Paper 2015/1150

From Stateless to Stateful: Generic Authentication and Authenticated Encryption Constructions with Application to TLS

Colin Boyd, Britta Hale, Stig Frode Mjølsnes, and Douglas Stebila

Abstract

Authentication and authenticated encryption with associated data (AEAD) are applied in cryptographic protocols to provide message integrity. The definitions in the literature and the constructions used in practice all protect against forgeries, but offer varying levels of protection against replays, reordering, and drops. As a result of the lack of a systematic hierarchy of authentication and AEAD security notions, gaps have arisen in the literature, specifically in the provable security analysis of the Transport Layer Security (TLS) protocol. We present a hierarchy of authentication and AEAD security notions, interpolating between the lowest level of protection (against forgeries) and the highest level (against forgeries, replays, reordering, and drops). We show generically how to construct higher level schemes from a basic scheme and appropriate use of sequence numbers, and apply that to close the gap in the analysis of TLS record layer encryption.

Note: Small correction to Recv and Decrypt oracle algorithms.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. CT-RSA 2016
Keywords
authenticationTransport Layer Security (TLS) protocolsecure channels
Contact author(s)
britta hale @ item ntnu no
History
2016-09-19: last of 2 revisions
2015-11-29: received
See all versions
Short URL
https://ia.cr/2015/1150
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/1150,
      author = {Colin Boyd and Britta Hale and Stig Frode Mjølsnes and Douglas Stebila},
      title = {From Stateless to Stateful: Generic Authentication and Authenticated Encryption Constructions with Application to {TLS}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/1150},
      year = {2015},
      url = {https://eprint.iacr.org/2015/1150}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.