Secure Communication Channel Establishment: TLS 1.3 (over TCP Fast Open) versus QUIC

AbstractSecure channel establishment protocols such as Transport Layer Security (TLS) are some of the most important cryptographic protocols, enabling the encryption of Internet traffic. Reducing latency (the number of interactions between parties before encrypted data can be transmitted) in such protocols has become an important design goal to improve user experience. The most important protocols addressing this goal are TLS 1.3, the latest TLS version standardized in 2018 to replace the widely deployed TLS 1.2, and Quick UDP Internet Connections (QUIC), a secure transport protocol from Google that is implemented in the Chrome browser. There have been a number of formal security analyses for TLS 1.3 and QUIC, but their security, when layered with their underlying transport protocols, cannot be easily compared. Our work is the first to thoroughly compare the security and availability properties of these protocols. Toward this goal, we develop novel security models that permit “layered” security analysis. In addition to the standard goals of server authentication and data confidentiality and integrity, we consider the goals of IP spoofing prevention, key exchange packet integrity, secure channel header integrity, and reset authentication, which capture a range of practical threats not usually taken into account by existing security models that focus mainly on the cryptographic cores of the protocols. Equipped with our new models we provide a detailed comparison of three low-latency layered protocols: TLS 1.3 over TCP Fast Open (TFO), QUIC over UDP, and QUIC[TLS] (a new design for QUIC that uses TLS 1.3 key exchange) over UDP. In particular, we show that TFO’s cookie mechanism does provably achieve the security goal of IP spoofing prevention. Additionally, we find several new availability attacks that manipulate the early key exchange packets without being detected by the communicating parties. By including packet-level attacks in our analysis, our results shed light on how the reliability, flow control, and congestion control of the above layered protocols compare, in adversarial settings. We hope that our models will help protocol designers in their future protocol analyses and that our results will help practitioners better understand the advantages and limitations of secure channel establishment protocols.

Download Full-text

Modeling advanced security aspects of key exchange and secure channel protocols

it - Information Technology ◽

10.1515/itit-2020-0029 ◽

2020 ◽

Vol 62 (5-6) ◽

pp. 287-293

Author(s):

Felix Günther

Keyword(s):

Building Blocks ◽

Key Exchange ◽

Internet Security ◽

Streaming Data ◽

Transport Layer ◽

Security Model ◽

Secret Key ◽

Multi Stage ◽

Key Exchange Protocols ◽

Secure Channel

AbstractSecure connections are at the heart of today’s Internet infrastructure, protecting the confidentiality, authenticity, and integrity of communication. Achieving these security goals is the responsibility of cryptographic schemes, more specifically two main building blocks of secure connections. First, a key exchange protocol is run to establish a shared secret key between two parties over a, potentially, insecure connection. Then, a secure channel protocol uses that shared key to securely transport the actual data to be exchanged. While security notions for classical designs of these components are well-established, recently developed and standardized major Internet security protocols like Google’s QUIC protocol and the Transport Layer Security (TLS) protocol version 1.3 introduce novel features for which supporting security theory is lacking.In my dissertation [20], which this article summarizes, I studied these novel and advanced design aspects, introducing enhanced security models and analyzing the security of deployed protocols. For key exchange protocols, my thesis introduces a new model for multi-stage key exchange to capture that recent designs for secure connections establish several cryptographic keys for various purposes and with differing levels of security. It further introduces a formalism for key confirmation, reflecting a long-established practical design criteria which however was lacking a comprehensive formal treatment so far. For secure channels, my thesis captures the cryptographic subtleties of streaming data transmission through a revised security model and approaches novel concepts to frequently update key material for enhanced security through a multi-key channel notion. These models are then applied to study (and confirm) the security of the QUIC and TLS 1.3 protocol designs.

Download Full-text

5G wireless P2MP backhaul security protocol: an adaptive approach

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-019-1592-0 ◽

2019 ◽

Vol 2019 (1) ◽

Author(s):

Jiyoon Kim ◽

Gaurav Choudhary ◽

Jaejun Heo ◽

Daniel Gerbi Duguma ◽

Ilsun You

Keyword(s):

Security Policy ◽

Mutual Authentication ◽

Access Network ◽

Security Analysis ◽

Key Exchange ◽

Security Protocol ◽

Transport Layer ◽

Security Requirements ◽

Key Update ◽

Security Standards

Abstract5G has introduced various emerging demands for new services and technologies that raised the bar for quality of service, latency, handovers, and data rates. Such diverse and perplexing network requirements bring numerous issues, among which security stands in the first row. The backhaul, which can be implemented as a wired or wireless solution, serves as a bridge between the radio access and core networks assuring connectivity to end users. The recent trends in backhaul usage rely on wireless technologies implemented using point-to-point (PTP) or point-to-multipoint (P2MP) configurations. Unfortunately, due to the nature of the transmission medium, the wireless backhaul is vulnerable and exposed to more various security threats and attacks than the wired one. In order to protect the backhaul, there have been several researches, whose authentication and key exchange scheme mainly depends on the existing security standards such as transport layer security (TLS), Internet Key Exchange version 1 (IKEv1), IKEv2, Host Identity Protocol (HIP), and Authentication and Key Agreement (AKA). However, such security standards cannot completely fulfil the security requirements including security policy update, key update, and balancing between security and efficiency, which are necessary for the emerging 5G networks. This is basically the motive behind why we study and propose a new security protocol for the backhaul link of wireless access network based on P2MP model. The proposed protocol is designed to be 5G-aware, and provides mutual authentication, perfect forward secrecy, confidentiality, integrity, secure key exchange, security policy update, key update, and balancing trade-off between efficiency and security while preventing resource exhaustion attacks. The protocol’s correctness is formally verified by the well-known formal security analysis tools: BAN-logic and Scyther. Moreover, the derived lemmas prove that the security requirements are satisfied. Finally, from a comparison analysis, it is shown that the proposed protocol is better than other standard protocols.

Download Full-text

A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations

Journal of Computer Security ◽

10.3233/jcs-200070 ◽

2020 ◽

pp. 1-26

Author(s):

Qinwen Hu ◽

Muhammad Rizwan Asghar ◽

Nevil Brownlee

Keyword(s):

Secure Communication ◽

Large Scale ◽

Transport Layer ◽

Security Level ◽

Secure Socket Layer ◽

Security Issues ◽

Large Scale Analysis ◽

Government Websites ◽

Encrypted Communication ◽

Specific Implementation

HTTPS refers to an application-specific implementation that runs HyperText Transfer Protocol (HTTP) on top of Secure Socket Layer (SSL) or Transport Layer Security (TLS). HTTPS is used to provide encrypted communication and secure identification of web servers and clients, for different purposes such as online banking and e-commerce. However, many HTTPS vulnerabilities have been disclosed in recent years. Although many studies have pointed out that these vulnerabilities can lead to serious consequences, domain administrators seem to ignore them. In this study, we evaluate the HTTPS security level of Alexa’s top 1 million domains from two perspectives. First, we explore which popular sites are still affected by those well-known security issues. Our results show that less than 0.1% of HTTPS-enabled servers in the measured domains are still vulnerable to known attacks including Rivest Cipher 4 (RC4), Compression Ratio Info-Leak Mass Exploitation (CRIME), Padding Oracle On Downgraded Legacy Encryption (POODLE), Factoring RSA Export Keys (FREAK), Logjam, and Decrypting Rivest–Shamir–Adleman (RSA) using Obsolete and Weakened eNcryption (DROWN). Second, we assess the security level of the digital certificates used by each measured HTTPS domain. Our results highlight that less than 0.52% domains use the expired certificate, 0.42% HTTPS certificates contain different hostnames, and 2.59% HTTPS domains use a self-signed certificate. The domains we investigate in our study cover 5 regions (including ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC) and 61 different categories such as online shopping websites, banking websites, educational websites, and government websites. Although our results show that the problem still exists, we find that changes have been taking place when HTTPS vulnerabilities were discovered. Through this three-year study, we found that more attention has been paid to the use and configuration of HTTPS. For example, more and more domains begin to enable the HTTPS protocol to ensure a secure communication channel between users and websites. From the first measurement, we observed that many domains are still using TLS 1.0 and 1.1, SSL 2.0, and SSL 3.0 protocols to support user clients that use outdated systems. As the previous studies revealed security risks of using these protocols, in the subsequent studies, we found that the majority of domains updated their TLS protocol on time. Our 2020 results suggest that most HTTPS domains use the TLS 1.2 protocol and show that some HTTPS domains are still vulnerable to the existing known attacks. As academics and industry professionals continue to disclose attacks against HTTPS and recommend the secure configuration of HTTPS, we found that the number of vulnerable domain is gradually decreasing every year.

Download Full-text

Security Analysis of Discrete-Modulated Continuous-Variable Quantum Key Distribution over Seawater Channel

Applied Sciences ◽

10.3390/app9224956 ◽

2019 ◽

Vol 9 (22) ◽

pp. 4956 ◽

Cited By ~ 2

Author(s):

Xinchao Ruan ◽

Hang Zhang ◽

Wei Zhao ◽

Xiaoxue Wang ◽

Xuan Li ◽

...

Keyword(s):

Quantum Key Distribution ◽

Secure Communication ◽

Security Analysis ◽

Finite Size ◽

Key Distribution ◽

Continuous Variable ◽

Heterodyne Detection ◽

Secret Key ◽

Transmission Distance ◽

Better Than

We investigate the optical absorption and scattering properties of four different kinds of seawater as the quantum channel. The models of discrete-modulated continuous-variable quantum key distribution (CV-QKD) in free-space seawater channel are briefly described, and the performance of the four-state protocol and the eight-state protocol in asymptotic and finite-size cases is analyzed in detail. Simulation results illustrate that the more complex is the seawater composition, the worse is the performance of the protocol. For different types of seawater channels, we can improve the performance of the protocol by selecting different optimal modulation variances and controlling the extra noise on the channel. Besides, we can find that the performance of the eight-state protocol is better than that of the four-state protocol, and there is little difference between homodyne detection and heterodyne detection. Although the secret key rate of the protocol that we propose is still relatively low and the maximum transmission distance is only a few hundred meters, the research on CV-QKD over the seawater channel is of great significance, which provides a new idea for the construction of global secure communication network.

Download Full-text

AN EFFICIENT KEY EXCHANGE SCHEME USING SANTILLI’S ISOFIELDS SECOND-KIND FOR SECURE COMMUNICATION

Advances in Mathematics: Scientific Journal ◽

10.37418/amsj.10.2.39 ◽

2021 ◽

Vol 10 (2) ◽

pp. 1131-1139

Author(s):

Mamta S. Dani ◽

A.J. Meshram ◽

C. Meshram ◽

N.M. Wazalwar

Keyword(s):

Secure Communication ◽

Key Exchange

Download Full-text

Security analysis and enhancement for three-party password-based authenticated key exchange protocol

Security and Communication Networks ◽

10.1002/sec.316 ◽

2011 ◽

Vol 5 (3) ◽

pp. 273-278 ◽

Cited By ~ 4

Author(s):

Jianjie Zhao ◽

Dawu Gu ◽

Lei Zhang

Keyword(s):

Security Analysis ◽

Key Exchange ◽

Authenticated Key Exchange ◽

Key Exchange Protocol ◽

Authenticated Key Exchange Protocol

Download Full-text

RFID Mutual Authentication Protocols based on Gene Mutation and Transfer

Journal of Communications Software and Systems ◽

10.24138/jcomss.v9i1.157 ◽

2013 ◽

Vol 9 (1) ◽

pp. 44 ◽

Cited By ~ 1

Author(s):

Raghav V. Sampangi ◽

Srinivas Sampalli

Keyword(s):

Gene Mutation ◽

Radio Frequency Identification ◽

Mutual Authentication ◽

Security Analysis ◽

Key Exchange ◽

Rfid Tags ◽

Simulation Studies ◽

Frequency Identification ◽

Dynamic Updates ◽

Mutual Authentication Protocol

Radio Frequency Identification (RFID) is a technology that is very popular due to the simplicity in its technology and high adaptability in a variety of areas. The simplicity in the technology, however, comes with a caveat – RFID tags have severe resource restrictions, which make them vulnerable to a range of security attacks. Such vulnerability often results in the loss of privacy of the tag owner and other attacks on tags. Previous research in RFID security has mainly focused on authenticating entities such as readers / servers, which communicate with the tag. Any security mechanism is only as strong as the encryption keys used. Since RFID communication is wireless, critical messages such as key exchange messages are vulnerable to attacks. Therefore, we present a mutual authentication protocol that relies on independent generation and dynamic updates of encryption keys thereby removing the need for key exchange, which is based on the concept of gene mutation and transfer. We also present an enhanced version of this protocol, which improves the security offered by the first protocol. The novelty of the proposed protocols is in the independent generation, dynamic and continuous updates of encryption keys and the use of the concept of gene mutation / transfer to offer mutual authentication of the communicating entities. The proposed protocols are validated by simulation studies and security analysis.

Download Full-text

An Authentication and Secure Communication Scheme for In-Vehicle Networks Based on SOME/IP

Sensors ◽

10.3390/s22020647 ◽

2022 ◽

Vol 22 (2) ◽

pp. 647

Author(s):

Bin Ma ◽

Shichun Yang ◽

Zheng Zuo ◽

Bosong Zou ◽

Yaoguang Cao ◽

...

Keyword(s):

Secure Communication ◽

Rapid Development ◽

Security Analysis ◽

Research Area ◽

Authentication Scheme ◽

Session Key ◽

Positive Effects ◽

Important Approach ◽

Communication Scheme ◽

Vehicle Networks

The rapid development of intelligent networked vehicles (ICVs) has brought many positive effects. Unfortunately, connecting to the outside exposes ICVs to security threats. Using secure protocols is an important approach to protect ICVs from hacker attacks and has become a hot research area for vehicle security. However, most of the previous studies were carried out on V2X networks, while those on in-vehicle networks (IVNs) did not involve Ethernet. To this end, oriented to the new IVNs based on Ethernet, we designed an efficient secure scheme, including an authentication scheme using the Scalable Service-Oriented Middleware over IP (SOME/IP) protocol and a secure communication scheme modifying the payload field of the original SOME/IP data frame. The security analysis shows that the designed authentication scheme can provide mutual identity authentication for communicating parties and ensure the confidentiality of the issued temporary session key; the designed authentication and secure communication scheme can resist the common malicious attacks conjointly. The performance experiments based on embedded devices show that the additional overhead introduced by the secure scheme is very limited. The secure scheme proposed in this article can promote the popularization of the SOME/IP protocol in IVNs and contribute to the secure communication of IVNs.

Download Full-text

Applied Cryptography in E-mail Services and Web Services

Applied Cryptography for Cyber Security and Defense ◽

10.4018/978-1-61520-783-1.ch005 ◽

2011 ◽

pp. 130-145

Author(s):

Lei Chen ◽

Wen-Chen Hu ◽

Ming Yang ◽

Lei Zhang

Keyword(s):

Web Services ◽

Communication Networks ◽

Secure Communication ◽

Transport Layer ◽

Public Key ◽

Applied Cryptography ◽

Public Networks ◽

Trust System ◽

Security Standards ◽

E Mail

E-mail services are the method of sending and receiving electronic messages over communication networks. Web services on the other hand provide a channel of accessing interlinked hypermeida via the World Wide Web. As these two methods of network communications turn into the most popular services over the Internet, applied cryptography and secure authentication protocols become indispensable in securing confidential data over public networks. In this chapter, we first review a number of cryptographic ciphers widely used in secure communication protocols. We then discuss and compare the popular trust system Web of Trust, the certificate standard X.509, and the standard for public key systems Public Key Infrastructure (PKI). Two secure e-mail standards, OpenPGP and S/MIME, are examined and compared. The de facto standard cryptographic protocol for e-commerce, Secure Socket Layer (SSL) / Transport Layer Security (TLS), and XML Security Standards for secure web services are also discussed.

Download Full-text

Security

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Large-Scale Distributed Computing and Applications ◽

10.4018/978-1-61520-703-9.ch009 ◽

2010 ◽

pp. 194-216

Author(s):

Valentin Cristea ◽

Ciprian Dobre ◽

Corina Stratan ◽

Florin Pop

Keyword(s):

Distributed Systems ◽

Access Control ◽

Key Management ◽

Secure Communication ◽

Large Scale ◽

Internet Banking ◽

Distributed Applications ◽

Sensitive Information ◽

Security Research ◽

Security Models

Security in distributed systems is a combination of confidentiality, integrity and availability of their components. It mainly targets the communication channels between users and/or processes located in different computers, the access control of users / processes to resources and services, and the management of keys, users and user groups. Distributed systems are more vulnerable to security threats due to several characteristics such as their large scale, the distributed nature of the control, and the remote nature of the access. In addition, an increasing number of distributed applications (such as Internet banking) manipulate sensitive information and have special security requirements. After discussing important security concepts in the Background section, this chapter addresses several important problems that are at the aim of current research in the security of large scale distributed systems: security models (which represent the theoretical foundation for solving security problems), access control (more specific the access control in distributed multi-organizational platforms), secure communication (with emphasis on the secure group communication, which is a hot topic in security research today), security management (especially key management for collaborative environments), secure distributed architectures (which are the blueprints for designing and building security systems), and security environments / frameworks.

Download Full-text