Cryptology ePrint Archive: Report 2008/251

Universally Composable Security Analysis of TLS---Secure Sessions with Handshake and Record Layer Protocols

Sebastian Gajek and Mark Manulis and Olivier Pereira and Ahmad-Reza Sadeghi and Jörg Schwenk

Abstract: We present a security analysis of the complete TLS protocol in the Universal Composable security framework. This analysis evaluates the composition of key exchange functionalities realized by the TLS handshake with the message transmission of the TLS record layer to emulate secure communication sessions and is based on the adaption of the secure channel model from Canetti and Krawczyk to the setting where peer identities are not necessarily known prior the protocol invocation and may remain undisclosed. Our analysis shows that TLS, including the Diffie-Hellman and key transport suites in the uni-directional and bi-directional models of authentication, securely emulates secure communication sessions.

Category / Keywords: cryptographic protocols / Universal Composability, TLS/SSL, key exchange, secure sessions

Date: received 2 Jun 2008, last revised 3 Jul 2008

Contact author: sebastian gajek at nds rub de

Available format(s): PDF | BibTeX Citation

Version: 20080703:160600 (All versions of this report)

Short URL: ia.cr/2008/251

Discussion forum: Show discussion | Start new discussion