Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol

Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol

Cached

Download Links

[www.isg.rhul.ac.uk]

by Kenneth G. Paterson , Thomas Ristenpart , Thomas Shrimpton

Citations:

1 - 0 self

BibTeX

@MISC{Paterson_tagsize,
    author = {Kenneth G. Paterson and Thomas Ristenpart and Thomas Shrimpton},
    title = {Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol},
    year = {}
}

Bookmark

OpenURL

Abstract

Abstract. We analyze the security of the TLS Record Protocol, a MACthen-Encode-then-Encrypt (MEE) scheme whose design targets confidentiality and integrity for application layer communications on the Internet. Our main results are twofold. First, we give a new distinguishing attack against TLS when variable length padding and short (truncated) MACs are used. This combination will arise when standardized TLS 1.2 extensions (RFC 6066) are implemented. Second, we show that when tags are longer, the TLS Record Protocol meets a new length-hiding authenticated encryption security notion that is stronger than IND-CCA. 1

Citations

484	Universally composable security: A new paradigm for cryptographic protocols - Canetti - 2005
327	The TLS protocol version 1.0 - DIERKS, ALLEN - 1999
296	A Concrete Security Treatment of Symmetric Encryption - Bellare, Desai, et al. - 1997
267	P.: Reconciling two views of cryptography (the computational soundness of formal encryption - Abadi, Rogaway - 2002
204	Analysis of key-exchange protocols and their use for building secure channels - Canetti, Krawczyk
172	Authenticated encryption: Relations among notions and analysis of the generic composition paradigm - Bellare, Namprempre
164	The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246 - Dierks, Rescorla - 2008
101	The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL - Krawczyk - 2001
67	Statistical identification of encrypted web browsing traffic - Sun, Simon, et al. - 2002
35	On Inferring Application Protocol Behaviors in Encrypted Network Traffic - WRIGHT, MONROSE, et al.
34	Password interception in a ssl/tls channel - Canvel, Hiltgen, et al. - 2003
30	Inferring the Source of Encrypted HTTP Connections - LIBERATORE, LEVINE
24	Code-based game-playing proofs and the security of triple encryption - Bellare, Rogaway
20	Security Flaws Induced by CBC Padding - application to - Vaudenay - 2002
17	Cryptographic Algorithm Implementation Requirements for Encapsulating Security - Manral
15	Spot me if you can: Uncovering spoken phrases in encrypted VoIP conversations - Wright, Ballard, et al. - 2008
13	A provable-security treatment of the key-wrap problem - Rogaway, Shrimpton - 2006
6	Traffic morphing: An efficient defense against statistical traffic analysis - Wright, Coull, et al. - 2009
5	Transport Layer Security (TLS) Extensions: Extension Definitions", RFC 6066 - Eastlake - 2011
4	Uncovering Spoken Phrases in Encrypted Voice over IP Conversations - Wright, Ballard, et al.
3	Relaxing chosen ciphertext security of encryption schemes - Canetti, Krawczyk, et al. - 2003
3	Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks - White, Matthews, et al. - 2011
2	On the Soundness of Authenticate-then-Encrypt: Formalizing the Malleability of Symmetric Encryption - Maurer, Tackmann - 2010
1	Authenticated encrytion in SSH: Provably fixing the SSH binary packet protocol - Bellare, Kohno, et al. - 2002