Skip to main content
SpringerLink
Log in
Book cover

Cryptographers’ Track at the RSA Conference

CT-RSA 2016: Topics in Cryptology - CT-RSA 2016 pp 55–71Cite as

From Stateless to Stateful: Generic Authentication and Authenticated Encryption Constructions with Application to TLS

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9610))

Abstract

Authentication and authenticated encryption with associated data (AEAD) are applied in cryptographic protocols to provide message integrity. The definitions in the literature and the constructions used in practice all protect against forgeries, but offer varying levels of protection against replays, reordering, and drops. As a result of the lack of a systematic hierarchy of authentication and AEAD security notions, gaps have arisen in the literature, specifically in the provable security analysis of the Transport Layer Security (TLS) protocol. We present a hierarchy of authentication and AEAD security notions, interpolating between the lowest level of protection (against forgeries) and the highest level (against forgeries, replays, reordering, and drops). We show generically how to construct higher level schemes from a basic scheme and appropriate use of sequence numbers, and apply that to close the gap in the analysis of TLS record layer encryption.

D. Stebila—Supported by the Australian Research Council (ARC) Discovery Project, grant DP130104304.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Albrecht, M.R., Paterson, K.G., Watson, G.J.: Plaintext recovery attacks against SSH. In: 2009 IEEE Symposium on Security and Privacy, pp. 16–26. IEEE Computer Society Press, May 2009

    Google Scholar 

  2. Badertscher, C., Matt, C., Maurer, U., Rogaway, P., Tackmann, B.: Augmented secure channels and the goal of the TLS 1.3 record layer. Cryptology ePrint Archive, Report 2015/394 (2015). http://eprint.iacr.org/2015/394

  3. Bellare, M., Kohno, T., Namprempre, C.: Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. In: Atluri, V. (ed.) CCS 2002, pp. 1–11. ACM Press, November 2002

    Google Scholar 

  4. Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  5. Boldyreva, A., Degabriele, J.P., Paterson, K.G., Stam, M.: Security of symmetric encryption in the presence of ciphertext fragmentation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 682–699. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  6. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2, RFC 5426 (2008). https://tools.ietf.org/html/rfc5426

  8. Fischlin, M., Günther, F., Marson, G.A., Paterson, K.G.: Data is a stream: security of stream-based channels. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 545–564. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  9. Fleischmann, E., Forler, C., Lucks, S.: McOE: a family of almost foolproof on-line authenticated encryption schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196–215. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  10. Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption: AEZ and the problem that it solves. Cryptology ePrint Archive, Report 2014/793 (2014). http://eprint.iacr.org/2014/793

  11. Hoang, V.T., Reyhanitabar, R., Rogaway, P., Vizár, D.: Online authenticated-encryption and its nonce-reuse misuse-resistance. Cryptology ePrint Archive, Report 2015/189 (2015). http://eprint.iacr.org/2015/189

  12. IEEE 802.11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (2012). http://dx.org/10.1109/IEEESTD.2012.6178212

  13. Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273–293. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  14. Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  15. Kent, S.: IP Authentication Header, RFC 4302 (2005). https://tools.ietf.org/html/rfc4302

  16. Kohno, T., Palacio, A., Black, J.: Building secure cryptographic transforms, or how to encrypt and MAC. Cryptology ePrint Archive, Report 2003/177 (2003). http://eprint.iacr.org/2003/177

  17. Krawczyk, H.: The order of encryption and authentication for protecting communications (or: how secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  18. Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: a systematic analysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 429–448. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  19. Lychev, R., Jero, S., Boldyreva, A., Nita-Rotaru, C.: How secure and quick is QUIC? Provable security and performance analyses. In: 2015 IEEE Symposium on Security and Privacy, pp. 214–231. IEEE Computer Society Press, May 2015

    Google Scholar 

  20. Maurer, U., Tackmann, B.: On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) CCS 2010, pp. 505–515. ACM Press, October 2010

    Google Scholar 

  21. Namprempre, C.: Secure channels based on authenticated encryption schemes: a simple characterization. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 515–532. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  22. Paterson, K.G., Ristenpart, T., Shrimpton, T.: Tag size Does matter: attacks and proofs for the TLS record protocol. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 372–389. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  23. Rescorla, E., Modadugu, N.: Datagram Transport Layer Security, RFC 4347 (2006). https://tools.ietf.org/html/rfc4347

  24. Rescorla, E., Modadugu, N.: Datagram Transport Layer Security Version 1.2, RFC 6347 (2012). https://tools.ietf.org/html/rfc6347

  25. Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) CCS 2002, pp. 98–107. ACM Press, November 2002

    Google Scholar 

  26. Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: CCS 2001, pp. 196–205. ACM Press, November 2001

    Google Scholar 

  27. Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  28. Shrimpton, T.: A characterization of authenticated-encryption as a form of chosen-ciphertext security. Cryptology ePrint Archive, Report 2004/272 (2004). http://eprint.iacr.org/2004/272

  29. The Chromium Projects: QUIC, a multiplexed stream transport over UDP. https://www.chromium.org/quic. Accessed 2015

Download references

Author information

Authors and Affiliations

  1. Norwegian University of Science and Technology, NTNU, Trondheim, Norway

    Colin Boyd, Britta Hale & Stig Frode Mjølsnes

  2. Queensland University of Technology, Brisbane, Australia

    Douglas Stebila

Authors
  1. Colin Boyd
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Britta Hale
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stig Frode Mjølsnes
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Douglas Stebila
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Britta Hale .

Editor information

Editors and Affiliations

  1. NEC Cloud Systems Research Laboratories, Kawasaki, Japan

    Kazue Sako

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Boyd, C., Hale, B., Mjølsnes, S.F., Stebila, D. (2016). From Stateless to Stateful: Generic Authentication and Authenticated Encryption Constructions with Application to TLS. In: Sako, K. (eds) Topics in Cryptology - CT-RSA 2016. CT-RSA 2016. Lecture Notes in Computer Science(), vol 9610. Springer, Cham. https://doi.org/10.1007/978-3-319-29485-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29485-8_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29484-1

  • Online ISBN: 978-3-319-29485-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation