The TLS Handshake Protocol: A Modular Analysis

P. Morrissey, N. P. Smart, B. Warinschi
2009 Journal of Cryptology  
We study the security of the widely deployed Secure Session Layer/Transport Layer Security (TLS) key agreement protocol. Our analysis identifies, justifies, and exploits the modularity present in the design of the protocol: the application keys offered to higher level applications are obtained from a master key, which in turn is derived, through interaction, from a pre-master key. We define models (following well-established paradigms) that clarify the security level enjoyed by each of these
more » ... es of keys. We capture the realistic setting where only one of the two parties involved in the execution of the protocol (namely the server) has a certified public key, and where the same master key is used to generate multiple application keys. The main contribution of the paper is a modular and generic proof of security for a slightly modified version of TLS. Our proofs shows that the protocol is secure even if the pre-master and the master keys only satisfy only weak security requirements. Our proofs make crucial use of modeling the key derivation function of TLS as a random oracle.
doi:10.1007/s00145-009-9052-3 fatcat:vjht4j55wjcm5ltnhnos5sbds4