Abstract

The TLS protocol is the main cryptographic protocol of the Internet. The work on its current version, TLS 1.3, was completed in 2018. This version differs significantly from the previous ones and has a clean-state design taking into account all modern principles of constructing secure cryptographic protocols. At the same time, even when there are security proofs in some fairly strong security model, it is important to explore the possibility of extending this model and then clarifying the security limits of the protocol. This work considers the restriction on the usage of post-handshake authentication in connections established with external PSK. We show that some vulnerability appears in the case of psk_ke mode (PSK-only key establishment) if more than one pair of entities can possess the same PSK. We provide several practical scenarios where this condition can be easily achieved. Also we propose appropriate mitigation to prevent this vulnerability.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.