Security of TLS 1.2 The ACCE model TLS Crypto Seminar February 7, - - PowerPoint PPT Presentation

security of tls 1 2
SMART_READER_LITE
LIVE PREVIEW

Security of TLS 1.2 The ACCE model TLS Crypto Seminar February 7, - - PowerPoint PPT Presentation

Sep 12, 2022 333 likes •481 views

Security of TLS 1.2 The ACCE model TLS Crypto Seminar February 7, 2019 Joseph Jaeger UC San Diego some slides & formatting stolen from Felix Gnther February 7, 2019 | Security of TLS | TLS Crypto Seminar, Winter 2019 Quarter, UC

slide-1
SLIDE 1

Security of TLS ≤1.2

The ACCE model

TLS Crypto Seminar

February 7, 2019

Joseph Jaeger

UC San Diego

some slides & formatting stolen from Felix Günther

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 1

slide-2
SLIDE 2

Today's Plan Goal

  • What is the ACCE security model? Why was it needed for studying

TLS?

  • Dig into the details of the formalism.

Part I Background

  • Stateful Length-Hiding Authenticated Encryption
  • Authenticated Key Exchange

Part II ACCE Security Model

  • Authenticated and Confidential Channel Establishment
  • TLS 1.2 Security Results (Time Permitting)

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 2

slide-3
SLIDE 3

Background

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 3

slide-4
SLIDE 4

TLS Components

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 4

From the first lecture: Security Typically Desired:

  • Handshake Protocol = Authenticated Key Exchange
  • Record Protocol = Stateful Length Hiding Authenticated

Encryption

slide-5
SLIDE 5

Formalisms

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 5

Formalisms based on:

slide-6
SLIDE 6

sLHAE Definition

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 6

Syntax

slide-7
SLIDE 7

sLHAE Definition

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 7

Security Security Typically Desired:

  • All-in-one definition requiring left-right IND-CPA and INT-CTXT

style security

slide-8
SLIDE 8

Key Exchange Definition

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 8

Previously

slide-9
SLIDE 9

TLS Example

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 9

slide-10
SLIDE 10

ACCE

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 10

slide-11
SLIDE 11

ACCE

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 11

Main Idea:

Squish encryption and key exchange security together into single notion.

slide-12
SLIDE 12

Results

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 12

Main Result:

TLS-DHE is secure in this model

slide-13
SLIDE 13

Results

February 7, 2019 | Security of TLS| TLS Crypto Seminar, Winter 2019 Quarter, UC San Diego Joseph Jaeger 13

Main Result:

TLS-RSA is secure in this model. (Under OW-PCA assumption.) TLS-DH is secure in this model. (Under PRF-ODH assumption.) TLS would be secure in this model with CCA secure encryption

Model:

Closely related to discussed ACCE model. No client authentication. No forward security.

slide-14
SLIDE 14