Topic
Handshake
About: Handshake is a research topic. Over the lifetime, 1105 publications have been published within this topic receiving 15166 citations. The topic is also known as: 🤝.
Papers published on a yearly basis
Papers
More filters
••
07 Nov 2022
TL;DR: In this paper , the authors present the first mechanized formal analysis of privacy properties for TLS 1.3 handshake, with and without ECH, using the symbolic protocol analyzer ProVerif.
Abstract: TLS 1.3, the newest version of the Transport Layer Security (TLS) protocol, provides strong authentication and confidentiality guarantees that have been comprehensively analyzed in a variety of formal models. However, despite its controversial use of handshake meta-data encryption, the privacy guarantees of TLS 1.3 remain weak and poorly understood. For example, the protocol reveals the identity of the target server to network attackers, allowing the passive surveillance and active censorship of TLS connections. To close this gap, the IETF TLS working group is standardizing a new privacy extension called Encrypted Client Hello (ECH, previously called ESNI), but the absence of a formal privacy model makes it hard to verify that this extension works. Indeed, several early drafts of ECH were found to be vulnerable to active network attacks. In this paper, we present the first mechanized formal analysis of privacy properties for the TLS 1.3 handshake. We study all standard modes of TLS 1.3, with and without ECH, using the symbolic protocol analyzer ProVerif. We discuss attacks on ECH, some found during the course of this study, and show how they are accounted for in the latest version. Our analysis has helped guide the standardization process for ECH and we provide concrete privacy recommendations for TLS implementors. We also contribute the most comprehensive model of TLS 1.3 to date, which can be used by designers experimenting with new extensions to the protocol. Ours is one of the largest privacy proofs attempted using an automated verification tool and may be of general interest to protocol analysts.
5 citations
•
16 Jun 2015TL;DR: In this article, a load balancer proxies handshake messages to a first computer system that negotiates a cryptographically protected communications session with the client, and when the client and first computer systems complete negotiation of the session, a set of session keys are sent to a second computer system through the load-balancer or another channel.
Abstract: Cryptographically protected communications sessions are established using a distributed process. A load balancer proxies handshake messages to a first computer system that negotiates a cryptographically protected communications session with the client. When the client and first computer system complete negotiation of the session, the first computer system provides a set of session keys to a second computer system, through the load balancer or another channel. The second computer system then uses the session keys to communicate with the client over the cryptographically protected communications session.
5 citations
•
11 Apr 2008
TL;DR: In this article, a solution for establishing by a handshake procedure a group temporal key for group communication is presented, which is established by a group procedure and is a group-specific temporal key.
Abstract: The invention discloses a solution for establishing by a handshake procedure a group temporal key for group communication. The group temporal key is established by a group procedure and is a group-specific temporal key.
5 citations
••
10 Dec 2005TL;DR: To select the optimal batching parameters in terms of performance of server and durable waiting time of the client, the model the connection request with M/D/1 queue is model and the solutions of the analytical model are validated through simulation.
Abstract: Secure socket layer (SSL) is the most popular protocol to secure Internet communications. Since SSL handshake requires a large amount of computational resource, batch RSA was proposed to speedup SSL session initialization. However, the batch method is impractical since it requires a multiple of certificates. In this paper, we overcome this problem without modifying SSL protocol. To select the optimal batching parameters in terms of performance of server and durable waiting time of the client, we model the connection request with M/D/1 queue. We validate the solutions of the analytical model through simulation.
5 citations