A cryptographic analysis of the TLS 1.3 handshake protocol candidates

Proceedings of the ACM Conference on Computer and Communications Security

Volumn 2015-October, Issue , 2015, Pages 1197-1210

  Dowling, Benjamin ^a   Fischlin, Marc ^b   Günther, Felix ^b   Stebila, Douglas ^a  

^a QUEENSLAND UNIVERSITY OF TECHNOLOGY   (Australia)

^b DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

Author keywords

Composition; Key exchange; Protocol analysis; Transport Layer Security (TLS)

Indexed keywords

CHEMICAL ANALYSIS; CRYPTOGRAPHY; SEEBECK EFFECT; STANDARDIZATION;

AUTHENTICATED KEY EXCHANGE; COMPOSITIONAL ANALYSIS; INTERNET ENGINEERING TASK FORCES; KEY EXCHANGE; PROTOCOL ANALYSIS; STANDARDIZATION PROCESS; TRANSPORT LAYER SECURITY; TRANSPORT LAYER SECURITY PROTOCOLS;

INTERNET PROTOCOLS;

EID: 84954140761     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2810103.2813653     Document Type: Conference Paper

References (27)

1. D. Adrian, K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green, J. A. Halderman, N. Heninger, D. Springall, E. Thomé;, L. Valenta, B. VanderSloot, E. Wustrow, S. Zanella-Bé;guelin, and P. Zimmermann. Imperfect forward secrecy: How Diffie-Hellman fails in practice. In ACM CCS 15, 2015.
2. N. AlFardan, D. J. Bernstein, K. G. Paterson, B. Poettering, and J. C. N. Schuldt. On the security of RC4 in TLS. In Proc. 22nd USENIX Security Symposium, pages 305-320, 2013.
3. N. J. AlFardan and K. G. Paterson. Lucky thirteen: Breaking the TLS and DTLS record protocols. In 2013 IEEE Symposium on Security and Privacy, pages 526-540, 2013.
4. J. Altman, N. Williams, and L. Zhu. Channel Bindings for TLS. RFC 5929 (Proposed Standard), 2010.
5. C. Badertscher, C. Matt, U. Maurer, P. Rogaway, and B. Tackmann. Augmented secure channels and the goal of the TLS 1.3 record layer. Cryptology ePrint Archive, Report 2015/394, 2015. http://eprint.iacr.org/2015/394.
6. M. Bellare and P. Rogaway. Entity authentication and key distribution. In CRYPTO'93, pages 232-249, 1994.
7. B. Beurdouche, K. Bhargavan, A. Delignat-Levaud, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, and J. K. Zinzindohoue. A messy state of the union: Taming the composite state machines of TLS. In Proc. IEEE Symp. on Security & Privacy (S&P) 2015, pages 535-552, 2015.
8. K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Pironti, and P.-Y. Strub. Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS. In 2014 IEEE Symposium on Security and Privacy, pages 98-113, 2014.
9. K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, and P.-Y. Strub. Implementing TLS with verified cryptographic security. In 2013 IEEE Symposium on Security and Privacy, pages 445-459, 2013.
10. K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, and S. Zanella Bé;guelin. Proving the TLS handshake secure (as it is). In CRYPTO 2014, Part II, pages 235-255, 2014.
11. C. Brzuska. On the Foundations of Key Exchange. PhD thesis, Technische Universität Darmstadt, Darmstadt, Germany, 2013. http://tuprints.ulb.tu-darmstadt.de/3414/.
12. C. Brzuska, M. Fischlin, B. Warinschi, and S. C. Williams. Composability of Bellare-Rogaway key exchange protocols. In ACM CCS 11, pages 51-62, 2011.
13. R. Canetti and H. Krawczyk. Security analysis of IKE's signature-based key-exchange protocol. In CRYPTO 2002, pages 143-161, 2002. http://eprint.iacr.org/2002/120/.
14. Codenomicon. The Heartbleed bug. http://heartbleed.com, 2014.
15. B. Dowling, M. Fischlin, F. Günther, and D. Stebila. A cryptographic analysis of the TLS 1.3 handshake protocol candidates (full version). Cryptology ePrint Archive, 2015. http://eprint.iacr.org/.
16. T. Duong. BEAST. http://vnhacker.blogspot.com.au/2011/09/beast.html, 2011.
17. M. Fischlin and F. Günther. Multi-stage key exchange and the case of Google's QUIC protocol. In ACM CCS 14, pages 1193-1204, 2014.
18. C. Fournet, M. Kohlweiss, and P.-Y. Strub. Modular code-based cryptographic verification. In ACM CCS 11, pages 341-350, 2011.
19. T. Jager, F. Kohlar, S. Schäge, and J. Schwenk. On the security of TLS-DHE in the standard model. In CRYPTO 2012, pages 273-293, 2012.
20. S. Josefsson. Channel bindings for TLS based on the PRF. https://tools.ietf.org/html/draft-josefsson-sasl-tls-cb-03, 2015.
21. M. Kohlweiss, U. Maurer, C. Onete, B. Tackmann, and D. Venturi. (de-)constructing TLS. Cryptology ePrint Archive, Report 2014/020, 2014. http://eprint.iacr.org/2014/020.
22. H. Krawczyk. Cryptographic extraction and key derivation: The HKDF scheme. In CRYPTO 2010, pages 631-648, 2010.
23. H. Krawczyk, K. G. Paterson, and H. Wee. On the security of the TLS protocol: A systematic analysis. In CRYPTO 2013, Part I, pages 429-448, 2013.
24. B. Möller, T. Duong, and K. Kotowicz. This POODLE bites: Exploiting the SSL 3.0 fallback. https://www.openssl.org/~bodo/ssl-poodle.pdf, 2014.
25. E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3-draft-ietf-tls-tls13-05. https://tools.ietf.org/html/draft-ietf-tls-tls13-05, 2015.
26. E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3-draft-ietf-tls-tls13-07. https://tools.ietf.org/html/draft-ietf-tls-tls13-07, 2015.
27. E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3-draft-ietf-tls-tls13-dh-based. https://github.com/ekr/tls13-spec/blob/ietf92-materials/draft-ietf-tls-tls13-dh-based.txt, 2015.