Skip to main content
SpringerLink
Log in

Reactive and Proactive Standardisation of TLS

  • Conference paper
  • First Online:
Book cover Security Standardisation Research (SSR 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10074))

Included in the following conference series:

Abstract

In the development of TLS 1.3, the IETF TLS Working Group has adopted an “analysis-prior-to-deployment” design philosophy. This is in sharp contrast to all previous versions of the protocol. We present an account of the TLS standardisation narrative, examining the differences between the reactive standardisation process for TLS 1.2 and below, and the more proactive standardisation process for TLS 1.3. We explore the possible factors that have contributed to the shift in the TLS WG’s design mindset, considering the protocol analysis tools available, the levels of academic involvement and the incentives governing relevant stakeholders at the time of standardisation. In an attempt to place TLS within the broader realm of standardisation, we perform a comparative analysis of standardisation models and discuss the standardisation of TLS within this context.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.trustworthyinternet.org/ssl-pulse/.

  2. 2.

    Designed by Netscape Communications in the 1990s.

  3. 3.

    At the time of writing, 7 % of the roughly 150 k servers surveyed by SSL pulse still do.

  4. 4.

    See http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html for a description of the attack.

  5. 5.

    Browser Exploit Against SSL/TLS.

  6. 6.

    Compression-Ratio Info-leak Made Easy.

  7. 7.

    See, for example, http://www.infoworld.com/article/2979527/security/google-mozilla-microsoft-browsers-dump-rc4-encryption.html.

  8. 8.

    See the TLS WG charter at https://datatracker.ietf.org/wg/tls/charter/ for further details.

  9. 9.

    See https://www.mitls.org/tron2/ for details.

  10. 10.

    Other ISO subcommittees also standardise security mechanisms, such as SC17 which focuses on cards and personal identification but we focus our discussion here on SC27.

References

  1. FlexTLS: A Tool for Testing TLS Implementations. https://mitls.org/pages/flextls

  2. Getting Started in the IETF. https://www.ietf.org/newcomers.html. Accessed 06 Aug 2016

  3. miTLS: A Verified Reference Implementation of TLS. https://mitls.org/

  4. ProVerif: Cryptographic protocol verifier in the formal model. http://prosecco.gforge.inria.fr/personal/bblanche/proverif/

  5. TLS 1.3 Security Properties. https://github.com/tls13properties/tls13-properties

  6. Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J.A., Heninger, N., Springall, D., Thomé, E., Valenta, L., VanderSloot, B., Wustrow, E., Béguelin, S.Z., Zimmermann, P.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In Ray et al. [76], pp. 5–17

    Google Scholar 

  7. Albrecht, M.R., Paterson, K.G.: Lucky Microseconds: A timing attack on amazon’s s2n implementation of TLS. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 622–643. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49890-3_24

    Chapter  Google Scholar 

  8. AlFardan, N., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: Sommer, R. (ed.) Proceedings of the 2013 IEEE Symposium on Security and Privacy (S&P 2013) (2013)

    Google Scholar 

  9. AlFardan, N.J., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.N.: On the security of RC4 in TLS. In: King, S.T. (ed.) Proceedings of the 22nd USENIX Security Symposium, Washington D.C., August 2013, pp. 305–320. USENIX (2013)

    Google Scholar 

  10. Almeida, J.B., Barbosa, M., Barthe, G., Dupressoir, F.: Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 163–184. Springer, Heidelberg (2016). doi:10.1007/978-3-662-52993-5_9

    Chapter  Google Scholar 

  11. Apecechea, G.I., Inci, M.S., Eisenbarth, T., Sunar, B.: Lucky 13 strikes back. In: Bao, F., Miller, S., Zhou, J., Ahn, G.-J. (eds.) Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015, Singapore, 14–17 April 2015, pp. 85–96. ACM (2015)

    Google Scholar 

  12. Arai, K.: Formal Verification of TLS 1.3 Full Handshake Protocol Using Proverif. Technical report, Cryptographic protocol Evaluation toward Long-Lived Outstanding Security Consortium (CELLOS), February 2016. https://www.cellos-consortium.org/studygroup/TLS1.3-fullhandshake-draft11.pv

  13. Aviram, N., Schinzel, S., Somorovsky, J., Heninger, N., Dankel, M., Steube, J., Valenta, L., Adrian, D., Halderman, J.A., Dukhovni, V., Käsper, E., Cohney, S., Engels, S., Paar, C., Shavitt, Y.: DROWN: breaking TLS using SSLv2. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 16, Austin, 10–12 August 2016, pp. 689–706. USENIX Association (2016)

    Google Scholar 

  14. Bard, G.V.: A challenging but feasible blockwise-adaptive chosen-plaintext attack on SSL. In: Malek, M., Fernández-Medina, E., Hernando, J. (eds.) SECRYPT, pp. 99–109. INSTICC Press (2006)

    Google Scholar 

  15. Berners-Lee, T., Fielding, R., Frystyk, H.: The Hypertext Transfer Protocol HTTP/1.0. RFC 1945 (Informational), May 1996

    Google Scholar 

  16. Beurdouche, B., Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Ishtiaq, S., Kohlweiss, M., Protzenko, J., Swamy, N., Zanella-Bguelin, S., Zinzindohou, J.K.: Towards a Provably Secure Implementation of TLS 1.3. Presented at TRON 1.0, San Diego, 21 February 2016

    Google Scholar 

  17. Beurdouche, B., Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zinzindohoue, J.K.: A messy state of the union: taming the composite state machines of TLS. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, 17–21 May 2015, pp. 535–552. IEEE Computer Society (2015)

    Google Scholar 

  18. Bhargavan, K., Kobeissi, N., Blanchet, B.: ProScript T.L.S.: Building a TLS 1.3 Implementation with a Verifiable Protocol Model. Presented at TRON 1.0, San Diego, 21 February 2016

    Google Scholar 

  19. Bhargavan, K., Brzuska, C., Fournet, C., Green, M., Kohlweiss, M., Zanella-Bèguellin, S.: Downgrade resilience in key-exchange protocols. In: 2016 IEEE Symposium on Security and Privacy, SP 2016, San Jose, 23–25 May 2016

    Google Scholar 

  20. Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Pironti, A., Strub, P.-Y.: Triple handshakes, cookie cutters: breaking and fixing authentication over TLS. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, 18–21 May 2014, pp. 98–113. IEEE Computer Society (2014)

    Google Scholar 

  21. Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Pironti, A., Strub, P.-Y., Handshakes, T., Cutters, C.: Breaking and fixing authentication over TLS. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, 18–21 May 2014, pp. 98–113 (2014)

    Google Scholar 

  22. Bhargavan, K., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y.: Implementing TLS with verified cryptographic security. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, 19–22 May 2013, pp. 445–459. IEEE Computer Society (2013)

    Google Scholar 

  23. Bhargavan, K., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zanella-Béguelin, S.: Proving the TLS handshake secure (as it is). In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 235–255. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44381-1_14

    Chapter  Google Scholar 

  24. Bhargavan, K., Leurent, G.: Transcript collision attacks: breaking authentication in TLS, IKE, and SSH. In: 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, 21–24 February 2016

    Google Scholar 

  25. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14 2001), 11–13 June 2001, Cape Breton, pp. 82–96 (2001)

    Google Scholar 

  26. Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998). doi:10.1007/BFb0055716

    Chapter  Google Scholar 

  27. Bricout, R., Murphy, S., Paterson, K.G., Van der Merwe, T.: Analysing and exploiting the Mantin biases in RC4. IACR Cryptology ePrint Archive, 2016:63 (2016)

    Google Scholar 

  28. Canvel, B., Hiltgen, A., Vaudenay, S., Vuagnoux, M.: Password interception in a SSL/TLS channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583–599. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45146-4_34

    Chapter  Google Scholar 

  29. Chauhan, S., Sobti, R., Geetha, G., Anand, S.: Cryptanalysis of SHA-3 candidates: a survey. Res. J. Inf. Technol. 5, 149–159 (2013)

    Google Scholar 

  30. Chen, L., Mitchell, C. (eds.): SSR 2014. Security and Cryptology. LNCS, vol. 8893. Springer (2014)

    Google Scholar 

  31. Cremers, C., Horvat, M., Scott, S., van der Merwe, T.: Automated analysis and verification of TLS 1.3: 0-RTT, resumption and delayed authentication. In: 2016 IEEE Symposium on Security and Privacy, SP 2016, San Jose, 23–25 May 2016

    Google Scholar 

  32. Dierks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246, Internet Engineering Task Force, January 1999

    Google Scholar 

  33. Dierks, T., Allen, C.: The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346, Internet Engineering Task Force, April 2006

    Google Scholar 

  34. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, Internet Engineering Task Force, August 2008

    Google Scholar 

  35. Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In Ray et al. [76], pp. 1197–1210

    Google Scholar 

  36. Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 draft-10 full and pre-shared key handshake protocol. Cryptology ePrint Archive, Report 2016/081 (2016). http://eprint.iacr.org/

  37. Dowling, B., Stebila, D.: Modelling ciphersuite and version negotiation in the TLS protocol. In: Foo, E., Stebila, D. (eds.) ACISP 2015. LNCS, vol. 9144, pp. 270–288. Springer, Heidelberg (2015). doi:10.1007/978-3-319-19962-7_16

    Chapter  Google Scholar 

  38. Duong, T., Rizzo, J.: Here come the \(\oplus \) Ninjas. Unpublished manuscript (2011)

    Google Scholar 

  39. Dworkin, M.J.: SHA-3 Standard: permutation-based hash and extendable-output functions. FIPS 202, August 2015

    Google Scholar 

  40. Dworkin, M.J., Barker, E.B., Nechvatal, J.R., Foti, J., Bassham, L.E., Roback, E., Dray, Jr., J.F.: Announcing the Advanced Encryption Standard (AES). FIPS PUB 197, November 2001

    Google Scholar 

  41. Fischlin, M., Günther, F.: Multi-stage key exchange and the case of Google’s QUIC protocol. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, pp. 1193–1204, 3–7 November 2014

    Google Scholar 

  42. Fischlin, M., Günther, F., Schmidt, B., Warinschi, B.: Key confirmation in key exchange: a formal treatment and implications for TLS 1.3. In: 2016 IEEE Symposium on Security and Privacy, SP 2016, San Jose, 23–25 May 2016

    Google Scholar 

  43. Freier, A., Karlton, P.: The Secure Sockets Layer (SSL) Protocol Version 3.0. RFC 6101 (Historic Document), August 2011

    Google Scholar 

  44. Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.-R., Schwenk, J.: Universally composable security analysis of TLS. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 313–327. Springer, Heidelberg (2008). doi:10.1007/978-3-540-88733-1_22

    Chapter  Google Scholar 

  45. Garman, C., Paterson, K.G., Van der Merwe, T.: Attacks only get better: password recovery attacks against RC4 in TLS. In Jung and Holz [53], pp. 113–128

    Google Scholar 

  46. Garret, D.: Banning SHA-1 in TLS 1.3, a new attempt. TLS mailing list post, October 2015. http://www.ietf.org/mail-archive/web/tls/current/msg17956.html

  47. Garret, D.: MD5 diediedie (was Re: Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms). TLS mailing list post, January 2016. http://www.ietf.org/mail-archive/web/tls/current/msg18977.html

  48. Giesen, F., Kohlar, F., Stebila, D.: On the security of TLS renegotiation. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, 4–8 November 2013, pp. 387–398. ACM (2013)

    Google Scholar 

  49. Griffin, P.H.: Standardization transparency - an out of body experience. In: Chen and Mitchell [30], pp. 57–68

    Google Scholar 

  50. Guttman, J.D., Liskov, M.D., Rowe, P.D.: Security goals and evolving standards. In: Chen and Mitchell [30], pp. 93–110

    Google Scholar 

  51. Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273–293. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_17

    Chapter  Google Scholar 

  52. Jager, T., Schwenk, J., Somorovsky, J.: On the security of TLS 1.3 and QUIC against weaknesses in PKCS#1 v1.5 encryption. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, 12–16 October 2015, pp. 1185–1196 (2015)

    Google Scholar 

  53. Jung, J., Holz, T., (eds.): 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., 12–14 August 2015. USENIX Association (2015)

    Google Scholar 

  54. Kelsey, J.: Compression and information leakage of plaintext. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 263–276. Springer, Heidelberg (2002). doi:10.1007/3-540-45661-9_21

    Chapter  Google Scholar 

  55. Klíma, V., Pokorný, O., Rosa, T.: Attacking RSA-based sessions in SSL/TLS. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 426–440. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45238-6_33

    Chapter  Google Scholar 

  56. Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DH and TLS-RSA in the standard model. IACR Cryptology ePrint Archive, 2013:367 (2013)

    Google Scholar 

  57. Kohlweiss, M., Maurer, U., Onete, C., Tackmann, B., Venturi, D.: (De-)constructing TLS. IACR Cryptology ePrint Archive, 2014:20 (2014)

    Google Scholar 

  58. Krawczyk, H.: The order of encryption and authentication for protecting communications (or: how secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001). doi:10.1007/3-540-44647-8_19

    Chapter  Google Scholar 

  59. Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14623-7_34

    Chapter  Google Scholar 

  60. Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: a systematic analysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 429–448. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40041-4_24

    Chapter  Google Scholar 

  61. Krawczyk, H., Wee, H.: The OPTLS protocol and TLS 1.3. IACR Cryptology ePrint Archive, 2015:978 (2015)

    Google Scholar 

  62. Krawczyk, H., Wee, H.: The OPTLS protocol and TLS 1.3. In: IEEE European Symposium on Security and Privacy, EuroS&P 2016, Saarbrücken, 21–24 March 2016, pp. 81–96. IEEE (2016)

    Google Scholar 

  63. Langley, A., Chang, W.: QUIC Crypto, June 2013. https://docs.google.com/document/d/1g5nIXAIkN_Y-7XJW5K45IblHd_L2f5LTaDUDwvZ5L6g/

  64. Li, X., Xu, J., Zhang, Z., Feng, D., Hu, H.: Multiple handshakes security of TLS 1.3 candidates. In: 2016 IEEE Symposium on Security and Privacy, SP 2016, San Jose, 23–25 May 2016

    Google Scholar 

  65. Li, Y., Schäge, S., Yang, Z., Kohlar, F., Schwenk, J.: On the security of the pre-shared key ciphersuites of TLS. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 669–684. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54631-0_38

    Chapter  Google Scholar 

  66. Mantin, I., Shamir, A.: A practical attack on broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002). doi:10.1007/3-540-45473-X_13

    Chapter  Google Scholar 

  67. Matsuo, S.: Formal verification of TLS 1.3 full handshake protocol using ProVerif (Draft-11). TLS mailing list post, February 2016. https://www.ietf.org/mail-archive/web/tls/current/msg19339.html

  68. Mavrogiannopoulos, N., Vercauteren, F., Velichkov, V., Preneela, B.: A cross-protocol attack on the TLS protocol. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, pp. 62–72. ACM Press, October 2012

    Google Scholar 

  69. Meyer, C., Somorovsky, J., Weiss, E., Schwenk, J., Schinzel, S., Tews, E.: Revisiting, SSL/TLS implementations: new Bleichenbacher side channels and attacks. In: Fu, K., Jung, J., (eds.) Proceedings of the 23rd USENIX Security Symposium, San Diego, 20–22 August 2014, pp. 733–748. USENIX Association (2014)

    Google Scholar 

  70. Moeller, B.: Security of CBC ciphersuites in SSL/TLS: problems andcountermeasures. Unpublished manuscript, May 2004. http://www.openssl.org/~bodo/tls-cbc.txt

  71. Möller, B., Duong, T., Kotowicz, K.: This POODLE bites: exploiting the SSL 3.0 fallback, September 2014

    Google Scholar 

  72. Morrissey, P., Smart, N.P., Warinschi, B.: The TLS handshake protocol: a modular analysis. J. Cryptol. 23(2), 187–223 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  73. Paterson, K.G., Ristenpart, T., Shrimpton, T.: Tag size Does matter: attacks and proofs for the TLS record protocol. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 372–389. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25385-0_20

    Chapter  Google Scholar 

  74. Popov, A.: Prohibiting RC4 Cipher Suites. RFC 7465 (Proposed Standard), February 2015

    Google Scholar 

  75. Postel, J.: Internet Protocol. RFC 791, Internet Engineering Task Force, September 1981

    Google Scholar 

  76. Ray, I., Li, N., Kruegel, C., (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, 12–6 October 2015. ACM (2015)

    Google Scholar 

  77. Federal Register. Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA 3) Family. Federal Register, November 2007

    Google Scholar 

  78. Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3, Draft 15. Internet draft, Internet Engineering Task Force, August 2016

    Google Scholar 

  79. Rescorla, E., Ray, M., Dispensa, S., Oskov, N.: Transport Layer Security (TLS) Renegotiation Indication Extension. RFC 5746 (Proposed Standard), February 2010

    Google Scholar 

  80. Rogaway, P.: Problems with proposed IP cryptography. Unpublished manuscript (1995). http://www.cs.ucdavis.edu/~rogaway/papers/draft-rogaway-ipsec-comments-00.txt

  81. Roskind, J.: QUIC: Quick UDP Internet Connections, April 2012. https://docs.google.com/document/d/1RNHkx_VvKWyWg6Lr8SZ-saqsQx7rFV-ev2jRFUoVD34/edit?pref=2&pli=1

  82. Sarkar, P.G., Fitzgerald, S.: Attacks on SSL - a comprehensive study of BEAST, CRIME, TIME, BREACH, Lucky 13 and RC4 biases, August 2013

    Google Scholar 

  83. Tamarin prover GitHub repository (develop branch) (2015). https://github.com/tamarin-prover/tamarin-prover

  84. Turner, S., Polk, T.: Prohibiting Secure Sockets Layer (SSL) Version 2.0. RFC 6176 (Proposed Standard), March 2011

    Google Scholar 

  85. Vanhoef, M., Piessens, F.: All your biases belong to us: breaking RC4 in WPA-TKIP and TLS. In Jung and Holz [53], pp. 97–112

    Google Scholar 

  86. Vaudenay, S.: Security flaws induced by CBC padding — applications to SSL, IPSEC, WTLS. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002). doi:10.1007/3-540-46035-7_35

    Chapter  Google Scholar 

  87. Wagner, D., Schneier, B.: Analysis of the SSL 3.0 protocol. In: USENIX Electronic Commerce (1996)

    Google Scholar 

  88. Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005). doi:10.1007/11426639_2

    Chapter  Google Scholar 

Download references

Acknowledgements

Paterson was supported in part by a research programme funded by Huawei Technologies and delivered through the Institute for Cyber Security Innovation at Royal Holloway, University of London, and in part by EPSRC grant EP/M013472/1. Van der Merwe was supported by the EPSRC as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London. We thank Eric Rescorla and the anonymous reviewers of SSR 2016 for their valuable feedback on the paper.

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, Egham, UK

    Kenneth G. Paterson & Thyla van der Merwe

Authors
  1. Kenneth G. Paterson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thyla van der Merwe
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thyla van der Merwe .

Editor information

Editors and Affiliations

  1. Computer Security Division, NIST, Gaithersburg, Maryland, USA

    Lidong Chen

  2. Cisco Systems Inc., San Jose, USA

    David McGrew

  3. University of London, Egham, United Kingdom

    Chris Mitchell

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Paterson, K.G., van der Merwe, T. (2016). Reactive and Proactive Standardisation of TLS. In: Chen, L., McGrew, D., Mitchell, C. (eds) Security Standardisation Research. SSR 2016. Lecture Notes in Computer Science(), vol 10074. Springer, Cham. https://doi.org/10.1007/978-3-319-49100-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49100-4_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49099-1

  • Online ISBN: 978-3-319-49100-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation