Paper 2016/087

Safely Exporting Keys from Secure Channels: On the Security of EAP-TLS and TLS Key Exporters

Chris Brzuska, Håkon Jacobsen, and Douglas Stebila

Abstract

We investigate how to safely export additional cryptographic keys from secure channel protocols, modeled with the authenticated and confidential channel establishment (ACCE) security notion. For example, the EAP-TLS protocol uses the Transport Layer Security (TLS) handshake to output an additional shared secret which can be used for purposes outside of TLS, and the RFC 5705 standard specifies a general mechanism for exporting keying material from TLS. We show that, for a class of ACCE protocols we call “TLS-like” protocols, the EAP-TLS transformation can be used to export an additional key, and that the result is a secure AKE protocol in the Bellare–Rogaway model. Interestingly, we are able to carry out the proof without looking at the specifics of the TLS protocol itself (beyond the notion that it is “TLS-like”), but rather are able to use the ACCE property in a semi black-box way. To facilitate our modular proof, we develop a novel technique, notably an encryption-based key checking mechanism that is used by the security reduction. Our results imply that EAP-TLS using secure TLS 1.2 cipher-suites is a secure authenticated key exchange protocol.

Note: Increased figure sizes, fixed typos.

Metadata
Available format(s)
PDF
Publication info
A minor revision of an IACR publication in EUROCRYPT 2016
Keywords
AKEACCEprovable securityEAP-TLSkey exporters
Contact author(s)
hakoja @ item ntnu no
History
2016-05-10: last of 3 revisions
2016-02-02: received
See all versions
Short URL
https://ia.cr/2016/087
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/087,
      author = {Chris Brzuska and Håkon Jacobsen and Douglas Stebila},
      title = {Safely Exporting Keys from Secure Channels: On the Security of {EAP}-{TLS} and {TLS} Key Exporters},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/087},
      year = {2016},
      url = {https://eprint.iacr.org/2016/087}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.