Cryptology ePrint Archive: Report 2017/161

Security Notions for Bidirectional Channels

Giorgia Azzurra Marson and Bertram Poettering

Abstract: This paper closes a definitional gap in the context of modeling cryptographic two-party channels. We note that, while most security models for channels consider exclusively unidirectional communication, real-world protocols like TLS and SSH are rather used for bidirectional interaction. The motivational question behind this paper is: Can analyses conducted with the unidirectional setting in mind--including the current ones for TLS and SSH--also vouch for security in the case of bidirectional channel usage? And, in the first place, what does security in the bidirectional setting actually mean?

After developing confidentiality and integrity notions for bidirectional channels, we analyze a standard way of combining two unidirectional channels to realize one bidirectional channel. Although it turns out that this construction is, in general, not as secure as commonly believed, we confirm that for many practical schemes security is provided also in the bidirectional sense.

Category / Keywords: cryptographic protocols / cryptographic channels, bidirectional communication, security models, TLS

Original Publication (with minor differences): IACR-FSE-2017

Date: received 19 Feb 2017, last revised 24 Feb 2017

Contact author: giorgia marson at rub de

Available format(s): PDF | BibTeX Citation

Version: 20170224:141122 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]