Session Resumption Protocols and Efficient Forward Security for TLS 1.3 0-RTT

Nimrod Aviram; Kai Gellert; Tibor Jager

doi:10.1007/s00145-021-09385-0

Session Resumption Protocols and Efficient Forward Security for TLS 1.3 0-RTT

Journal of Cryptology ◽

10.1007/s00145-021-09385-0 ◽

2021 ◽

Vol 34 (3) ◽

Author(s):

Nimrod Aviram ◽

Kai Gellert ◽

Tibor Jager

Keyword(s):

Application Layer ◽

Forward Security ◽

Server Side ◽

Pseudorandom Functions ◽

Trip Time ◽

Replay Attacks ◽

Generic Composition ◽

Generic Construction ◽

New Construction ◽

Reasonable Choice

AbstractThe TLS 1.3 0-RTT mode enables a client reconnecting to a server to send encrypted application-layer data in “0-RTT” (“zero round-trip time”), without the need for a prior interactive handshake. This fundamentally requires the server to reconstruct the previous session’s encryption secrets upon receipt of the client’s first message. The standard techniques to achieve this are session caches or, alternatively, session tickets. The former provides forward security and resistance against replay attacks, but requires a large amount of server-side storage. The latter requires negligible storage, but provides no forward security and is known to be vulnerable to replay attacks. In this paper, we first formally define session resumption protocols as an abstract perspective on mechanisms like session caches and session tickets. We give a new generic construction that provably provides forward security and replay resilience, based on puncturable pseudorandom functions (PPRFs). We show that our construction can immediately be used in TLS 1.3 0-RTT and deployed unilaterally by servers, without requiring any changes to clients or the protocol. To this end, we present a generic composition of our new construction with TLS 1.3 and prove its security. This yields the first construction that achieves forward security for all messages, including the 0-RTT data. We then describe two new constructions of PPRFs, which are particularly suitable for use for forward-secure and replay-resilient session resumption in TLS 1.3. The first construction is based on the strong RSA assumption. Compared to standard session caches, for “128-bit security” it reduces the required server storage by a factor of almost 20, when instantiated in a way such that key derivation and puncturing together are cheaper on average than one full exponentiation in an RSA group. Hence, a 1 GB session cache can be replaced with only about 51 MBs of storage, which significantly reduces the amount of secure memory required. For larger security parameters or in exchange for more expensive computations, even larger storage reductions are achieved. The second construction combines a standard binary tree PPRF with a new “domain extension” technique. For a reasonable choice of parameters, this reduces the required storage by a factor of up to 5 compared to a standard session cache. It employs only symmetric cryptography, is suitable for high-traffic scenarios, and can serve thousands of tickets per second.

Download Full-text

A Highly Efficient ECC-Based Authentication Protocol for RFID

Journal of Sensors ◽

10.1155/2021/8876766 ◽

2021 ◽

Vol 2021 ◽

pp. 1-16

Author(s):

Hasnae Lamrani Alaoui ◽

Abdellatif El Ghazi ◽

Mustapha Zbakh ◽

Abdellah Touhafi ◽

An Braeken

Keyword(s):

Power Systems ◽

Radio Frequency Identification ◽

Mutual Authentication ◽

Healthcare Management ◽

Security Measures ◽

Security Attacks ◽

Forward Security ◽

Server Side ◽

Rfid Systems ◽

Frequency Identification

The availability of safety has always been a challenge in all fields of computing and networking, and the development of reliable security measures for low operating power systems has been a continuous task for researchers. This paper focuses on Radio Frequency Identification (RFID) systems, whose market is tremendously growing due to the increasing need for efficient supply chain and healthcare management. Two protocols are proposed that offer mutual authentication, confidentiality, forward security, anonymity, unlinkability, scalability, and resistance against the most important security attacks. They differ in storage requirements at the server side. Both proposed protocols are very efficient as the number of required elliptic curve multiplications is limited to two at the tag side. Moreover, the schemes are also more effective and secure than other related work presented in literature. In addition, we show how to extend the protocols in order to provide authentication with respect to multiple readers.

Download Full-text

An XGB-Based Reliable Transmission Method in the mMTC Scenarios

Security and Communication Networks ◽

10.1155/2021/9929051 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Tongyi Zheng ◽

Lei Ning ◽

Qingsong Ye ◽

Fan Jin

Keyword(s):

Internet Of Things ◽

Wireless Systems ◽

Application Layer ◽

Transmission Method ◽

Machine Type ◽

Fifth Generation ◽

Trip Time ◽

Time Out ◽

Machine Type Communications ◽

And Performance

Massive machine-type communications (mMTCs) for Internet of things are being developed thanks to the fifth-generation (5G) wireless systems. Narrowband Internet of things (NB-IoT) is an important communication technology for machine-type communications. It supports many different protocols for communication. The reliability and performance of application layer communication protocols are greatly affected by the retransmission time-out (RTO) algorithm. In order to improve the reliability and performance of machine-type communications, this study proposes a novel RTO algorithm UDP-XGB based on the user datagram protocol (UDP) and NB-IoT. It combines traditional algorithms with machine learning. The simulation results show that real round-trip time (RTT) is close to the RTO, which is obtained by this algorithm, and the reliability and performance of machine-type communications have improved.

Download Full-text

Website Fingerprinting Defenses at the Application Layer

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2017-0023 ◽

2017 ◽

Vol 2017 (2) ◽

pp. 186-203 ◽

Cited By ~ 13

Author(s):

Giovanni Cherubin ◽

Jamie Hayes ◽

Marc Juarez

Keyword(s):

The Other ◽

Prior Work ◽

Traffic Patterns ◽

Application Layer ◽

Web Servers ◽

Server Side ◽

Passive Network ◽

Tor Network ◽

Client Side

Abstract Website Fingerprinting (WF) allows a passive network adversary to learn the websites that a client visits by analyzing traffic patterns that are unique to each website. It has been recently shown that these attacks are particularly effective against .onion sites, anonymous web servers hosted within the Tor network. Given the sensitive nature of the content of these services, the implications of WF on the Tor network are alarming. Prior work has only considered defenses at the client-side arguing that web servers lack of incentives to adopt countermeasures. Furthermore, most of these defenses have been designed to operate on the stream of network packets, making practical deployment difficult. In this paper, we propose two application-level defenses including the first server-side defense against WF, as .onion services have incentives to support it. The other defense is a lightweight client-side defense implemented as a browser add-on, improving ease of deployment over previous approaches. In our evaluations, the server-side defense is able to reduce WF accuracy on Tor .onion sites from 69.6% to 10% and the client-side defense reduces accuracy from 64% to 31.5%.

Download Full-text

A Defensive OTP-Based Mechanism against Application Layer DDoS Attacks

Key Engineering Materials ◽

10.4028/www.scientific.net/kem.480-481.769 ◽

2011 ◽

Vol 480-481 ◽

pp. 769-774

Author(s):

Xi Ye ◽

Wu Shao Wen ◽

Yi Ru Ye

Keyword(s):

Web Server ◽

Intermediate Stage ◽

Time Interval ◽

Brute Force ◽

Ddos Attacks ◽

Application Layer ◽

Authentication Mechanism ◽

Client Software ◽

Replay Attacks ◽

Brute Force Attack

In this paper, we present the design and implementation of OTP-DEF, a kernel extension to protect web servers against application layer DDoS attacks. OTP-DEF provides authentication by using OTP-based tests, which is different from other systems that use graphical tests. First of all, according to the load of web server, an OTP-DEF web-server should fall into one of three following modes: normal, suspected attack or confirmed attack mode, and the OTP-DEF authentication mechanism shall only be activated when web-server is in suspected attack mode. Secondly, we use OTP as our puzzle, which can automatically change at the certain time interval. It makes our proposal can defend socially-engineered attack, copy attacks, replay attacks and Brute-Force Attack. Thirdly, OTP-DEF uses an intermediate stage to identify the IP addresses that ignore the test, and persistently bombard the server with requests despite repeated failures at solving the puzzles. These machines are zombies because their intent is to congest the server. Once these machines are identified, OTP-DEF blocks their requests, turns the tests off, and allows access to legitimate users who are unable or unwilling to solve tests. Finally, OTP-DEF requires no modifications to client software.

Download Full-text

Oscillation-Free Video Adaptation at Application Layer on Server Side and Experiments Using DCCP

The Computer Journal ◽

10.1093/comjnl/bxt066 ◽

2013 ◽

Vol 57 (8) ◽

pp. 1195-1210 ◽

Cited By ~ 1

Author(s):

W. Ramadan ◽

E. Dedu ◽

J. Bourgeois

Keyword(s):

Video Adaptation ◽

Application Layer ◽

Server Side

Download Full-text

Constructions of Beyond-Birthday Secure PRFs from Random Permutations, Revisited

Entropy ◽

10.3390/e23101296 ◽

2021 ◽

Vol 23 (10) ◽

pp. 1296

Author(s):

Jiehui Nan ◽

Ping Zhang ◽

Honggang Hu

Keyword(s):

Slight Modification ◽

Random Permutation ◽

Variable Length ◽

Random Permutations ◽

Pseudorandom Functions ◽

New Construction ◽

Beyond Birthday Bound

In CRYPTO 2019, Chen et al. showed how to construct pseudorandom functions (PRFs) from random permutations (RPs), and they gave one beyond-birthday secure construction from sum of Even-Mansour, namely SoEM22 in the single-key setting. In this paper, we improve their work by proving the multi-key security of SoEM22, and further tweaking SoEM22 but still preserving beyond birthday bound (BBB) security. Furthermore, we use only one random permutation to construct parallelizable and succinct beyond-birthday secure PRFs in the multi-key setting, and then tweak this new construction. Moreover, with a slight modification of our constructions of tweakable PRFs, two parallelizable nonce based MACs for variable length messages are obtained.

Download Full-text

Coap based Congestion Control Mechanism For Low Power Iot Networks

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.j9114.0881019 ◽

2019 ◽

Vol 8 (10) ◽

pp. 958-962

Keyword(s):

Congestion Control ◽

Control Mechanism ◽

Protocol Stack ◽

Application Layer ◽

Round Trip ◽

Trip Time ◽

Time Out ◽

Simple Change ◽

Congestion Control Mechanism ◽

Better Than

Internet of Things has billions of connected devices into internet. CoAP is a Constrained Protocol used in application layer of IoT Protocol Stack. CoAP is running on top of User Datagram Protocol (UDP), which means that, there is no possibility of congestion control in it, so CoAP is responsible for Congestion control mechanism. UDP has no knowledge on congestion control. IoT has significant resource constraint, due to this there are lots of design challenges in IoT network. This paper proposes a simple change in the CoAP protocol named CoCoA (CoAP Simple Congestion Control / Advance). CoCoA introduces novel Round Trip Time (RTT), VBF (Variable Back off Factor) and aging mechanism to calculate the dynamic and controlled Retransmission Time Out (RTO) for IoT Networks. This paper compared with the existing all the congestion control mechanism and the implementation result shows that the proposed mechanism is better than the existing mechanism in terms of throughput, power consumption, memory foot print and fairness index.

Download Full-text

Perancangan Client Server Three Tier Pada Pembangunan Web Service Anggota Perpustakaan Universitas Muhammadiyah Bengkulu

Journal of Technopreneurship and Information System (JTIS) ◽

10.36085/jtis.v2i2.355 ◽

2019 ◽

Vol 2 (2) ◽

pp. 68-73

Author(s):

Cahyo Prihantoro ◽

Harry Witriyono

Keyword(s):

Information System ◽

System Development ◽

Application Layer ◽

Client Server ◽

Server Side ◽

Data Usage ◽

Initial Stage ◽

Academic Information ◽

Further Development ◽

Server Architecture

The design of the three-tier client server architecture is a further development than before that uses two tiers. The planning is the initial stage before the implementation of the system that is already running today. With this model it is expected that the application no longer need to be installed on every client but enough on the server only. Beside that, this model of server side application can be accessed by every client in various operating system infrastructure and hardware. The Library transaction service workload can be dispersed and no longer overlap at one work terminal only, but it can already be spread over other terminals, which is the benefit of this technology. The integrated information system between the academic information system and library information system makes the data more accurate and well distributed. The credibility and flexibility of data is maintained due to the synchronization between servers for data usage on the main server. This kind of model system development pattern makes integration between parts of an organization better. Three tiers have a database layer on server 1, the application layer on server 2, and Layer 3 is on the user side.

Download Full-text

Replay Attacks on Zero Round-Trip Time: The Case of the TLS 1.3 Handshake Candidates

2017 IEEE European Symposium on Security and Privacy (EuroS&P) ◽

10.1109/eurosp.2017.18 ◽

2017 ◽

Cited By ~ 11

Author(s):

Marc Fischlin ◽

Felix Gunther

Keyword(s):

Round Trip Time ◽

Round Trip ◽

Trip Time ◽

Replay Attacks

Download Full-text

Mechanism to Mitigate Application Layer DDoS Attack with a Light Weight Trust Approach

International Journal of Computer Science and Informatics ◽

10.47893/ijcsi.2013.1114 ◽

2013 ◽

pp. 34-41

Author(s):

M. Jhansi ◽

M. Radha ◽

B. Simmi

Keyword(s):

Trust Management ◽

Partial Solution ◽

Light Weight ◽

Ddos Attacks ◽

Application Layer ◽

Flooding Attack ◽

Ddos Attack ◽

Business Operations ◽

Replay Attacks ◽

Trust Information

New application layer DDoS attacks is a continuous critical threat to which network layer solutions is not applicable as attackers are indistinguishable based on packets or protocols. The increase in Internet-based transactions and communications offers new opportunities for hackers to disrupt business operations with DDoS attacks to prevent legitimate users from accessing services. In this paper, we propose Trust Management Helmet (TMH) as a partial solution to this problem, which is a lightweight mitigation mechanism that uses trust to differentiate legitimate users and attackers. Its key insight is that to protecting the connectivity of good users during application layer DDoS attacks, evaluation is based on their visiting history, and used to schedule the service to their requests. This paper introduces a license, for user identification (even beyond NATs) and storing the trust information at clients. The license is cryptographically secured against forgery or replay attacks. This mitigation mechanism and implement it as a Java package and use it for simulation. Through simulation, we show that TMH is effective in mitigating session flooding attack.

Download Full-text