Universally Composable Security Analysis of TLS - Secure Sessions with Handshake and Record Layer Protocols
نویسندگان
چکیده
We present a security analysis of the complete TLS protocol in the Universal Composablesecurity framework. This analysis evaluates the composition of key exchange functionalitiesrealized by the TLS handshake with the message transmission of the TLS record layer to em-ulate secure communication sessions and is based on the adaption of the secure channel modelfrom Canetti and Krawczyk to the setting where peer identities are not necessarily known priorthe protocol invocation and may remain undisclosed. Our analysis shows that TLS, includingthe Diffie-Hellman and key transport suites in the uni-directional and bi-directional models ofauthentication, securely emulates secure communication sessions.
منابع مشابه
Universally Composable Security Analysis of TLS
We present a security analysis of the complete TLS protocol in the Universal Composable security framework. This analysis evaluates the composition of key exchange functionalities realized by the TLS handshake with the message transmission of the TLS record layer to emulate secure communication sessions and is based on the adaption of the secure channel model from Canetti and Krawczyk to the se...
متن کاملIdeal Key Derivation and Encryption in Simulation-Based Security
Many real-world protocols, such as SSL/TLS, SSH, IPsec, IEEE 802.11i, DNSSEC, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper we extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. We also equip this functionality with message authentication codes...
متن کاملLessons Learned From Previous SSL/TLS Attacks - A Brief Chronology Of Attacks And Weaknesses
Since its introduction in 1994 the Secure Socket Layer (SSL) protocol (later renamed to Transport Layer Security (TLS)) evolved to the de facto standard for securing the transport layer. SSL/TLS can be used for ensuring data confidentiality, integrity and authenticity during transport. A main feature of the protocol is its flexibility. Modes of operation and security aims can easily be configur...
متن کاملNotes on Transport Layer Security
This note provides a brief overview of Transport Layer Security (TLS) protocol version 1.2 which provides security for communications on the Internet. TLS, similar to its successor SSL, allows client/server applications to communicate in a way that is designed to prevent eavesdropping,tampering, or message forgery for secure communication on the Internet[1]. Block cipher and keyed-Hash Message ...
متن کاملThe Provably Secure Formal Methods for Authentication and Key Agreement Protocols
In the design and analysis of authentication and key agreement protocols, provably secure formal methods play a very important role, among which the Canetti-Krawczyk (CK) model and universal composable (UC) security model are very popular at present. This chapter focuses on these two models and consists mainly of three parts: (1) an introduction to CK model and UC models; (2) A study of these t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2008 شماره
صفحات -
تاریخ انتشار 2008