Handshake

About: Handshake is a research topic. Over the lifetime, 1105 publications have been published within this topic receiving 15166 citations. The topic is also known as: 🤝.

ZTLS: A DNS-based Approach to Zero Round Trip Delay in TLS handshake

Abstract: Establishing secure connections fast to end-users is crucial to online services. However, when a client sets up a TLS session with a server, the TLS handshake needs one round trip time (RTT) to negotiate a session key. Additionally, establishing a TLS session also requires a DNS lookup (e.g., the A record lookup to fetch the IP address of the server) and a TCP handshake. In this paper, we propose ZTLS to eliminate the 1-RTT latency for the TLS handshake by leveraging the DNS. In ZTLS, a server distributes TLS handshake-related data (i.e., Diffie-Hellman elements), dubbed Z-data, as DNS records. A ZTLS client can fetch Z-data by DNS lookups and derive a session key. With the session key, the client can send encrypted data along with its ClientHello, achieving 0-RTT. ZTLS supports incremental deployability on the current TLS-based infrastructure. Our prototype-based experiments show that ZTLS is 1-RTT faster than TLS in terms of the first response time.

Low-Latency Masking with Arbitrary Protection Order Based on Click Elements

Abstract: Masking is the main countermeasure against side-channel attacks due to its sound formal proof of security and the scalability of its protection parameters. However, effective masking increases the implementation complexity by requiring additional silicon area, random number generators and higher latency. Thus, reducing the masking implementation costs while conserving its robustness under side-channel attacks is a relevant branch of research in hardware security applications. Relying on the two-phase bundled-data protocol, this work presents a low-latency masking implementation with arbitrary protection order. In particular, we base our approach on the click elements to control the handshake logic, allowing us to implement asynchronous circuits using conventional synthesis tools. In this manner, we are able to obtain an effective single-cycle and protected implementation of the AES S-box requiring smaller silicon area and potentially lower power consumption compared to the state-of-the-art. Additionally, we detail the asynchronous design methodology that can be applied in different scenarios to improve the latency of secure hardware designs. Finally, we assess leakages to evaluate the robustness of our approach against side-channel attacks.

A Lightweight Encrypted Network Traffic Classification Method Based on Protocol Field and K-Nearest Neighbor

Abstract: Encrypted traffic classification is a crucial issue to be addressed with popularization and application of encryption protocols in the network. How to identify and classify encrypted traffic with high efficiency and accuracy has attracted increasing attention for reasons of network management and security. Although many deep learning methods have been reported, high complexity cannot satisfy the real-time classification requirement because of hardware and training costs. In this paper, we propose a lightweight traffic classification method for Transport Layer Security (TLS) protocol based on the Relative Distinguished Name (RDN) field information and k-nearest neighbor (KNN). A specific application is firstly identified by RDN field of TLS handshake messages. Secondly, KNN algorithm is used to classify flows of the same application into different service categories based on carefully selected spatial-temporal features. The effectiveness of the proposed method is well supported by detailed analysis. The experimental results demonstrate the good performance with high speed and precisions of 98.68%, 96.25%, 98.87%, 95.93% for VoIP, Chat, Streaming, File, respectively.