Augmented Secure Channels and the Goal of the TLS 1.3 Record Layer
نویسندگان
چکیده
Motivated by the wide adoption of authenticated encryption and TLS, we suggest a basic channel abstraction, an augmented secure channel (ASC), that allows a sender to send a receiver messages consisting of two parts, where one is privacy-protected and both are authenticity-protected. Working in the tradition of constructive cryptography, we formalize this idea and provide a construction of this kind of channel using the lower-level tool authenticated-encryption. We look at recent proposals on TLS 1.3 and suggest that the criterion by which their security can be judged is quite simple: do they construct an ASC? Due to this precisely defined goal, we are able to give a natural construction that comes with a rigorous security proof and directly leads to a proposal on TLS 1.3 that, in addition to being provably secure, is more efficient than existing ones.
منابع مشابه
Handshaking Mechanism in E-Business Applications
Secure Session Layer (SSL) and Transport Layer Security (TLS) are the two secure layer protocols in all of current web applications on a network. This paper focuses on SSL, TLS and how handshaking mechanism has been implemented in both SSL and TLS. Further, describes about the generation of keys and certificates.
متن کامل(De-)Constructing TLS
TLS is one of the most widely deployed cryptographic protocols on the Internet; it is used to protect the confidentiality and integrity of transmitted data in various client-server protocols. Its non-standard use of cryptographic primitives, however, makes it hard to formally assess its security. It is in fact difficult to use traditional (well-understood) security notions for the key-exchange ...
متن کاملA Cryptographic Analysis of the TLS 1.3 draft-10 Full and Pre-shared Key Handshake Protocol
We analyze the handshake protocol of TLS 1.3 draft-ietf-tls-tls13-10 (published October 2015). This continues and extends our previous analysis (CCS 2015, Cryptology ePrint Archive 2015) of former TLS 1.3 drafts (draft-ietf-tls-tls13-05 and draft-ietf-tls-tls13-dh-based). Here we show that the full (EC)DHE Diffie–Hellman-based handshake of draft-10 is also secure in the multi-stage key exchange...
متن کاملUniversally Composable Security Analysis of TLS
We present a security analysis of the complete TLS protocol in the Universal Composable security framework. This analysis evaluates the composition of key exchange functionalities realized by the TLS handshake with the message transmission of the TLS record layer to emulate secure communication sessions and is based on the adaption of the secure channel model from Canetti and Krawczyk to the se...
متن کاملUniversally Composable Security Analysis of TLS - Secure Sessions with Handshake and Record Layer Protocols
We present a security analysis of the complete TLS protocol in the Universal Composablesecurity framework. This analysis evaluates the composition of key exchange functionalitiesrealized by the TLS handshake with the message transmission of the TLS record layer to em-ulate secure communication sessions and is based on the adaption of the secure channel modelfrom Canetti and Kraw...
متن کامل