Sciweavers

Share
ASIACRYPT
2008
Springer

A Modular Security Analysis of the TLS Handshake Protocol

12 years 1 months ago
A Modular Security Analysis of the TLS Handshake Protocol
We study the security of the widely deployed Secure Session Layer/Transport Layer Security (TLS) key agreement protocol. Our analysis identifies, justifies, and exploits the modularity present in the design of the protocol: the application keys offered to higher level applications are obtained from a master key, which in turn is derived, through interaction, from a pre-master key. Our first contribution consists of formal models that clarify the security level enjoyed by each of these types of keys. The models that we provide fall under well established paradigms in defining execution, and security notions. We capture the realistic setting where only one of the two parties involved in the execution of the protocol (namely the server) has a certified public key, and where the same master key is used to generate multiple application keys. The main contribution of the paper is a modular and generic proof of security for the application keys established through the TLS protocol. We show t...
Paul Morrissey, Nigel P. Smart, Bogdan Warinschi
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where ASIACRYPT
Authors Paul Morrissey, Nigel P. Smart, Bogdan Warinschi
Comments (0)
books