On the security of the TLS protocol: A systematic analysis

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 8042 LNCS, Issue PART 1, 2013, Pages 429-448

  Krawczyk, Hugo ^a   Paterson, Kenneth G ^b   Wee, Hoeteck ^c  

^a IBM RESEARCH   (United States)

^b UNIVERSITY OF LONDON   (United Kingdom)

^c GEORGE WASHINGTON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATED ENCRYPTION SCHEME; CRYPTOGRAPHIC PROTOCOLS; HANDSHAKE PROTOCOL; KEY ESTABLISHMENTS; MUTUAL AUTHENTICATION; SECURITY PROPERTIES; SERVER AUTHENTICATION; SYSTEMATIC ANALYSIS;

CRYPTOGRAPHY; SEEBECK EFFECT;

AUTHENTICATION;

EID: 84884484198     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-40041-4_24     Document Type: Conference Paper

References (44)

1. Abdalla, M., Bellare, M., Rogaway, P.: The oracle diffie-hellman assumptions and an analysis of DHIES. In: CT-RSA 2001. LNCS, vol. 2020, pp. 143-158. Springer, Heidelberg (2001) (Pubitemid 33255161)
2. AlFardan, N., Paterson, K.G.: Plaintext-recovery attacks against Datagram TLS. In: Network and Distributed System Security Symposium (NDSS 2012) (2012)
3. AlFardan, N., Paterson, K.G.: Lucky thirteen: Breaking the TLS and DTLS record protocols. In: IEEE Symposium on Security and Privacy (2013), www.isg.rhul.ac.uk/tls/Lucky13.html
4. AlFardan, N., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.: On the security of RC4 in TLS and WPA. In: USENIX Security Symposium (2013), www.isg.rhul.ac.uk/tls
5. Bard, G.V.: The vulnerability of SSL to chosen plaintext attack. IACR Cryptology ePrint Archive, 2004:11 (2004)
6. Bard, G.V.: A challenging but feasible blockwise-adaptive chosen-plaintext attack on SSL. In: SECRYPT, pp. 99-109 (2006)
7. Bardou, R., Focardi, R., Kawamoto, Y., Simionato, L., Steel, G., Tsay, J.-K.: Efficient padding oracle attacks on cryptographic hardware. In: Safavi-Naini, R. (ed.) CRYPTO 2012. LNCS, vol. 7417, pp. 608-625. Springer, Heidelberg (2012)
8. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232-249. Springer, Heidelberg (1994)
9. Bhargavan, K., Fournet, C., Corin, R., Zalinescu, E.: Verified cryptographic implementations for TLS. ACM Trans. Inf. Syst. Secur. 15(1), 3 (2012)
10. Bhargavan, K., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y.: Implementing TLS with verified cryptographic security. In: IEEE Symposium on Security and Privacy (2013), http://mitls.rocq.inria.fr/
11. Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., Moeller, B.: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security, TLS (May 2006), http://www.rfc-editor.org/rfc/rfc4492.txt
12. Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1-12. Springer, Heidelberg (1998)
13. Brzuska, C., Fischlin,M., Smart, N.,Warinschi, B.,Williams, S.: Less is more: Relaxed yet composable security notions for key exchange. Cryptology ePrint Archive, Report 2012/242 (2012)
14. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453-474. Springer, Heidelberg (2001),
15. See also Cryptology ePrint Archive, Report 2001/040
16. Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337-351. Springer, Heidelberg (2002),
17. See also Cryptology ePrint Archive, Report 2002/059
18. Canvel, B., Hiltgen, A.P.,Vaudenay, S., Vuagnoux, M.: Password Interception in a SSL/TLS Channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583-599. Springer, Heidelberg (2003)
19. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2 (August 2008), http://www.rfc-editor.org/rfc/rfc5246.txt
20. Duong, T., Rizzo, J.: Here come the ⊕ Ninjas (2011) (unpublished manuscript)
21. Duong, T., Rizzo, J.: The CRIME attack. Presentation at Ekoparty Security Conference (2012), http://www.ekoparty.org/eng/2012/juliano-rizzo.php
22. Fahl, S., Harbach, M., Muders, T., Smith, M., Baumgärtner, L., Freisleben, B.: Why Eve and Mallory love Android: An analysis of Android SSL (in)security. In: ACM CCS, pp. 50-61 (2012)
23. Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: Validating SSL certificates in non-browser software. In: ACM CCS, pp. 38-49 (2012)
24. He, C., Sundararajan, M., Datta, A., Derek, A., Mitchell, J.C.: A modular correctness proof of IEEE 802.11i and TLS. In: ACM CCS, pp. 2-15 (2005)
25. Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553-571. Springer, Heidelberg (2007)
26. Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R. (ed.) CRYPTO 2012. LNCS, vol. 7417, pp. 273-293. Springer, Heidelberg (2012)
27. Jonsson, J., Kaliski Jr., B.S.: On the security of RSA encryption in TLS. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 127-142. Springer, Heidelberg (2002)
28. Kaliski, B.: PKCS#1: RSA Encryption Version 1.5 (March 1998), http://www.rfc-editor.org/rfc/rfc2313.txt
29. Klíma, V., Pokorný, O., Rosa, T.: Attacking RSA-based sessions in SSL/TLS. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 426-440. Springer, Heidelberg (2003)
30. Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Kilian, J. (ed.) CRYPTO2001. LNCS, vol. 2139, pp. 310-331. Springer, Heidelberg (2001)
31. Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: A systematic analysis. In: Canetti, R., Garay, J. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 425-444. Springer, Heidelberg (2013);
32. Cryptology ePrint Archive, Report 2013/339
33. Mavrogiannopoulos, N., Vercauteren, F., Velichkov, V., Preneel, B.: A cross-protocol attack on the TLS protocol. In: ACM CCS, pp. 62-72 (2012)
34. Modadugu, N., Rescorla, E.: The Design and Implementation of Datagram TLS. In: NDSS. The Internet Society (2004) ISBN 1-891562-18-5, 1-891562-17-7
35. Moeller, B.: Security of CBC ciphersuites in SSL/TLS: Problems and countermeasures (May 2004) (unpublished manuscript), http://www.openssl.org/ ~bodo/tls-cbc.txt
36. Morrissey, P., Smart, N.P.,Warinschi, B.: A modular security analysis of the TLS handshake protocol. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 55-73. Springer, Heidelberg (2008)
37. Okamoto, T., Pointcheval, D.: REACT: Rapid enhanced-security asymmetric cryptosystem transform. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 159-175. Springer, Heidelberg (2001) (Pubitemid 33255162)
38. Paterson, K.G., Ristenpart, T., Shrimpton, T.: Tag size does matter: Attacks and proofs for the TLS record protocol. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 372-389. Springer, Heidelberg (2011)
39. Paulson, L.C.: Inductive analysis of the internet protocol TLS. ACM Trans. Inf. Syst. Secur. 2(3), 332-351 (1999)
40. Rescorla, E., Modadugu, N.: Datagram Transport Layer Security (April 2006), http://www.rfc-editor.org/rfc/rfc4347.txt
41. Rescorla, E., Ray, M., Dispensa, S., Oskov, N.: Transport Layer Security (TLS) Renegotiation Indication Extension. In: RFC 5746 (Proposed Standard) (February 2010), http://www.ietf.org/rfc/rfc5746.txt
42. Shoup, V.: On formal models for secure key exchange. Cryptology ePrint Archive. Report 1999/012 (1999), http://eprint.iacr.org/
43. Vaudenay, S.: Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS... In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534-546. Springer, Heidelberg (2002)
44. Wagner, D., Schneier, B.: Analysis of the SSL 3.0 protocol. In: USENIX Workshop on Electronic Commerce, pp. 29-40 (1996)