Hidden Stream Ciphers and TMTO Attacks on TLS 1.3, DTLS 1.3, QUIC, and Signal

被引：0

作者：

Mattsson, John Preuss ^{[1
]}

机构：

[1] Ericsson Res, Stockholm, Sweden

来源：

CRYPTOLOGY AND NETWORK SECURITY, CANS 2023 | 2023年 / 14342卷

关键词：

TLS; 1.3; QUIC; DTLS; Signal; Secret-key Cryptography; Key Derivation; Ratchet; Key Chain; Stream Cipher; Key Space; TMTO;

D O I：

10.1007/978-981-99-7563-1_12

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Transport Layer Security (TLS) 1.3 and the Signal protocol are very important and widely used security protocols. We show that the key update function in TLS 1.3 and the symmetric key ratchet in Signal can be modeled as non-additive synchronous stream ciphers. This means that the efficient Time Memory Tradeoff Attacks for stream ciphers can be applied. The implication is that TLS 1.3, QUIC, DTLS 1.3, and Signal offer a lower security level against TMTO attacks than expected from the key sizes. We provide detailed analyses of the key update mechanisms in TLS 1.3 and Signal, illustrate the importance of ephemeral key exchange, and show that the process that DTLS 1.3 and QUIC use to calculate AEAD limits is flawed. We provide many concrete recommendations for the analyzed protocols.

引用

页码：251 / 267

页数：17

共 34 条

[1]

[Anonymous], 2015, Agence nationale de la securite des systemes d'information: Recommendations for securing networks with IPsec

[2]

APNIC, how to: detect and prevent common data exfiltration attacks

[3]

Babbage S. H., 1995, European Convention on Security and Detection (Conf. Publ. No.408), P161, DOI 10.1049/cp:19950490

[4]

Barnes R., 2023, RFC 9420, DOI [10.17487/RFC9420, DOI 10.17487/RFC9420]

[5]

Barnes Richard., 2015, Request for Comments RFC 7624, DOI DOI 10.17487/RFC7624

[6] The Multi-user Security of Authenticated Encryption: AES-GCM in TLS 1.3 [J].

Bellare, Mihir ;

Tackmann, Bjorn .

ADVANCES IN CRYPTOLOGY - CRYPTO 2016, PT I, 2016, 9814 :247-276

[7] A More Complete Analysis of the Signal Double Ratchet Algorithm [J].

Bienstock, Alexander ;

Fairoze, Jaiden ;

Garg, Sanjam ;

Mukherjee, Pratyay ;

Raghuraman, Srinivasan .

ADVANCES IN CRYPTOLOGY - CRYPTO 2022, PT I, 2022, 13507 :784-813

[8]

Biryukov A, 2000, LECT NOTES COMPUT SC, V1976, P1

[9]

Cohn-Gordon K., 2016, Cryptology ePrint Archive, Report 2016/1013

[10]

Ekdahl P., 2021, Report 2021/236

← 1 2 3 4 →