Paper 2019/421

Continuing to reflect on TLS 1.3 with external PSK

Liliya Akhmetzyanova, Evgeny Alekseev, Ekaterina Smyshlyaeva, and Alexandr Sokolov

Abstract

The TLS protocol is the main cryptographic protocol of the Internet. The work on its current version, TLS 1.3, was completed in 2018. This version differs from the previous ones and has been developed taking into account all modern principles of constructing cryptographic protocols. At the same time, even when there are security proofs in some fairly strong security model, it is important to study the possibility of extending this model and then clarifying the security limits of the protocol. In this paper, we consider in detail the restriction on the usage of post-handshake authentication in connections established on external PSK. We clarify that the certain vulnerability appears only in the case of psk_ke mode if more than a single pair of entities can possess a single PSK. We provide several practical scenarios where this condition can be easily achieved. Also we propose appropriate mitigation.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. Minor revision.
Keywords
TLS 1.3pre-shared keypost-handshake authentication
Contact author(s)
lah @ cryptopro ru
alekseev @ cryptopro ru
History
2019-04-27: received
Short URL
https://ia.cr/2019/421
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/421,
      author = {Liliya Akhmetzyanova and Evgeny Alekseev and Ekaterina Smyshlyaeva and Alexandr Sokolov},
      title = {Continuing to reflect on TLS 1.3 with external PSK},
      howpublished = {Cryptology ePrint Archive, Paper 2019/421},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/421}},
      url = {https://eprint.iacr.org/2019/421}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.