Modelling ciphersuite and version negotiation in the TLS protocol

Dowling, Benjamin & Stebila, Douglas (2015) Modelling ciphersuite and version negotiation in the TLS protocol. In Foo, Ernest & Stebila, Douglas (Eds.) Information Security and Privacy [Lecture Notes in Computer Science], Springer, QUT Gardens Point, Brisbane, Australia, pp. 270-288.

View at publisher

Abstract

Real-world cryptographic protocols such as the widely used Transport Layer Security (TLS) protocol support many different combinations of cryptographic algorithms (called ciphersuites) and simultaneously support different versions. Recent advances in provable security have shown that most modern TLS ciphersuites are secure authenticated and confidential channel establishment (ACCE) protocols, but these analyses generally focus on single ciphersuites in isolation. In this paper we extend the ACCE model to cover protocols with many different sub-protocols, capturing both multiple ciphersuites and multiple versions, and define a security notion for secure negotiation of the optimal sub-protocol. We give a generic theorem that shows how secure negotiation follows, with some additional conditions, from the authentication property of secure ACCE protocols. Using this framework, we analyse the security of ciphersuite and three variants of version negotiation in TLS, including a recently proposed mechanism for detecting fallback attacks.

Impact and interest:

0 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

13 since deposited on 20 Aug 2015
4 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 86650
Item Type: Conference Paper
Refereed: Yes
Additional Information: 20th Australasian Conference, ACISP 2015, Brisbane, QLD, Australia, June 29 -- July 1, 2015, Proceedings
Additional URLs:
Keywords: Transport Layer Security (TLS), Ciphersuite negotiation, Version negotiation, Downgrade attacks, Cryptographic protocols
DOI: 10.1007/978-3-319-19962-7_16
ISBN: 9783319199610
ISSN: 0302-9743
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > DATA FORMAT (080400) > Data Encryption (080402)
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Current > Institutes > Institute for Future Environments
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Funding:
Copyright Owner: Copyright 2015 Springer International Publishing Switzerland
Copyright Statement: The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-19962-7_16
Deposited On: 20 Aug 2015 04:33
Last Modified: 03 Nov 2015 21:29

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page