(De-)Constructing TLS 1.3

Markulf Kohlweiss, Ueli Maurer, Cristina Onete, Björn Tackmann, Daniele Venturi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

SSL/TLS is one of the most widely deployed cryptographic protocols on the Internet. It is used to protect the confidentiality and integrity of transmitted data in various client-server applications. The currently specified version is TLS 1.2, and its security has been analyzed extensively in the cryptographic literature. The IETF working group is actively developing a new version, TLS 1.3, which is designed to address several flaws inherent to previous versions.

In this paper, we analyze the security of a slightly modified version of the current TLS 1.3 draft. (We do not encrypt the server’s certificate.) Our security analysis is performed in the constructive cryptography framework. This ensures that the resulting security guarantees are composable and can readily be used in subsequent protocol steps, such as password-based user authentication over a TLS-based communication channel in which only the server is authenticated. Most steps of our proof hold in the standard model, with the sole exception that the key derivation function HKDF is used in a way that has a proof only in the random-oracle model. Beyond the technical results on TLS 1.3, this work also exemplifies a novel approach towards proving the security of complex protocols by a modular, step-by-step decomposition, in which smaller sub-steps are proved in isolation and then the security of the protocol follows by the composition theorem.
Original languageEnglish
Title of host publicationProgress in Cryptology - INDOCRYPT 2015 - 16th International Conference on Cryptology in India, Bangalore, India, December 6-9, 2015, Proceedings
PublisherSpringer
Pages85-102
Number of pages18
ISBN (Electronic)978-3-319-26617-6
ISBN (Print)978-3-319-26616-9
DOIs
Publication statusE-pub ahead of print - 28 Nov 2015
Event16th International Conference on Cryptology in India - Indian Institute of Science, Bangalore, India
Duration: 6 Dec 20159 Dec 2015
https://web.archive.org/web/20160119235508/http://indocrypt2015.org/index.php

Conference

Conference16th International Conference on Cryptology in India
Abbreviated titleIndocrypt 2015
Country/TerritoryIndia
CityBangalore
Period6/12/159/12/15
Internet address

Fingerprint

Dive into the research topics of '(De-)Constructing TLS 1.3'. Together they form a unique fingerprint.

Cite this