Paper 2017/161

Security Notions for Bidirectional Channels

Giorgia Azzurra Marson and Bertram Poettering


This paper closes a definitional gap in the context of modeling cryptographic two-party channels. We note that, while most security models for channels consider exclusively unidirectional communication, real-world protocols like TLS and SSH are rather used for bidirectional interaction. The motivational question behind this paper is: Can analyses conducted with the unidirectional setting in mind--including the current ones for TLS and SSH--also vouch for security in the case of bidirectional channel usage? And, in the first place, what does security in the bidirectional setting actually mean? After developing confidentiality and integrity notions for bidirectional channels, we analyze a standard way of combining two unidirectional channels to realize one bidirectional channel. Although it turns out that this construction is, in general, not as secure as commonly believed, we confirm that for many practical schemes security is provided also in the bidirectional sense.

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in FSE 2017
cryptographic channelsbidirectional communicationsecurity modelsTLS
Contact author(s)
giorgia marson @ rub de
2017-03-30: last of 2 revisions
2017-02-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Giorgia Azzurra Marson and Bertram Poettering},
      title = {Security Notions for Bidirectional Channels},
      howpublished = {Cryptology ePrint Archive, Paper 2017/161},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.