Key Confirmation in Key Exchange: A Formal Treatment and Implications for TLS 1.3

Proceedings - 2016 IEEE Symposium on Security and Privacy, SP 2016

Volumn , Issue , 2016, Pages 452-469

  Fischlin, Marc ^a   Gunther, Felix ^a   Schmidt, Benedikt ^b   Warinschi, Bogdan ^c  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^b IMDEA SOFTWARE INSTITUTE   (Spain)

^c UNIVERSITY OF BRISTOL   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

INTERNET PROTOCOLS; SEEBECK EFFECT;

COMMUNICATION PARTNERS; GENERIC PROTOCOLS; INTERNET ENGINEERING TASK FORCES; KEY EXCHANGE PROTOCOLS; SECURITY DEFINITIONS; SECURITY FRAMEWORKS; SECURITY PROPERTIES; TRANSPORT LAYER SECURITY PROTOCOLS;

MOBILE TELECOMMUNICATION SYSTEMS;

EID: 84987653302     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2016.34     Document Type: Conference Paper

References (32)

1. E. Barker, L. Chen, A. Regenscheid, and M. Smid. SP 800-56B. Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography. NIST Special Publication, National Institute of Standards &Technology, Aug. 2009
2. E. Barker, L. Chen, A. Roginsky, and M. Smid. SP 800-56A r2. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. NIST Special Publication, National Institute of Standards &Technology, May 2013
3. M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated key exchange secure against dictionary attacks. In B. Preneel, editor, Advances in Cryptology-EUROCRYPT 2000, volume 1807 of Lecture Notes in Computer Science, pages 139-155. Springer, Heidelberg, May 2000
4. M. Bellare and P. Rogaway. Entity authentication and key distribution. In D. R. Stinson, editor, Advances in Cryptology-CRYPTO'93, volume 773 of Lecture Notes in Computer Science, pages 232-249. Springer, Heidelberg, Aug. 1994
5. F. Bergsma, B. Dowling, F. Kohlar, J. Schwenk, and D. Stebila. Multiciphersuite security of the secure shell (SSH) protocol. In G.-J. Ahn, M. Yung, and N. Li, editors, ACM CCS 14: 21st Conference on Computer and Communications Security, pages 369-381. ACM Press, Nov. 2014
6. K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Pironti, and P.-Y. Strub. Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS. In 2014 IEEE Symposium on Security and Privacy, pages 98-113. IEEE Computer Society Press, May 2014
7. K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, and P.-Y. Strub. Implementing TLS with verified cryptographic security. In 2013 IEEE Symposium on Security and Privacy, pages 445-459. IEEE Computer Society Press, May 2013
8. S. Blake-Wilson, D. Johnson, and A. Menezes. Key agreement protocols and their security analysis. In M. Darnell, editor, Crytography and Coding, volume 1355 of Lecture Notes in Computer Science, pages 30-45. Springer Berlin Heidelberg, 1997
9. S. Blake-Wilson and A. Menezes. Authenticated Diffie-Hellman key agreement protocols (invited talk). In S. E. Tavares and H. Meijer, editors, SAC 1998: 5th Annual International Workshop on Selected Areas in Cryptography, volume 1556 of Lecture Notes in Computer Science, pages 339-361. Springer, Heidelberg, Aug. 1999
10. S. Blake-Wilson and A. Menezes. Unknown key-share attacks on the station-to-station (STS) protocol. In H. Imai and Y. Zheng, editors, PKC'99: 2nd International Workshop on Theory and Practice in Public Key Cryptography, volume 1560 of Lecture Notes in Computer Science, pages 154-170. Springer, Heidelberg, Mar. 1999
11. C. Boyd and J. Nieto. On forward secrecy in one-round key exchange. In L. Chen, editor, Cryptography and Coding, volume 7089 of Lecture Notes in Computer Science, pages 451-468. Springer Berlin Heidelberg, 2011
12. C. Brzuska. On the Foundations of Key Exchange. PhD thesis, Technische Universität Darmstadt, Darmstadt, Germany, 2013. http://tuprints.ulb.tu-darmstadt.de/3414
13. C. Brzuska, M. Fischlin, B. Warinschi, and S. C. Williams. Composability of Bellare-Rogaway key exchange protocols. In Y. Chen, G. Danezis, and V. Shmatikov, editors, ACM CCS 11: 18th Conference on Computer and Communications Security, pages 51-62. ACM Press, Oct. 2011
14. R. Canetti and H. Krawczyk. Analysis of key-exchange protocols and their use for building secure channels. In B. Pfitzmann, editor, Advances in Cryptology-EUROCRYPT 2001, volume 2045 of Lecture Notes in Computer Science, pages 453-474. Springer, Heidelberg, May 2001
15. L. Chen and C. Kudla. Identity based authenticated key agreement protocols from pairings. In 16th IEEE Computer Security Foundations Workshop (CSFW-16 2003), pages 219-233. IEEE Computer Society, June 2003
16. C. J. F. Cremers and M. Feltz. Beyond eCK: Perfect forward secrecy under actor compromise and ephemeral-key reveal. In S. Foresti, M. Yung, and F. Martinelli, editors, ESORICS 2012: 17th European Symposium on Research in Computer Security, volume 7459 of Lecture Notes in Computer Science, pages 734-751. Springer, Heidelberg, Sept. 2012
17. T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), Aug. 2008. Updated by RFCs 5746, 5878, 6176
18. B. Dowling, M. Fischlin, F. Günther, and D. Stebila. A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In I. Ray, N. Li, and C. Kruegel:, editors, ACM CCS 15: 22nd Conference on Computer and Communications Security, pages 1197-1210. ACM Press, Oct. 2015
19. B. Dowling, M. Fischlin, F. Günther, and D. Stebila. A cryptographic analysis of the TLS 1.3 draft-10 full and pre-shared key handshake protocol. Cryptology ePrint Archive, Report 2016/081, 2016. http://eprint.iacr.org/2016/081
20. EMVCo LLC. EMV ECC key establishment protocols. http://www.emvco.com/specifications.aspx?id=243, 2012
21. K. Hoeper and L. Chen. SP 800-120. Recommendation for EAP Methods Used in Wireless Network Access Authentication. NIST Special Publication, National Institute of Standards &Technology, Sept. 2009
22. T. Jager, F. Kohlar, S. Schäge, and J. Schwenk. On the security of TLSDHE in the standard model. In R. Safavi-Naini and R. Canetti, editors, Advances in Cryptology-CRYPTO 2012, volume 7417 of Lecture Notes in Computer Science, pages 273-293. Springer, Heidelberg, Aug. 2012
23. H. Krawczyk. HMQV: A high-performance secure Diffie-Hellman protocol. In V. Shoup, editor, Advances in Cryptology-CRYPTO 2005, volume 3621 of Lecture Notes in Computer Science, pages 546-566. Springer, Heidelberg, Aug. 2005
24. H. Krawczyk, K. G. Paterson, and H. Wee. On the security of the TLS protocol: A systematic analysis. In R. Canetti and J. A. Garay, editors, Advances in Cryptology-CRYPTO 2013, Part I, volume 8042 of Lecture Notes in Computer Science, pages 429-448. Springer, Heidelberg, Aug. 2013
25. B. A. LaMacchia, K. E. Lauter, and A. Mityagin. Stronger security of authenticated key exchange. In Provable Security, First International Conference, ProvSec 2007, volume 4784 of Lecture Notes in Computer Science, pages 1-16. Springer, Nov. 2007
26. A. Langley. Comment at the Real World Crypto (RWC) Workshop, New York, Jan. 2014
27. A. J. Menezes, S. A. Vanstone, and P. C. V. Oorschot. Handbook of Applied Cryptography. CRC Press, 1996
28. P. Morrissey, N. P. Smart, and B. Warinschi. The TLS handshake protocol: A modular analysis. Journal of Cryptology, 23(2):187-223, Apr. 2010
29. E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3-draft-ietf-tls-tls13-10. https://tools.ietf.org/html/draft-ietf-tls-tls13-10, Oct. 2015
30. E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3-draft-ietf-tls-tls13-11. https://tools.ietf.org/html/draft-ietf-tls-tls13-11, Dec. 2015
31. TLS Mailing List. Subject: Kill Finished (and other tricks for hardware). https://www.ietf.org/mail-archive/web/tls/current/msg12162.html, Apr. 2014
32. T. Ylonen and C. Lonvick. The Secure Shell (SSH) Protocol Architecture. RFC 4251 (Proposed Standard), Jan. 2006