Formal Analysis of the TLS Handshake Protocol

Hanane Houmani, Mourad Debbabi

2012

Abstract

Most applications in the Internet as e-banking, e-commerce, e-maling, etc., use the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to protect the communication channel between the client and the server. That is why it is paramount to ensure the security objectives such as confidentiality, authentication and integrity of the SSL/TLS protocol. In this paper we prove the confidentiality (secrecy) property of the SSL/TLS handshake protocol which consititues the main core of the SSL/TLS protocol. To perform this analysis, we introduce a new funcion called DINEK function that safeltly estimates the security level of messages. More precisely, this function which shares a conceptual origin with the idea of a rank function, allows to estimate a security level of a message (including the unknown messages) according to the interaction between the protocol and the intruder. This function could not be used only to verify the TLS protocol as we will show in this paper, but also to verify the secrecy property for large class of protocols and in particular Key Agreement protocols. The verification using the DINEK function is proven in this paper for unbounded number of sessions and unbounded number of nouces.

References

  1. Abadi, M. (1999). Secrecy by typing in security protocols. Journal of the ACM, 46(5):749-786.
  2. Bellare, M. and Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. pages 62-73. ACM Press.
  3. Bugliesi, M., Focardi, R., and Maffei, M. (2004). Authenticity by tagging and typing. In FMSE 7804: Proceedings of the 2004 ACM workshop on Formal methods in security engineering, pages 1-12. ACM Press.
  4. Carlsen, U. (1994). Formal Specification and Analysis of Cryptographic Protocols. PhD thesis, Université PARIS XI.
  5. Clark, J. and Jacob, J. (1996). A survey of authentication protocol literature. Unpublished Article Available at.
  6. Debbabi, M., Durgin, N., Mejri, M., and Mitchell, J. (2001). Security by typing. Accpeted for publication in the International Journal on Software Tools for Technology Transfer (STTT), Springer Verlag.
  7. Delicata, R. and Schneider, S. (2005). Temporal rank functions for forward secrecy. In CSFW 7805: Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW'05), pages 126-139, Washington, DC, USA. IEEE Computer Society.
  8. Dierks, T. and Rescorla, E. (2008). Rfc 5246 - the transport layer security (tls) protocol version 1.2. Technical report, IETF.
  9. Fabrega, F. J. T., Javier, F., Herzog, J. C., and Guttman, J. D. (1999). Strand spaces: Proving security protocols correct.
  10. Gordon, A. D. and Jeffrey, A. (2004). Authenticity by Typing for Security Protocols. Journal of Computer Security, 11(4):451-519.
  11. He, C., Sundararajan, M., Datta, A., Derek, A., and Mitchell, J. C. (2005). A modular correctness proof of ieee 802.11i and tls. In In CCS 05: Proceedings of the 12th ACM conference on Computer and communications security, pages 2-15. ACM Press.
  12. Hickman, K. E. B. (1994). The ssl protocol version 2.0.
  13. Houmani, H. and Mejri, M. (2007). Secrecy by interpretation functions. Journal of Knowledge-Based Systems, 20(7):617-635.
  14. Houmani, H. and Mejri, M. (2008a). Analysis of some famous cryptographic protocols using the interpretation-function-based method. International Journal of Security and Its Applications (IJSIA), 2(4):99-116.
  15. Houmani, H. and Mejri, M. (2008b). Ensuring the correctness of cryptographic protocols with respect to secrecy. In PRESS, I., editor, International Conference on Security and Cryptography (Secrypt), Porto, Portugal.
  16. Houmani, H. and Mejri, M. (2008c). Toward an automatic verification of secrecy without the perfect encryption assumption. International Journal of Computers, North Atlantic University Union (NAUN), 2(2):183- 192.
  17. Jager, T., Kohlar, F., Schage, S., and Schwenk, J. (2011). A standard-model security analysis of tls. Cryptology ePrint Archive.
  18. Kemmerer, R., Meadows, C., and Millen, J. (1994). Three Systems for Cryptographic Protocol Analysis. Journal of Cryptology, 7(2):79-130.
  19. Liebl, A. (1993). Authentication in distributed systems: A bibliography. Operating Systems Review, 27(4):122- 136.
  20. Meadows, C. (1994). The NRL Protocol Analyzer: An Overview. Journal of Logic Programming.
  21. Meadows, C. (2003). What makes a cryptographic protocol secure? In Proceedings of ESOP 03. Springer-Verlag.
  22. Mitchell, J. C. (1998). Finite-state analysis of security protocols. In in Computer Science, L. N., editor, Computer Aided Verification, volume 1427, pages 71-76.
  23. Mitchell, J. C., Shmatikov, V., and Stern, U. (1998). Finitestate analysis of SSL 3.0. In Proceedings of the 7th USENIX Security Symposium (SECURITY-98), pages 201-216, Berkeley. Usenix Association.
  24. Morrissey, P., Smart, N. P., and Warinschi, B. (2008). A modular security analysis of the tls handshake protocol. In Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings, pages 55-73.
  25. Oppliger, R. and Gajek, S. (2005). Effective protection against phishing and web spoofing. In Proceedings of the 9th IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS 2005), Springer-Verlag, LNCS 3677, pages 32-41.
  26. Oppliger, R., Hauser, R., and Basin, D. (2006). Ssl/tls session-aware user authenticationor how to effectively thwart the man-in-the-middle. Computer Communications, 29:2238-2246.
  27. Paulson, L. C. (1997a). Inductive analysis of the internet protocol tls. ACM Transactions on Information and System Security, 2:332-351.
  28. Paulson, L. C. (1997b). Mechanized proofs for a recursive authentication protocol. In 10th Computer Security Foundations Workshop, pages 84-95. IEEE Computer Society Press.
  29. Rubin, A. D. and Honeyman, P. (1993). Formal methods for the analysis of authentication protocols. Technical Report 93-7, Center for Information Technology Integration. University of Michigan. Internal Draft.
  30. Sabelfeld, A. and Myers, A. (2003). Language-based information-flow security.
  31. Schneider, S. (1992). An operational semantics for timed CSP. In Proceedings Chalmers Workshop on Concurrency, 1991, pages 428-456. Report PMG-R63, Chalmers University of Technology and University of Göteborg.
  32. Schneider, S. (1996). Security properties and csp. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 174-187. IEEE Computer Society Press.
  33. Schneider, S. (1997). Verifying authentication protocols with CSP. In PCSFW: Proceedings of The 10th Computer Security Foundations Workshop. IEEE Computer Society Press.
  34. Syverson, P. (1991). The use of logic in the analysis of cryptographic protocols. In Lunt, T. F. and McLean, J., editors, Proceedings of the 1991 IEEE Symposium on Security and Privacy, pages 156-170. IEEE Computer Society.
  35. Syverson, P. (92). Knowledge, belief, and semantics in the analysis of cryptographic protocols. Journal of Computer Security, 1(3):317-334.
  36. Wagner, D. and Schneier, B. (1996). Analysis of the ssl 3.0 protocol. In Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2, pages 4-4, Berkeley, CA, USA. USENIX Association.
Download


Paper Citation


in Harvard Style

Houmani H. and Debbabi M. (2012). Formal Analysis of the TLS Handshake Protocol . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 192-205. DOI: 10.5220/0004075101920205


in Bibtex Style

@conference{secrypt12,
author={Hanane Houmani and Mourad Debbabi},
title={Formal Analysis of the TLS Handshake Protocol},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={192-205},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004075101920205},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Formal Analysis of the TLS Handshake Protocol
SN - 978-989-8565-24-2
AU - Houmani H.
AU - Debbabi M.
PY - 2012
SP - 192
EP - 205
DO - 10.5220/0004075101920205