The TLS handshake protocol: A modular analysis

Journal of Cryptology

Volumn 23, Issue 2, 2010, Pages 187-223

  Morrissey, P ^a   Smart, N P ^a   Warinschi, B ^a  

^a UNIVERSITY OF BRISTOL   (United Kingdom)

Author keywords

Provable security; SSL; TLS

Indexed keywords

HANDSHAKE PROTOCOL; KEY AGREEMENT PROTOCOL; KEY DERIVATION FUNCTION; MASTER KEY; MODULAR ANALYSIS; MULTIPLE APPLICATIONS; PROVABLE SECURITY; PUBLIC KEYS; RANDOM ORACLE; SECURE SESSION; SECURITY LEVEL; SECURITY REQUIREMENTS;

KEYS (FOR LOCKS); NETWORK PROTOCOLS; SEEBECK EFFECT; SURVEYING INSTRUMENTS;

NETWORK SECURITY;

EID: 73849111632     PISSN: 09332790     EISSN: 14321378     Source Type: Journal    
DOI: 10.1007/s00145-009-9052-3     Document Type: Article

References (37)

1. M. Abdalla, O. Chevassut, D. Pointcheval, One-time verifier-based encrypted key exchange, in Public Key Cryptography-PKC 2005. LNCS, vol. 386 (Springer, Berlin, 2005), pp. 47-64 (Pubitemid 41231325)
2. J.H. An, Y. Dodis, T. Rabin, On the security of joint signature and encryption, in Advances in Cryptology-EUROCRYPT 2002. LNCS, vol. 2332 (Springer, Berlin, 2002), pp. 83-107
3. M. Bellare, R. Canetti, H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols, in 30th Symposium on Theory of Computing-STOC 1998 (ACM, New York, 1998), pp. 419-428
4. M. Bellare, C. Namprempre, Authenticated encryption: Relations among notions and analysis of the generic composition paradigm, in Advances in Cryptology-ASIACRYPT 2000. LNCS, vol. 1976 (Springer, Berlin, 2000), pp. 531-545
5. M. Bellare, D. Pointcheval, P. Rogaway, Authenticated key exchange secure against dictionary attacks, in Advances in Cryptology-EUROCRYPT 2000. LNCS, vol. 1807 (Springer, Berlin, 2000), pp. 139-155
6. M. Bellare, P. Rogaway, Entity authentication and key distribution, in Advances in Cryptology-CRYPTO '93. LNCS, vol. 773 (Springer, Berlin, 1994), pp. 232-249
7. M. Bellare, P. Rogaway, Optimal asymmetric encryption, in Advances in Cryptology-EUROCRYPT 1994 (1994), pp. 92-111
8. M. Bellare, P. Rogaway, Provably secure session key distribution: The three party case, in 27th Symposium on Theory of Computing-STOC 1995 (ACM, New York, 1995), pp. 57-66
9. K. Bhargavan, R. Corin, C. Fournet, E. Zalinescu, Cryptographically verified implementations for TLS, in Conference on Computer and Communication Security-CCS 2008 (ACM, New York, 2008), pp. 459-468
10. R. Bird, I.S. Gopal, A. Herzberg, P.A. Janson, S. Kutten, R. Molva, M. Yung, Systematic design of two-party authentication protocols, in Advances in Cryptology-CRYPTO '91. LNCS, vol. 576 (Springer, Berlin, 1991), pp. 44-61
11. S. Blake-Wilson, D. Johnson, A.J. Menezes, Key agreement protocols and their security analysis, in Cryptography and Coding. LNCS, vol. 1355 (Springer, Berlin, 1997), pp. 30-45
12. S. Blake-Wilson, A.J. Menezes, Entity authentication and authenticated key transport protocols employing asymmetric techniques, in IWSP. LNCS, vol. 1361 (Springer, Berlin, 1998), pp. 137-158
13. D. Bleichenbacher, Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1, in Advances in Cryptology-CRYPTO '98. LNCS, vol. 1462 (Springer, Berlin, 1998), pp. 1-12
14. E. Bresson, O. Chevassut, D. Pointcheval, Provably authenticated group Diffie-Hellman key exchange-The dynamic case, in Advances in Cryptology-ASIACRYPT 2001. LNCS, vol. 2248 (Springer, Berlin, 2001), pp. 290-309
15. R. Canetti, H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels, in Advances in Cryptology-EUROCRYPT 2001. LNCS, vol. 2045 (Springer, Berlin, 2001), pp. 453-474
16. R. Canetti, H. Krawczyk, Universally composable notions of key exchange and secure channels, in Advances in Cryptology-EUROCRYPT 2002. LNCS, vol. 2332 (Springer, Berlin, 2002), pp. 337-351
17. R. Canetti, H. Krawczyk, Security analysis of IKE's signature-based key-exchange protocol, in Advances in Cryptology-CRYPTO 2002. LNCS, vol. 2442 (Springer, Berlin, 2002), pp. 143-161
18. K.-K.R. Choo, C. Boyd, Y. Hitchcock, Examining indistinguishability-based proof models for key establishment protocols, in Advances in Cryptology-ASIACRYPT 2005. LNCS, vol. 3788 (Springer, Berlin, 2005), pp. 585-604 (Pubitemid 43763497)
19. R. Cramer V. Shoup 2003 Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack SIAM J. Comput. 33 167 226 1045.94013 10.1137/S0097539702403773 2033657
20. T. Dierks, C. Allen, The TLS Protocol Version 1.0. RFC 2246, January 1999
21. T. Dierks, C. Allen, The TLS Protocol Version 1.2. RFC 4346, April 2006
22. W. Diffie P.C. van Oorschot M.J. Weiner 1992 Authentication and authenticated key exchange Des. Codes Cryptogr. 2 107 125 10.1007/BF00124891 1554494
23. A.O. Freier, P. Karlton, P.C. Kocher, The SSL Protocol Version 3.0. Internet Draft, 1996
24. P.-A. Fouque, D. Pointcheval, S. Zimmer, HMAC is a randomness extractor and applications to TLS, in AsiaCCS 2008 (ACM Press, New York, 2008), pp. 21-32
25. S. Gajek, M. Manulis, O. Pereira, A. Sadeghi, J. Schwenk, Universally composable security analysis of TLS, in Provable Security-ProvSec 2008. LNCS, vol. 5324 (Springer, Berlin, 2008), pp. 313-327
26. H. Krawczyk, SKEME: a versatile secure key exchange mechanism for Internet, in Proceedings of the 1996 Symposium of Network and Distributed System Security (SNDSS'96) (IEEE Computer Society, Los Alamitos, 1996), p. 114
27. A. Herzberg, I. Yoffe, The layered games framework for specifications and analysis of security, in LNCS, vol. 4948 (Springer, Berlin, 2008), pp. 125-141
28. K.E.B. Hickman, The SSL Protocol Version 2.0. Internet Draft, 1994
29. J. Jonsson, B. Kaliski Jr., On the security of RSA encryption in TLS, in Advances in Cryptology-CRYPTO 2002. LNCS, vol. 2442 (Springer, Berlin, 2002), pp. 127-142
30. H. Krawczyk, The order of encryption and authentication for protecting communications (or: How secure is SSL?), in Advances in Cryptology-CRYPTO 2001. LNCS, vol. 2139 (Springer, Berlin, 2001), pp. 310-331
31. C. Kudla, Special signature schemes and key agreement protocols. PhD Thesis, Royal Holloway University of London, 2006
32. C. Kudla, K. Paterson, Modular security proofs for key agreement protocols, in Advances in Cryptology-ASIACRYPT 2005. LNCS, vol. 3788 (Springer, Berlin, 2005), pp. 549-565 (Pubitemid 43763495)
33. J.C. Mitchell, V. Shmatikov, U. Stern, Finite-state analysis of SSL 3.0, in USENIX Security Symposium-SSYM 1998, 1998
34. L. Paulson 1999 Inductive analysis of the Internet protocol TLS ACM Trans. Inf. Syst. Secur. 2 3 332 351 10.1145/322510.322530
35. V. Shoup, On formal models for secure key exchange (version 4). Preprint, 1999
36. D. Wagner, B. Schneier, Analysis of the SSL 3.0 protocol, in 2nd USENIX Workshop on Electronic Commerce, 1996
37. S. Williams, The security of signcryption as a key agreement protocol. BSc Dissertation, University of Bristol, 2008