On the Security of TLS Resumption and Renegotiation

The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full handshake. The interaction and dependence of different modes may lead to some practi...

Full description

Saved in:
Bibliographic Details
Published in:China communications 2016-12, Vol.13 (12), p.176-188
Main Authors: Li, Xinyu, Xu, Jing, Zhang, Zhenfeng, Feng, Dengguo
Format: Article
Language:English
Subjects:
Analytical models
Authentication
Cryptography
Protocols
renegotiation
resumption
security model
Servers
TLS 1.2
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full handshake. The interaction and dependence of different modes may lead to some practical attacks on TLS. In 2014, Bhargavan et al. described a triple handshake attack on TLS 1.2 by exploiting the sequential running of three different modes of TLS, which can lead to a client impersonation attack after the third handshake. Subsequently, TLS 1.2 was patched with the extended master secret extension of RFC 7627 to prevent this attack. In this paper we introduce a new definition of "uniqueness" and present a renegotiable & resumable ACCE security model. We identify the triple handshake attack within the new model, and furthermore show TLS with the proposed fix can be proven secure in our model.
ISSN:1673-5447
DOI:10.1109/CC.2016.7897542