Secure Pseudonymous Channels (updated version: August 3, 2009)

Different kinds of channels can be employed in security protocols and web services as a means of securing the communication. We consider here three basic kinds of channels: authentic, confidential, and secure.

We define channels as assumptions, i.e. when the messages of a protocol may be transmitted over such channels. More specifically, we define the Ideal Channel Model, which describes the ideal functionality of a channel, and the Cryptographic Channel Model, which employes concrete cryptographic messages on insecure channels. We relate these two models by showing that attacks in either model can be simulated in the other.

We also define the meaning of channels as goals, i.e. when a protocol has the goal of establishing a particular kind of channel. This gives rise to an interesting question: given that we have verified that a protocol P2 provides its goals under the assumption of a particular kind of channel, can we then replace the assumed channel with an arbitrary protocol P1 that provides such a channel? In general, the answer is negative, while we prove that under certain restrictions such a compositionality result is possible.

Finally, we generalize all our results to channels where agents may be identified by pseudonyms rather than by their real names, and also consider channels that ensure the freshness of messages by suppressing message replay.

A condensed version of this report has appeared in: "Computer Security - ESORICS 2009", Lecture Notes in Computer Science, Vol. 5789 (Springer / Heidelberg September 2009), pp. 337-354

By: Sebastian Moedersheim, Luca Vigano

Published in: RZ3724 in 2009


This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.


Questions about this service can be mailed to .