Skip to main content
SpringerLink
Log in

Modelling Ciphersuite and Version Negotiation in the TLS Protocol

  • Conference paper
  • First Online:
Book cover Information Security and Privacy (ACISP 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9144))

Included in the following conference series:

Abstract

Real-world cryptographic protocols such as the widely used Transport Layer Security (TLS) protocol support many different combinations of cryptographic algorithms (called ciphersuites) and simultaneously support different versions. Recent advances in provable security have shown that most modern TLS ciphersuites are secure authenticated and confidential channel establishment (ACCE) protocols, but these analyses generally focus on single ciphersuites in isolation. In this paper we extend the ACCE model to cover protocols with many different sub-protocols, capturing both multiple ciphersuites and multiple versions, and define a security notion for secure negotiation of the optimal sub-protocol. We give a generic theorem that shows how secure negotiation follows, with some additional conditions, from the authentication property of secure ACCE protocols. Using this framework, we analyse the security of ciphersuite and three variants of version negotiation in TLS, including a recently proposed mechanism for detecting fallback attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Dierks, T., Allen, C.: The TLS protocol version 1.0. RFC 2246 (1999)

    Google Scholar 

  2. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) protocol version 1.1. RFC 4346 (2006)

    Google Scholar 

  3. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) protocol version 1.2. RFC 5246 (2008)

    Google Scholar 

  4. Freier, A.O., Karlton, P., Kocher, P.C.: The Secure Sockets Layer (SSL) protocol version 3.0. RFC 6101 (2011). Republication of original SSL 3.0 specification by Netscape of November 18, 1996

    Google Scholar 

  5. Wagner, D., Schneier, B.: Analysis of the SSL 3.0 protocol. In: Proc. 2nd USENIX Workshop on Electronic Commerce (1996)

    Google Scholar 

  6. Hickman, K.E.B.: The SSL protocol (version 0.2) (1995). http://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html

  7. Jonsson, J., Kaliski Jr., B.S.: On the security of RSA encryption in TLS. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 127–142. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  8. Morrissey, P., Smart, N.P., Warinschi, B.: A modular security analysis of the TLS handshake protocol. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 55–73. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How Secure Is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 310. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Paterson, K.G., Ristenpart, T., Shrimpton, T.: Tag size does matter: attacks and proofs for the TLS record protocol. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 372–389. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  11. Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273–293. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  12. Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: a systematic analysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 429–448. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  13. Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DH and TLS-RSA in the standard model. Cryptology ePrint Archive, Report 2013/367 (2013). http://eprint.iacr.org/2013/367

  14. Li, Y., Schäge, S., Yang, Z., Kohlar, F., Schwenk, J.: On the security of the pre-shared key ciphersuites of TLS. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 669–684. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  15. Brzuska, C., Fischlin, M., Smart, N.P., Warinschi, B., Williams, S.C.: Less is more: Relaxed yet composable security notions for key exchange. International Journal of Information Security 12, 267–297 (2013)

    Article  Google Scholar 

  16. Bhargavan, K., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.Y.: Implementing TLS with verified cryptographic security. In: 2013 IEEE Symposium on Security and Privacy, pp. 445–459. IEEE Computer Society Press (2013)

    Google Scholar 

  17. Giesen, F., Kohlar, F., Stebila, D.: On the security of TLS renegotiation. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 387–398. ACM Press (2013)

    Google Scholar 

  18. Ray, M., Dispensa, S.: Renegotiating TLS (2009) http://extendedsubset.com/Renegotiating_TLS.pdf

  19. Mavrogiannopoulos, N., Vercauteren, F., Velichkov, V., Preneel, B.: A cross-protocol attack on the TLS protocol. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM CCS 2012, pp. 62–72. ACM Press (2012)

    Google Scholar 

  20. Bergsma, F., Dowling, B., Kohlar, F., Schwenk, J., Stebila, D.: Multi-ciphersuite security of the secure shell (SSH) protocol. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 369–381. ACM Press (2014)

    Google Scholar 

  21. Bhargavan, K., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zanella-Béguelin, S.: Proving the TLS handshake secure (As It Is). In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 235–255. Springer, Heidelberg (2014)

    Google Scholar 

  22. Rescorla, E., Ray, M., Dispensa, S., Oskov, N.: Transport Layer Security (TLS) renegotiation indication extension. RFC 5746 (2010)

    Google Scholar 

  23. Möller, B., Langley, A.G.: TLS fallback Signaling Cipher Suite Value (SCSV) for preventing protocol downgrade attacks (2015). https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-05. Internet-Draft -05

  24. Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. Cryptology ePrint Archive, Report 2011/219 (2011). http://eprint.iacr.org/2011/219

  25. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  26. Dowling, B., Stebila, D.: Modelling ciphersuite and version negotiation in the TLS protocol (full version). Cryptology ePrint Archive (2015)

    Google Scholar 

  27. Rescorla, E.: The Transport Layer Security (TLS) protocol version 1.3 (2015). https://tools.ietf.org/html/draft-ietf-tls-tls13-05. Internet-Draft -05

Download references

Author information

Authors and Affiliations

  1. Queensland University of Technology, Brisbane, Australia

    Benjamin Dowling & Douglas Stebila

Authors
  1. Benjamin Dowling
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Douglas Stebila
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Benjamin Dowling .

Editor information

Editors and Affiliations

  1. Queensland University of Technology, Brisbane, Queensland, Australia

    Ernest Foo

  2. Queensland University of Technology, Brisbane, Queensland, Australia

    Douglas Stebila

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Dowling, B., Stebila, D. (2015). Modelling Ciphersuite and Version Negotiation in the TLS Protocol. In: Foo, E., Stebila, D. (eds) Information Security and Privacy. ACISP 2015. Lecture Notes in Computer Science(), vol 9144. Springer, Cham. https://doi.org/10.1007/978-3-319-19962-7_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-19962-7_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-19961-0

  • Online ISBN: 978-3-319-19962-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation