Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

KEMTLS with Delayed Forward Identity Protection in (Almost) a Single Round Trip

  • Conference paper
  • First Online:
Applied Cryptography and Network Security (ACNS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13269))

Included in the following conference series:

Abstract

The recent KEMTLS protocol (Schwabe, Stebila and Wiggers, CCS’20) is a promising design for a quantum-safe TLS handshake protocol. Focused on the web setting, wherein clients learn server public-key certificates only during connection establishment, a drawback of KEMTLS compared to TLS 1.3 is that it introduces an additional round trip before the server can send data, and an extra one for the client as well in the case of mutual authentication. In many scenarios, including IoT and embedded settings, client devices may however have the targeted server certificate pre-loaded, so that such performance penalty seems unnecessarily restrictive.

This work proposes a variant of KEMTLS tailored to such scenarios. Our protocol leverages the fact that clients know the server public keys in advance to decrease handshake latency while protecting client identities. It combines medium-lived with long-term server public keys to enable a delayed form of forward secrecy even from the first data flow on, and full forward secrecy upon the first round trip. The new protocol is proved to achieve strong security guarantees, based on the security of the underlying building blocks, in a new model for multi-stage key exchange with medium-lived keys.

S. Rastikian—Part of the work was completed while the second author was affiliated with DIENS, École Normale Supérieure, PSL University, Paris, France.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The server does so once per client; the client will then switch to the next key for subsequent handshakes.

References

  1. Aviram, N., Gellert, K., Jager, T.: Session resumption protocols and efficient forward security for TLS 1.3 0-RTT. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 117–150. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_5

    Chapter  Google Scholar 

  2. Aviram, N., Gellert, K., Jager, T.: Session resumption protocols and efficient forward security for TLS 1.3 0-RTT. J. Cryptol. 34(3), 1–57 (2021). https://doi.org/10.1007/s00145-021-09385-0

    Article  MathSciNet  MATH  Google Scholar 

  3. Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_33

    Chapter  MATH  Google Scholar 

  4. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_1

    Chapter  Google Scholar 

  5. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21

    Chapter  Google Scholar 

  6. Bhargavan, K., Brzuska, C., Fournet, C., Green, M., Kohlweiss, M., Zanella-Béguelin, S.: Downgrade resilience in key-exchange protocols. In: 2016 IEEE Symposium on Security and Privacy, pp. 506–525. IEEE Computer Society Press, May 2016. https://doi.org/10.1109/SP.2016.37

  7. Birr-Pixton, J.: A modern TLS library in rust. https://github.com/ctz/rustls

  8. Boyd, C., Gellert, K.: A modern view on forward security. Cryptology ePrint Archive, Report 2019/1362 (2019). https://eprint.iacr.org/2019/1362

  9. Chen, C., et al.: NTRU. Technical report, National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  10. D’Anvers, J.P., et al.: SABER. Technical report, National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  11. Davis, H., Günther, F.: Tighter proofs for the SIGMA and TLS 1.3 key exchange protocols. Cryptology ePrint Archive, Report 2020/1029 (2020). https://eprint.iacr.org/2020/1029

  12. Diemert, D., Jager, T.: On the tight security of TLS 1.3: theoretically-sound cryptographic parameters for real-world deployments. Cryptology ePrint Archive, Report 2020/726 (2020). https://eprint.iacr.org/2020/726

  13. Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 1197–1210. ACM Press, October 2015. https://doi.org/10.1145/2810103.2813653

  14. Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol. J. Cryptol. 34(4), 1–69 (2021). https://doi.org/10.1007/s00145-021-09384-1

    Article  MathSciNet  MATH  Google Scholar 

  15. Dowling, B., Stebila, D.: Modelling ciphersuite and version negotiation in the TLS protocol. In: Foo, E., Stebila, D. (eds.) ACISP 2015. LNCS, vol. 9144, pp. 270–288. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19962-7_16

    Chapter  MATH  Google Scholar 

  16. Smartm2m; guidelines for security, privacy and interoperability in IoT system definition; a concrete approach. Technical report. ETSI SR 003 680, ETSI (2020)

    Google Scholar 

  17. Fagan, M., Megas, K., Scarfone, K., Smith, M.: Foundational cybersecurity activities for IoT device manufacturers. Technical report. NISTIR 8259, NIST (2020)

    Google Scholar 

  18. Fagan, M., Megas, K., Scarfone, K., Smith, M.: IoT device cybersecurity capability core baseline. Technical report. NISTIR 8259A, NIST (2020)

    Google Scholar 

  19. Fischlin, M., Günther, F.: Multi-stage key exchange and the case of Google’s QUIC protocol. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 1193–1204. ACM Press, November 2014. https://doi.org/10.1145/2660267.2660308

  20. Fischlin, M., Günther, F.: Replay attacks on zero round-trip time: the case of the TLS 1.3 handshake candidates. In: 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017, pp. 60–75. IEEE, April 2017

    Google Scholar 

  21. Grubbs, P., Maram, V., Paterson, K.G.: Anonymous, robust post-quantum public key encryption. Cryptology ePrint Archive, Report 2021/708 (2021). https://eprint.iacr.org/2021/708

  22. Günther, F.: Modeling advanced security aspects of key exchange and secure channel protocols. Ph.D. thesis, Technische Universität, Darmstadt (2018). http://tuprints.ulb.tu-darmstadt.de/7162/

  23. Günther, F., Rastikian, S., Towa, P., Wiggers, T.: KEMTLS with delayed forward identity protection in (almost) a single round trip. Cryptology ePrint Archive, Report 2021/725 (2021). https://eprint.iacr.org/2021/725

  24. Jao, D., et al.: SIKE. Technical report, National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  25. Kannwischer, M., Rijneveld, J., Schwabe, P., Stebila, D., Wiggers, T.: PQClean: clean, portable, tested implementations of post quantum cryptography. https://github.com/pqclean/pqclean

  26. Krawczyk, H.: SIGMA: the ‘SIGn-and-MAc’ approach to authenticated Diffie-Hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_24

    Chapter  Google Scholar 

  27. Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_34

    Chapter  Google Scholar 

  28. Krawczyk, H., Wee, H.: The OPTLS protocol and TLS 1.3. Cryptology ePrint Archive, Report 2015/978 (2015). https://eprint.iacr.org/2015/978

  29. Kwiatkowski, K., Valenta, L.: The TLS post-quantum experiment (2019). https://blog.cloudflare.com/the-tls-post-quantum-experiment/

  30. Langley, A.: Cecpq2 (2018). https://www.imperialviolet.org/2018/12/12/cecpq2.html

  31. Lyubashevsky, V., et al.: Crystals-Dilithium. Technical report, National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  32. Mohassel, P.: A closer look at anonymity and robustness in encryption schemes. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 501–518. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_29

    Chapter  MATH  Google Scholar 

  33. NIST: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process. Technical report (2016)

    Google Scholar 

  34. Prest, T., et al.: FALCON. Technical report, National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  35. Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 (Proposed Standard), August 2018. https://doi.org/10.17487/RFC8446, https://www.rfc-editor.org/rfc/rfc8446.txt

  36. Santesson, S., Tschofenig, H.: Transport Layer Security (TLS) Cached Information Extension. RFC 7924, July 2016. https://doi.org/10.17487/RFC7924, https://rfc-editor.org/rfc/rfc7924.txt

  37. Schwabe, P., et al.: CRYSTALS-Kyber. Technical report, National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  38. Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1461–1480. ACM Press, November 2020. https://doi.org/10.1145/3372297.3423350

  39. Schwabe, P., Stebila, D., Wiggers, T.: More efficient post-quantum KEMTLS with pre-distributed public keys. In: Bertino, E., Shulman, H., Waidner, M. (eds.) ESORICS 2021. LNCS, vol. 12972, pp. 3–22. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88418-5_1

    Chapter  Google Scholar 

  40. Sjöberg, K., Andres, P., Buburuzan, T., Brakemeier, A.: C-ITS deployment in Europe - current status and outlook. CoRR abs/1609.03876 (2016). http://arxiv.org/abs/1609.03876

  41. Song, F.: A note on quantum security for post-quantum cryptography. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 246–265. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11659-4_15

    Chapter  MATH  Google Scholar 

  42. Stebila, D., Mosca, M.: Post-quantum key exchange for the internet and the open quantum safe project. In: Avanzi, R., Heys, H. (eds.) Selected Areas in Cryptography – SAC 2016, SAC 2016. LNCS, vol. 10532, pp. 14–37. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-69453-5_2

Download references

Acknowledgments

The authors thank Kenny Paterson and Cédric Fournet for helpful discussions. This work was supported by the Eurostars ZERO-TOUCH Project (E113920) and the European Research Council under Grant Agreement No. 805031 (EPOQUE). Felix Günther was supported in part by German Research Foundation (DFG) Research Fellowship grant GU 1859/1-1.

Author information

Authors and Affiliations

  1. ETH Zurich, Zurich, Switzerland

    Felix Günther, Simon Rastikian & Patrick Towa

  2. IBM Research Europe, Zurich, Switzerland

    Simon Rastikian

  3. Radboud University, Nijmegen, Netherlands

    Thom Wiggers

Authors
  1. Felix Günther
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Simon Rastikian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Patrick Towa
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thom Wiggers
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Patrick Towa .

Editor information

Editors and Affiliations

  1. Stevens Institute of Technology, Hoboken, NJ, USA

    Giuseppe Ateniese

  2. Sapienza University of Rome, Rome, Italy

    Daniele Venturi

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Günther, F., Rastikian, S., Towa, P., Wiggers, T. (2022). KEMTLS with Delayed Forward Identity Protection in (Almost) a Single Round Trip. In: Ateniese, G., Venturi, D. (eds) Applied Cryptography and Network Security. ACNS 2022. Lecture Notes in Computer Science, vol 13269. Springer, Cham. https://doi.org/10.1007/978-3-031-09234-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-09234-3_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-09233-6

  • Online ISBN: 978-3-031-09234-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation