[Resource Topic] 2019/421: Continuing to reflect on TLS 1.3 with external PSK

Welcome to the resource topic for 2019/421

Title:
Continuing to reflect on TLS 1.3 with external PSK

Authors: Liliya Akhmetzyanova, Evgeny Alekseev, Ekaterina Smyshlyaeva, Alexandr Sokolov

Abstract:

The TLS protocol is the main cryptographic protocol of the Internet. The work on its current version, TLS 1.3, was completed in 2018. This version differs from the previous ones and has been developed taking into account all modern principles of constructing cryptographic protocols. At the same time, even when there are security proofs in some fairly strong security model, it is important to study the possibility of extending this model and then clarifying the security limits of the protocol. In this paper, we consider in detail the restriction on the usage of post-handshake authentication in connections established on external PSK. We clarify that the certain vulnerability appears only in the case of psk_ke mode if more than a single pair of entities can possess a single PSK. We provide several practical scenarios where this condition can be easily achieved. Also we propose appropriate mitigation.

ePrint: https://eprint.iacr.org/2019/421

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .