Attacks on re-keying and renegotiation in Key Exchange Protocols Bachelor Thesis

نویسنده

  • Rati Gelashvili
چکیده

The TLS protocol has been a subject of studies, analyses and verification attempts over the years, but a recently discovered attack against the key renegotiation in the TLS protocol underlined the need to more thoroughly study the key renegotiation phase and focus on aspects not investigated before. We study the key renegotiation phase of the TLS protocol and use formal models for automatic verification and detection of potential security flaws. The models we developed capture the vulnerability that led to the recently discovered attack against TLS. We also investigate the key renegotiation aspects of two other protocols, IKEv2 and SSH2.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Side-Channel Analysis of Keymill

One prominent countermeasure against side-channel attacks, especially differential power analysis (DPA), is fresh re-keying. In such schemes, the so-called re-keying function takes the burden of protecting a cryptographic primitive against DPA. To ensure the security of the scheme against side-channel analysis, the re-keying function has to withstand both simple power analysis (SPA) and differe...

متن کامل

Verified Contributive Channel Bindings for Compound Authentication

Compound authentication protocols, such as EAP in IKEv2 or SASL over TLS, bind application-level authentication to a transport-level authenticated channel in order to obtain strong composite authentication under weak trust assumptions. Despite their wide deployment, these protocols remain poorly understood, leading to several credential forwarding man-in-themiddle attacks. We present formal mod...

متن کامل

Proving the TLS Handshake Secure (As It Is)

The TLS Internet Standard features a mixed bag of cryptographic algorithms and constructions, letting clients and servers negotiate their use for each run of the handshake. Although many ciphersuites are now well-understood in isolation, their composition remains problematic, and yet it is critical to obtain practical security guarantees for TLS. We experimentally confirm that all mainstream im...

متن کامل

Computationally-Fair Group and Identity-Based Key-Exchange

In this work, we re-examine some fundamental group key-exchange and identity-based keyexchange protocols, specifically the Burmester-Desmedet group key-exchange protocol [7] (referred to as the BD-protocol) and the Chen-Kudla identity-based key-exchange protocol [9] (referred to as the CK-protocol). We identify some new attacks on these protocols, showing in particular that these protocols are ...

متن کامل

Collusion Attacks on Secret Keys Multiplication ( Skm ) Group Re - Keying Scheme Proposed at Cita 03

In this paper, we present collusion attacks on a very recently proposed group re-keying scheme, the Secret Keys Multiplication (SKM). Users can conspire together (collude) to obtain the private key of the trusted group controller server. This is a very serious weakness in the SKM and shows that it is not secure at all. It should therefore not be used, but should go through a major redesign.

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012