CryptoDB
Shay Gueron
Publications
Year
Venue
Title
2021
JOFC
Selfie: reflections on TLS 1.3 with PSK
Abstract
TLS 1.3 allows two parties to establish a shared session key from an out-of-band agreed pre-shared key (PSK). The PSK is used to mutually authenticate the parties, under the assumption that it is not shared with others. This allows the parties to skip the certificate verification steps, saving bandwidth, communication rounds, and latency. In this paper, we identify a vulnerability in this specific TLS 1.3 option by showing a new “reflection attack” that we call “ Selfie .” This attack uses the fact that TLS does not mandate explicit authentication of the server and the client, and leverages it to break the protocol’s mutual authentication property. We explain the root cause of this TLS 1.3 vulnerability, provide a fully detailed demonstration of a Selfie attack using the TLS implementation of OpenSSL, and propose mitigation. The Selfie attack is the first attack on TLS 1.3 after its official release in 2018. It is surprising because it uncovers an interesting gap in the existing TLS 1.3 models that the security proofs rely on. We explain the gap in these model assumptions and show how it affects the proofs in this case.
2018
JOFC
Program Committees
- Crypto 2020
- CHES 2019
- CHES 2018
- CHES 2013
Coauthors
- Ryad Benadjila (1)
- Olivier Billet (1)
- Nir Drucker (1)
- Shoni Gilboa (1)
- Shay Gueron (7)
- Yehuda Lindell (1)
- Ben Morris (1)
- Nicky Mouha (1)
- Ariel Nof (1)
- Benny Pinkas (1)
- Matthew J. B. Robshaw (1)