Paper 2015/652

Modelling ciphersuite and version negotiation in the TLS protocol

Benjamin Dowling and Douglas Stebila

Abstract

Real-world cryptographic protocols such as the widely used Transport Layer Security (TLS) protocol support many different combinations of cryptographic algorithms (called ciphersuites) and simultaneously support different versions. Recent advances in provable security have shown that most modern TLS ciphersuites are secure authenticated and confidential channel establishment (ACCE) protocols, but these analyses generally focus on single ciphersuites in isolation. In this paper we extend the ACCE model to cover protocols with many different sub-protocols, capturing both multiple ciphersuites and multiple versions, and define a security notion for secure negotiation of the optimal sub-protocol. We give a generic theorem that shows how secure negotiation follows, with some additional conditions, from the authentication property of secure ACCE protocols. Using this framework, we analyse the security of ciphersuite and three variants of version negotiation in TLS, including a recently proposed mechanism for detecting fallback attacks.

Note: A preliminary version of this paper appears in the proceedings of ACISP 2015. This is the full version.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. 20th Australasian Conference on Information Security and Privacy (ACISP 2015)
DOI
10.1007/978-3-319-19962-7_16
Keywords
Transport Layer Security (TLS)ciphersuite negotiationversion negotiationdowngrade attacks
Contact author(s)
b1 dowling @ qut edu au
History
2015-07-01: received
Short URL
https://ia.cr/2015/652
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2015/652,
      author = {Benjamin Dowling and Douglas Stebila},
      title = {Modelling ciphersuite and version negotiation in the {TLS} protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/652},
      year = {2015},
      doi = {10.1007/978-3-319-19962-7_16},
      url = {https://eprint.iacr.org/2015/652}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.