增强TLS 1.3中Early data安全性的协议

doi:10.11959/j.issn.2096-109x.2017.00224

Abstract

Abstract:

The new 0-RTT Internet key exchange was drawn on the TLS 1.3 session resumption phase,the rFSOPKE protocol was constructed,and the Early data encryption and transmission process were improved.The rFSOPKE protocol can protect the forward security of Early data and protect it from replay attacks during the validity period of the Ticket.Compared with the previous Early data transmission process,rFSOPKE greatly enhanced the security of Early data.Due to the increase in the calculation and transmission overhead of this protocol when sending Early data,the efficiency of the protocol is reduced.However,rFSOPKE can embed the appropriate algorithm according to the different application environment,so more efficient algorithms should be chosen to improve the protocol implementation speed.

Key words: 0-RTT, Early data, forward security, replay attack, rFSOPKE

CLC Number:

TP309

Xing-long ZHANG,Qing-feng CHENG,Jian-feng MA. Protocol to enhance the security of Early data in TLS 1.3[J]. Chinese Journal of Network and Information Security, 2017, 3(12): 22-30.

Figures/Tables 7

References 24

[1]	KRAWCZYK H , . HMQV:a high-performance secure Diffie-Hellman protocol[C]// The International Cryptology Conference. 2005: 546-566.
[2]	CUI Y , LI T , LIU C ,et al. Innovating transport with QUIC:design approaches and research challenges[J]. IEEE Internet Computing, 2017,21(2): 72-76.
[3]	RESCORLA E . The transport layer security(TLS)protocol version 13-draft-ietf-tls-tls13-07[DB/OL]. .
[4]	FISCHLIN M , GüNTHER F , . Multi-stage key exchange and the case of Google's QUIC protocol[C]// The ACM CCS. 2014: 1193-1204.
[5]	KRAWCZYK H , WEE H . The OPTLS protocol and TLS 13[C]// The IEEE European Symposium on Security and Privacy. 2016: 81-96.
[6]	CREMERS C , HORVAT M , SCOTT S ,et al. Automated analysis and verification of TLS 1.3:0-RTT,resumption and delayed authentication[C]// Security and Privacy. 2016: 470-485.
[7]	RESCORLA E . The transport layer security(TLS)protocol version 1.3-draft-ietf-tls-tls13-10[EB/OL]. .
[8]	FISCHLIN M , GüNTHER F , . Replay attacks on zero round-trip time:the case of the TLS 1.3 handshake candidates[C]// IEEE European Symposium on Security and Privacy. 2017: 82-113.
[9]	HALE B , JAGER T , LAUER S ,et al. Simple security definitions for and constructions of 0-RTT key exchange[C]// The International Conference on Applied Cryptography and Network Security. 2017: 20-38.
[10]	CANETTI R , HALEVI S , KATZ J . A forward-secure public-key encryption scheme[J]. Journal of Cryptology, 2007,20(3): 265-294.
[11]	POINTCHEVAL D , SANDERS O . Forward secure non-interactive key exchange[C]// The International Conference on Security and Cryptography for Networks. 2014: 21-39.
[12]	HALE B , JAGER T , LAUER S ,et al. Simple security definitions for and constructions of 0-RTT key exchange[C]// The International Conference on Applied Cryptography and Network Security. 2017: 20-38.
[13]	COHN-GORDON K , CREMERS C , GARRATT L . On postcompromise security[C]// Computer Security Foundations Symposium. 2016: 164-178.
[14]	GüNTHER F , HALE B , JAGER T ,et al. 0-RTT key exchange with full forward secrecy[C]// The International Conference on the Theory and Applications of Cryptographic Techniques. 2017: 519-548.
[15]	DELIGNAT-LAVAUD A , FOURNET C , KOHLWEISS M ,et al. Implementing and proving the TLS 1.3 record layer[C]// The 2017 Security and Privacy. 2017: 463-482.
[16]	BHARGAVAN K , BLANCHET B , KOBEISSI N . Verified models and reference implementations for the TLS 1.3 standard candidate[C]// The 2017 Security and Privacy. 2017: 402-422.
[17]	RESCORLA E . The transport layer security(TLS)protocol version 1.3-draft-ietf-tls-tls13-13[DB/OL]. .
[18]	RESCORLA E . The transport layer security(TLS)protocol version 1.3-draft-ietftls-tls13-12[DB/OL]. .
[19]	RESCORLA E . The transport layer security(TLS)protocol version 1.3-draft-ietf-tls-tls13-18[DB/OL]. .
[20]	KRAWCZYK H , . The order of encryption and authentication for protecting communications(or:how secure is SSL?)[C]// CRYPTO. 2001: 310-331.
[21]	GOLDREICH O , GOLDWASSER S , MICALI S . How to construct random functions[C]// Foundations of Computer Science. 1984: 464-479.
[22]	KRAWCZYK H , . Cryptographic extraction and key derivation:the HKDF scheme[C]// CRYPTO. 2010: 631-648.
[23]	GROTH J , . Simulation-sound NIZK proofs for a practical language and constant size group signatures[C]// The International Conference on Theory and Application of Cryptology and Information Security. 2006: 444-459.
[24]	BLAZY O , KILTZ E , PAN J . (Hierarchical) Identity-based encryption from affine message authentication[C]// The International Cryptology Conference. 2014: 408-425.

Metrics

Recommended 0

No Suggested Reading articles found!

协议	保密性	不可否认性	前向安全	抵抗重放攻击
改进前	√	√	×	×
改进后	√	√	√	√

λ	\|pk\|	\|c\|	S	\|sk\|
80	7.8 kB	160 B	2¹⁰	145.9 kB
80	7.8 kB	160 B	2¹⁶	7.88 MB
80	7.8 kB	160 B	2²⁰	125.9 MB
128	18.62 kB	256 B	2¹⁰	251.9 kB
128	18.62 kB	256 B	2¹⁶	12.64 MB
128	18.62 kB	256 B	2²⁰	201.4 MB
256	70.02 kB	512 B	2¹⁰	623.3 kB
256	70.02 kB	512 B	2¹⁶	26.17 MB
256	70.02 kB	512 B	2²⁰	417 MB

Protocol to enhance the security of Early data in TLS 1.3

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 24

Related Articles 1

Metrics

Recommended 0