ABSTRACTEﬃcient Cryptographic Protocols Preventing “Man-in-the-Middle” AttacksJonathan KatzIn the analysis of many cryptographic protocols, it is useful to distinguish two classes of attacks:
in which an adversary eavesdrops on messages sent between honest users and
(i.e., “man-in-the-middle” attacks) in which — in addition to eavesdropping — the adversaryinserts, deletes, or arbitrarily modiﬁes messages sent from one user to another. Passive attacksare well characterized (the adversary’s choices are inherently limited) and techniques for achievingsecurity against passive attacks are relatively well understood. Indeed, cryptographers have longfocused on methods for countering passive eavesdropping attacks, and much work in the 1970’s and1980’s has dealt with formalizing notions of security and providing provably-secure solutions forthis setting. On the other hand, active attacks are not well characterized and precise modeling hasbeen diﬃcult. Few techniques exist for dealing with active attacks, and designing practical protocolssecure against such attacks remains a challenge.This dissertation considers active attacks in a variety of settings and provides new, provably-secure protocols preventing such attacks. Proofs of security are in the standard cryptographic modeland rely on well-known cryptographic assumptions. The protocols presented here are
, and may ﬁnd application in real-world systems.