Cryptology ePrint Archive: Report 2019/421

Continuing to reflect on TLS 1.3 with external PSK

Liliya Akhmetzyanova and Evgeny Alekseev and Ekaterina Smyshlyaeva and Alexandr Sokolov

Abstract: The TLS protocol is the main cryptographic protocol of the Internet. The work on its current version, TLS 1.3, was completed in 2018. This version differs from the previous ones and has been developed taking into account all modern principles of constructing cryptographic protocols. At the same time, even when there are security proofs in some fairly strong security model, it is important to study the possibility of extending this model and then clarifying the security limits of the protocol. In this paper, we consider in detail the restriction on the usage of post-handshake authentication in connections established on external PSK. We clarify that the certain vulnerability appears only in the case of psk_ke mode if more than a single pair of entities can possess a single PSK. We provide several practical scenarios where this condition can be easily achieved. Also we propose appropriate mitigation.

Category / Keywords: cryptographic protocols / TLS 1.3, pre-shared key, post-handshake authentication

Date: received 24 Apr 2019

Contact author: lah at cryptopro ru,alekseev@cryptopro ru

Available format(s): PDF | BibTeX Citation

Version: 20190427:184012 (All versions of this report)

Short URL: ia.cr/2019/421


[ Cryptology ePrint archive ]