347"},{"key":"e_1_2_1_14_1","volume-title":"Proceedings of the 2nd International Workshop on Security (IWSEC). Lecture Notes in Computer Science","volume":"4752","author":"Bresson E."},{"key":"e_1_2_1_15_1","volume-title":"Advances in Cryptology---EUROCRYPT. Lecture Notes in Computer Science","volume":"2045","author":"Canetti R."},{"key":"e_1_2_1_16_1","unstructured":"CCITT. 1987. The directory authentification framework. Draft Recommendation X.509 Version 7.  CCITT. 1987. The directory authentification framework. Draft Recommendation X.509 Version 7."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/11593447_32"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30598-9_25"},{"key":"e_1_2_1_19_1","unstructured":"Clark J. and Jacob J. 1997. A survey of authentication protocol literature. http:\/\/citeseer.ist.psu.edu\/clark97survey.html.  Clark J. and Jacob J. 1997. A survey of authentication protocol literature. http:\/\/citeseer.ist.psu.edu\/clark97survey.html."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70545-1_38"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455787"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJACT.2010.038304"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966925"},{"key":"e_1_2_1_24_1","unstructured":"Cremers C. 2014. Scyther tool with compromising adversaries extension. Includes protocol description files and test scripts. http:\/\/www.cs.ox.ac.uk\/people\/cas.cremers\/scyther\/index.html.  Cremers C. 2014. Scyther tool with compromising adversaries extension. Includes protocol description files and test scripts. http:\/\/www.cs.ox.ac.uk\/people\/cas.cremers\/scyther\/index.html."},{"key":"e_1_2_1_25_1","unstructured":"Cremers C. and Feltz M. 2011. One-round strongly secure key exchange with perfect forward secrecy and deniability. Cryptology ePrint Archive Report 2011\/300. http:\/\/eprint.iacr.org\/.  Cremers C. and Feltz M. 2011. One-round strongly secure key exchange with perfect forward secrecy and deniability. Cryptology ePrint Archive Report 2011\/300. http:\/\/eprint.iacr.org\/."},{"key":"e_1_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Cremers C. and Feltz M. 2013. Beyond eCK: Perfect forward secrecy under actor compromise and ephemeral-key reveal. Des. Codes Crypt.  Cremers C. and Feltz M. 2013. Beyond eCK: Perfect forward secrecy under actor compromise and ephemeral-key reveal. Des. Codes Crypt.","DOI":"10.1007\/s10623-013-9852-1"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2006.08.034"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/111563.111567"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1103576.1103580"},{"key":"e_1_2_1_30_1","volume-title":"Proceedings of the Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (FCS-ARSPA\u201906)","author":"Gupta P."},{"key":"e_1_2_1_31_1","unstructured":"Gutmann P. Performance characteristics of application-level security protocols. Draft paper www.cs.auckland.ac.nz\/~pgut001\/pubs\/app_sec.pdf.  Gutmann P. Performance characteristics of application-level security protocols. Draft paper www.cs.auckland.ac.nz\/~pgut001\/pubs\/app_sec.pdf."},{"key":"e_1_2_1_32_1","volume-title":"Proceedings of the 17th Annual Conference on Mathematical Foundations of Programming Semantics. 141--161","author":"Guttman J. D.","year":"2001"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14577-3_33"},{"key":"e_1_2_1_34_1","volume-title":"Proceedings of the 2nd International Conference on Applied Cryptography and Network Security (ACNS\u201904)","volume":"3089","author":"Jeong I. R."},{"key":"e_1_2_1_35_1","volume-title":"Lecture Notes in Computer Science","volume":"1163","author":"Just M."},{"key":"e_1_2_1_36_1","volume-title":"Advances in Cryptology---CRYPTO. Lecture Notes in Computer Science","volume":"2729","author":"Katz J."},{"key":"e_1_2_1_37_1","volume-title":"HMQV: A high-performance secure Diffie-Hellman protocol. Cryptology ePrint Archive, Report 2005\/176","author":"Krawczyk H.","year":"2005"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/11535218_33"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/11832072_13"},{"key":"e_1_2_1_40_1","volume-title":"Proceedings of the 1st International Conference on Provable Security (ProvSec). Lecture Notes in Computer Science","volume":"4784","author":"LaMacchia B."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/11745853_25"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022595222606"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.5555\/646480.693776"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/794197.795075"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70500-0_5"},{"key":"e_1_2_1_46_1","unstructured":"Menezes A. van Oorschot P. and Vanstone S. 1996. Handbook of Applied Cryptography. CRC Press.   Menezes A. van Oorschot P. and Vanstone S. 1996. Handbook of Applied Cryptography . CRC Press."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/359657.359659"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.5555\/353677.353681"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.5555\/514702.514704"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.5555\/2958031.2958047"},{"key":"e_1_2_1_51_1","unstructured":"Shoup V. 1999. On formal models for secure key exchange (version 4). Revision of IBM Research Report RZ 3120 (April 1999).  Shoup V. 1999. On formal models for secure key exchange (version 4). Revision of IBM Research Report RZ 3120 (April 1999)."},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866349"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2012.21"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10623-007-9159-1"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2658996","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2658996","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T07:28:19Z","timestamp":1750231699000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2658996"}},"subtitle":["Compromising Adversaries in Protocol Analysis"],"short-title":[],"issued":{"date-parts":[[2014,11,17]]},"references-count":54,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2014,11,17]]}},"alternative-id":["10.1145\/2658996"],"URL":"https:\/\/doi.org\/10.1145\/2658996","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,11,17]]},"assertion":[{"value":"2013-12-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2014-07-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2014-11-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}