Cryptology ePrint Archive: Report 2017/1191

Data Is a Stream: Security of Stream-Based Channels

Marc Fischlin and Felix GŁnther and Giorgia Azzurra Marson and Kenneth G. Paterson

Abstract: The common approach to defining secure channels in the literature is to consider transportation of discrete messages provided via atomic encryption and decryption interfaces. This, however, ignores that many practical protocols (including TLS, SSH, and QUIC) offer streaming interfaces instead, moreover with the complexity that the network (possibly under adversarial control) may deliver arbitrary fragments of ciphertexts to the receiver. To address this deficiency, we initiate the study of stream-based channels and their security. We present notions of confidentiality and integrity for such channels, akin to the notions for atomic channels, but taking the peculiarities of streams into account. We provide a composition result for our setting, saying that combining chosen-plaintext confidentiality with integrity of the transmitted ciphertext stream lifts confidentiality of the channel to chosen-ciphertext security. Notably, for our proof of this theorem in the streaming setting we need an additional property, called error predictability. We give an AEAD-based construction that achieves our notion of a secure stream-based channel. The construction matches rather well the one used in TLS, providing validation of that protocol's design. Finally, we study how applications that actually aim at transporting atomic messages can do so safely over a stream-based channel. We provide corresponding security notions and a generic and secure 'encode-then-stream' paradigm.

Category / Keywords: cryptographic protocols / secure channel, data stream, AEAD, confidentiality, integrity, fragmentation

Original Publication (with major differences): IACR-CRYPTO-2015

Date: received 8 Dec 2017

Contact author: guenther at cs tu-darmstadt de

Available format(s): PDF | BibTeX Citation

Version: 20171212:150118 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]