Handshake

About: Handshake is a research topic. Over the lifetime, 1105 publications have been published within this topic receiving 15166 citations. The topic is also known as: 🤝.

An SDN-based approach to enhance the end-to-end security: SSL/TLS case study

Abstract: End-to-end encryption is becoming the norm for many applications and services. While this improves privacy of individuals and organizations, the phenomenon also raises new kinds of challenges. For instance, with the increase of devices using encryption, the volumes of outdated, exploitable encryption software also increases. This may create some distrust amongst the users against security unless its quality is enforced in some ways. Unfortunately, deploying new mechanisms at the end-points of the communication is challenging due to the sheer volume of devices, and modifying the existing services may not be feasible either. Hence, we propose a novel method for improving the quality of the secure sessions in a centralized way based on the SDN architecture. Instead of inspecting the encrypted traffic, our approach enhances the quality of secure sessions by analyzing the plaintext handshake messages exchanged between a client and server. We exploit the fact that many of today's security protocols negotiate the security parameters such as the protocol version, encryption algorithms or certificates in plaintext in a protocol handshake before establishing a secure session. By verifying the negotiated information in the handshake, our solution can improve the security level of SSL/TLS sessions. While the approach can be extended to many other protocols, we focus on the SSL/TLS protocol in this paper because of its wide-spread use. We present our implementation for the OpenDaylight controller and evaluate its overhead to SSL/TLS session establishment in terms of latency.

Development of a handshake request motion model based on analysis of handshake motion between humans

Abstract: A handshake is an embodied interaction to display closeness using physical contact. In the case of a handshake between a human and a robot, robots can now smoothly communicate and coexist with humans without eliciting feelings of aversion in humans. To enable such a handshake, we proposed a model that simulates a handshake approach motion by analyzing the human-human handshake motion. With this model, a robot generates a handshake motion when a handshake is requested by a human. However, embodied interaction between a human and a robot can be promoted if, instead, a robot requests a handshake from a human. Therefore, in this paper, we propose a handshake request motion model with which a robot requests humans for a handshake. In this model, a robot stretches its hand out to a human to request a handshake. Furthermore, a gaze presentation is generated based on the analysis of the handshake between humans. A handshake robot system with the proposed model is developed, and the effectiveness of the model is experimentally demonstrated.

Adapting TLS handshake protocol for heterogenous IP-based WSN using identity based cryptography

Abstract: IP-based Wireless Sensor Networks (IP-based WSNs) combine IPv6 technology with WSNs to create a global sensor network infrastructure. However, wireless radio access and Internet connectivity make end-to-end security urgently needed by security critical WSN applications. Transport Layer Security (TLS) is considered as a suitable solution to ensure such security. However, the certificate-based mechanism used by the TLS handshake protocol has a complex certificate management overhead and long handshake latency. Identity Based Cryptography (IBC) provides a viable alternative to the use of certificates. In this paper, we propose two improved TLS handshake protocols for IP-based WSNs using IBC. The first uses IBC and Elliptic curve Diffie Hellman (ECDH) protocol for key exchange and agreement while the second uses a variant of IBC based on Elliptic Curve Cryptography (ECC) and bilinear pairing. Security analysis shows that improved TLS ensures security requirements for IP-based WSN. AVISPA tool is used to validate the proposed improvements. In addition, performance analysis shows that TLS handshake protocol using IBC gives better performance in terms of latency and energy consumption.

Proving the TLS Handshake Secure (as it is).

Abstract: The TLS Internet Standard features a mixed bag of cryptographic algorithms and constructions, letting clients and servers negotiate their use for each run of the handshake. Although many ciphersuites are now well-understood in isolation, their composition remains problematic, and yet it is critical to obtain practical security guarantees for TLS. We experimentally confirm that all mainstream implementations of TLS share key materials between different algorithms, some of them of dubious strength. We outline attacks in their handling of resumption and renegotiation, stressing the need to model multiple related instances of the handshake. We study the provable security of the TLS handshake, as it is implemented and deployed. To capture the details of the standard and its main extensions, we rely on miTLS, a verified reference implementation of the protocol. miTLS inter-operates with mainstream browsers and servers for many protocol versions, configurations, and ciphersuites; and it provides application-level, provable security for some. We propose new agile security definitions and assumptions for the signatures, key encapsulation mechanisms (KEM), and key derivation algorithms used by the TLS handshake. By necessity, our definitions are stronger than those expected with simple modern protocols. To validate our model of key encapsulation, we prove that both RSA and Diffie-Hellman ciphersuites satisfy our definition for the KEM. In particular, we formalize the use of PKCS#1v1.5 encryption in TLS, including recommended countermeasures against Bleichenbacher attacks, and build a 3,000-line EasyCrypt proof of the security of the resulting master secret KEM against replayable chosen-ciphertext attacks under the assumption that ciphertexts are hard to re-randomize. Based on our new agile definitions, we construct a modular proof of security for the miTLS reference implementation of the handshake, including ciphersuite negotiation, key exchange, renegotiation, and resumption, treated as a detailed 3,600-line executable model. We present our main definitions, constructions, and proofs for an abstract model of the protocol, featuring series of related runs of the handshake with different ciphersuites. We also describe its refinement to account for the whole reference implementation, based on automated verification tools.

Fast-Track Session Establishment for {TLS}

Abstract: We propose a new, “fast-track” handshake mechanism for TLS. A fast-track client caches a server’s public parameters and negotiated parameters in the course of an initial, enabling handshake. These parameters need not be resent on subsequent handshakes. The new mechanism reduces both network traffic and the number of round trips, and requires no additional server state. These savings are most useful in high latency environments such as wireless networks. We include a rollback mechanism to allow a server to gracefully revert to an ordinary TLS handshake when needed. Our design is fully backwards compatible: fast-track clients can interoperate with servers unaware of fast-track and vise versa. We have implemented our proposal to demonstrate the savings in network traffic and round trips.