Skip to main content
SpringerLink
Log in

Universally Composable Security Analysis of TLS

  • Conference paper
Provable Security (ProvSec 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5324))

Included in the following conference series:

Abstract

We present a security analysis of the complete TLS protocol in the Universal Composable security framework. This analysis evaluates the composition of key exchange functionalities realized by the TLS handshake with the message transmission of the TLS record layer to emulate secure communication sessions and is based on the adaption of the secure channel model from Canetti and Krawczyk to the setting where peer identities are not necessarily known prior the protocol invocation and may remain undisclosed. Our analysis shows that TLS, including the Diffie-Hellman and key transport suites in the uni-directional and bi-directional models of authentication, securely emulates secure communication sessions.

A full version of this paper is available at http://eprint.iacr.org/2008/251

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol, Version 1.1. RFC 4346, IETF (2006); Proposed Standard

    Google Scholar 

  2. Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: FOCS, pp. 136–145. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  3. Canetti, R., Fischlin, M.: Universally Composable Commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.D.: Universally Composable Password-Based Key Exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Hofheinz, D., Müller-Quade, J., Steinwandt, R.: Initiator-Resilient Universally Composable Key Exchange. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 61–84. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Katz, J.: Universally Composable Multi-Party Computation Using Tamper-Proof Hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115–128. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Canetti, R., Krawczyk, H., Nielsen, J.: Relaxing Chosen-Ciphertext Security. Cryptology ePrint Archive, Report 2003/174 (2003)

    Google Scholar 

  8. Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally Composable Two-Party and Multi-Party Secure Computation. In: STOC 2002, pp. 494–503. ACM, New York (2002)

    Google Scholar 

  9. Kidron, D., Lindell, Y.: Impossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs. Cryptology ePrint Archive, Report 2007/478 (2007)

    Google Scholar 

  10. Canetti, R., Krawczyk, H.: Security Analysis of IKE’s Signature-Based Key-Exchange Protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Canetti, R., Krawczyk, H.: Universally Composable Notions of Key Exchange and Secure Channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Schneier, B., Wagner, D.: Analysis of the SSL 3.0 Protocol. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce (1996)

    Google Scholar 

  13. Bleichenbacher, D.: Chosen Ciphertext Attacks against Protocols based on the RSA Encryption Standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)

    Google Scholar 

  14. Jonsson, J., Kaliski, B.: On the Security of RSA Encryption in TLS. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 127–142. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  15. Krawczyk, H.: The Order of Encryption and Authentication for Protecting Communications (or: How Secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  16. Paulson, L.C.: Inductive Analysis of the Internet Protocol TLS. ACM Transactions on Computer and System Security 2(3), 332–351 (1999)

    Article  Google Scholar 

  17. Mitchell, J.C., Shmatikov, V., Stern, U.: Finite-State Analysis of SSL 3.0. In: Proceedings of the 7th Conference on USENIX Security Symposium, p. 16 (1998)

    Google Scholar 

  18. Ogata, K., Futatsugi, K.: Equational Approach to Formal Analysis of TLS. In: ICDCS 2005, pp. 795–804. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  19. He, C., Sundararajan, M., Datta, A., Derek, A., Mitchell, J.C.: A Modular Correctness Proof of IEEE 802.11i and TLS. In: ACM Conference on Computer and Communications Security CCS 2005, pp. 2–15. ACM, New York (2005)

    Google Scholar 

  20. Dolev, D., Yao, A.C.C.: On the Security of Public Key Protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  21. Morrissey, P., Smart, N.P., Warinschi, B.: A Modular Security Analysis of the TLS Handshake Protocol. Cryptology ePrint Archive, Report 2008/236 (2008)

    Google Scholar 

  22. Jonsson, J.: Security Proofs for the RSA-PSS Signature Scheme and Its Variants. Cryptology ePrint Archive, Report 2001/053 (2001)

    Google Scholar 

  23. Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)

    Google Scholar 

  24. Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  25. Fouque, P.A., Pointcheval, D., Zimmer, S.: HMAC is a Randomness Extractor and Applications to TLS. In: AsiaCCS 2008, pp. 21–32. ACM Press, New York (2008)

    Google Scholar 

  26. Canetti, R.: Universally Composable Signature, Certification, and Authentication. In: CSFW 2004, pp. 219–233. IEEE CS, Los Alamitos (2004), http://eprint.iacr.org/2003/239

    Google Scholar 

  27. Canetti, R., Herzog, J.: Universally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 380–403. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  28. Canetti, R., Rabin, T.: Universal Composition with Joint State. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  29. Hansen, S., Skriver, J., Nielson, H.: Using Static Analysis to Validate the SAML Single Sign-On Protocol. In: Proceedings of the 2005 Workshop on Issues in the Theory of Security (2005)

    Google Scholar 

  30. Groß, T., Pfitzmann, B., Sadeghi, A.R.: Browser Model for Security Analysis of Browser-Based Protocols. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 489–508. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  31. Groß, T., Pfitzmann, B., Sadeghi, A.R.: Proving a WS-Federation Passive Requestor Profile with a Browser Model. In: Workshop on Secure Web Services. ACM Press, New York (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ruhr University Bochum, Germany

    Sebastian Gajek, Ahmad-Reza Sadeghi & Jörg Schwenk

  2. Université Catholique de Louvain, Belgium

    Mark Manulis & Olivier Pereira

Authors
  1. Sebastian Gajek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark Manulis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Olivier Pereira
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jörg Schwenk
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Joonsang Baek

  2. Institute for Infocomm Research, 119613, Singapore

    Feng Bao

  3. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China

    Kefei Chen  & Xuejia Lai  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gajek, S., Manulis, M., Pereira, O., Sadeghi, AR., Schwenk, J. (2008). Universally Composable Security Analysis of TLS. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds) Provable Security. ProvSec 2008. Lecture Notes in Computer Science, vol 5324. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88733-1_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-88733-1_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-88732-4

  • Online ISBN: 978-3-540-88733-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation