A Cryptographic Analysis of the TLS 1.3 Handshake Protocol-Reference-Cited by-同舟云学术

A Cryptographic Analysis of the TLS 1.3 Handshake Protocol

Published:2021-07-30 Issue:4 Volume:34 Page:
ISSN:0933-2790
Container-title:Journal of Cryptology
language:en
Short-container-title:J Cryptol

Author:

Dowling Benjamin,Fischlin Marc,Günther Felix,Stebila Douglas

Abstract

AbstractWe analyze the handshake protocol of the Transport Layer Security (TLS) protocol, version 1.3. We address both the full TLS 1.3 handshake (the one round-trip time mode, with signatures for authentication and (elliptic curve) Diffie–Hellman ephemeral ((EC)DHE) key exchange), and the abbreviated resumption/“PSK” mode which uses a pre-shared key for authentication (with optional (EC)DHE key exchange and zero round-trip time key establishment). Our analysis in the reductionist security framework uses a multi-stage key exchange security model, where each of the many session keys derived in a single TLS 1.3 handshake is tagged with various properties (such as unauthenticated versus unilaterally authenticated versus mutually authenticated, whether it is intended to provide forward security, how it is used in the protocol, and whether the key is protected against replay attacks). We show that these TLS 1.3 handshake protocol modes establish session keys with their desired security properties under standard cryptographic assumptions.

Funder

Technische Universität Darmstadt

Publisher

Springer Science and Business Media LLC

Subject

Applied Mathematics,Computer Science Applications,Software

Link

https://link.springer.com/content/pdf/10.1007/s00145-021-09384-1.pdf

Reference94 articles.

1. L. Akhmetzyanova, E. Alekseev, E. Smyshlyaeva, A. Sokolov, Continuing to reflect on TLS 1.3 with external PSK. Cryptology ePrint Archive, Report 2019/421 (2019). https://eprint.iacr.org/2019/421

2. D. Adrian, K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green, J.A. Halderman, N. Heninger, D. Springall, E. Thomé, L. Valenta, B. VanderSloot, E. Wustrow, S. Zanella-Béguelin, P. Zimmermann, Imperfect forward secrecy: How Diffie-Hellman fails in practice, in ACM CCS 15 (2015)

3. G. Arfaoui, X. Bultel, P.-A. Fouque, A. Nedelcu, C. Onete, The privacy of the TLS 1.3 protocol. PoPETs, 2019(4), 190–210 (2019). https://doi.org/10.2478/popets-2019-0065

4. N. AlFardan, D.J. Bernstein, K.G. Paterson, B. Poettering, J.C.N. Schuldt, On the security of RC4 in TLS, in Proceedings of 22nd USENIX Security Symposium, pp. 305–320. USENIX (2013)

5. M. Abdalla, M. Bellare, P. Rogaway, The oracle Diffie-Hellman assumptions and an analysis of DHIES. In David Naccache, editor, CT-RSA 2001, volume 2020 of LNCS, pp. 143–158. Springer, Heidelberg, (2001). https://doi.org/10.1007/3-540-45353-9_12

Cited by 33 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Symmetric and Dual PRFs from Standard Assumptions: A Generic Validation of a Prevailing Assumption;Journal of Cryptology;2024-08-19

2. Share with Care: Breaking E2EE in Nextcloud;2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P);2024-07-08

3. Formal Analysis of DTLS-SRTP Combined Protocol Based on Logic of Events;Applied Sciences;2024-02-22

4. User Controlled Routing Exploiting PCEPS and Inter-domain Label Switched Paths;Lecture Notes in Networks and Systems;2024

5. Faster Post-quantum TLS 1.3 Based on ML-KEM: Implementation and Assessment;Lecture Notes in Computer Science;2024