On the Se­cu­ri­ty of the Pre-Shared Key Ciph­er­sui­tes of TLS

Yong Li, Sven Schä­ge, Zheng Yang, Flo­ri­an Kohlar, Jörg Schwenk

In Pro­cee­dings of the 17th In­ter­na­tio­nal Con­fe­rence on Prac­tice and Theo­ry in Pu­blic-Key Cryp­to­gra­phy (PKC), 2014

Ab­stract

TLS is by far the most im­portant pro­to­col on the in­ter­net for ne­go­tia­ting se­cu­re ses­si­on keys and pro­vi­ding au­then­ti­ca­ti­on. Only very re­cent­ly, the stan­dard ciph­er­sui­tes of TLS have been shown to pro­vi­de prov­a­b­ly se­cu­re gua­ran­tees under a new no­ti­on cal­led Au­then­ti­ca­ted and Con­fi­den­ti­al Chan­nel Es­ta­blish­ment (ACCE) in­tro­du­ced by Jager et al. at CRYP­TO'12. In this work, we ana­ly­se the va­ri­ants of TLS that make use of pre-shared keys (TLS-PSK). In va­rious en­vi­ron­ments, TLS-PSK is an in­te­res­ting al­ter­na­ti­ve for re­mo­te au­then­ti­ca­ti­on bet­ween ser­vers and cons­trained cli­ents like smart cards, for ex­amp­le for mo­bi­le phone au­then­ti­ca­ti­on, EMV-ba­sed pay­ment tran­sac­tions or au­then­ti­ca­ti­on via elec­tro­nic ID cards. First, we in­tro­du­ce a new and strong de­fi­ni­ti­on of ACCE se­cu­ri­ty that co­vers pro­to­cols with pre-shared keys. Next, we prove that all ciph­er­sui­te fa­mi­lies of TLS-PSK meet our strong no­ti­on of ACCE se­cu­ri­ty. Our re­sults do not rely on ran­dom ora­cles nor on any non-stan­dard as­sump­ti­on.

Tags: acce, prova­ble se­cu­ri­ty, TLS