Florian Kohlar

On the Security of TLS-DHE in the Standard Model

TLS is the most important cryptographic protocol in use today. However, up to now there is no complete cryptographic security proof in the standard model, nor in any other model. We give the first such proof for the core cryptographic protocol of TLS ciphersuites based on ephemeral Diffie-Hellman key exchange TLS-DHE, which include the cipher suite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA mandatory in TLS 1.0 and TLS 1.1. It is impossible to prove security of the TLS Handshake protocol in any classical key-indistinguishability-based security model like for instance the Bellare-Rogaway or the Canetti-Krawczyk model, due to subtle issues with the encryption of the final Finished messages. Therefore we start with proving the security of a truncated version of the TLS-DHE Handshake protocol, which has been considered in previous works on TLS. Then we define the notion of authenticated and confidential channel establishment ACCE as a new security model which captures precisely the security properties expected from TLS in practice, and show that the combination of the TLS Handshake with data encryption in the TLS Record Layer can be proven secure in this model.

Generic Compilers for Authenticated Key Exchange

So far, all solutions proposed for authenticated key agreement combine key agreement and authentication into a single cryptographic protocol. However, in many important application scenarios, key agreement and entity authentication are clearly separated protocols. This fact enables efficient attacks on the naive combination of these protocols. In this paper, we propose new compilers for two-party key agreement and authentication, which are provably secure in the standard Bellare-Rogaway model. The constructions are generic: key agreement is executed first and results (without intervention of the adversary) in a secret session key on both sides. This key (or a derived key) is handed over, together with a transcript of all key exchange messages, to the authentication protocol, where it is combined with the random challenge(s) exchanged during authentication.

Multi-Ciphersuite Security of the Secure Shell (SSH) Protocol

The Secure Shell (SSH) protocol is widely used to provide secure remote access to servers, making it among the most important security protocols on the Internet. We show that the signed-Diffie--Hellman SSH ciphersuites of the SSH protocol are secure: each is a secure authenticated and confidential channel establishment (ACCE) protocol, the same security definition now used to describe the security of Transport Layer Security (TLS) ciphersuites. While the ACCE definition suffices to describe the security of individual ciphersuites, it does not cover the case where parties use the same long-term key with many different ciphersuites: it is common in practice for the server to use the same signing key with both finite field and elliptic curve Diffie--Hellman, for example. While TLS is vulnerable to attack in this case, we show that SSH is secure even when the same signing key is used across multiple ciphersuites. We introduce a new generic multi-ciphersuite composition framework to achieve this result in a black-box way.

Secure Bindings of SAML Assertions to TLS Sessions

In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. In this paper, we present a third approach which is of further interest beyond IDM protocols: we bind the SAML assertion to the TLS session that has been agreed upon between client and the service provider and thus provide anonymity of the browser.

Secure Fallback Authentication and the Trusted Friend Attack

Fallback authentication, i.e., recovering access to an account after the password is lost, is an important aspect of real-world deployment of authentication solutions. However, most proposed and deployed mechanisms have substantial weaknesses that seriously degrade security and/or usability. e.g., the well-known security questions are often easy to guess. A promising new fallback authentication mechanism is social authentication, which bases authentication on information about the social context of the user (e.g., on his social graph). We consider fallback authentication mechanisms deployed in practice on a number of social network sites (we concentrate on social networks because those can realistically implement social authentication). Our main contribution is a novel attack against Facebooks social authentication mechanism called Trusted Friends, which is the prime example for social authentication. Our attack is different from previous attacks in that it does not exploit bias in user choice but exploits tests that are realized client-side (but should be server-side) and POST-data fields that can be manipulated by an attacker. Furthermore, we found problems with all fallback authentication mechanisms used by social network sites, and demonstrate a number of cases where we can circumvent the schemes used. These findings are problematic as successfully breaking the fallback authentication gives full access to an account, just as breaking the main authentication mechanism. We conclude that implementations of fallback authentication mechanisms require more attention, both on a conceptual and an implementation level, as even seemingly minor implementation details can have a broad impact on the overall security. We have responsibly reported all attacks to the respective security teams well in advance of publication.

On Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security

In recent research, two approaches to protect SAML based Federated Identity Management FIM against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. This work presents a third approach which is of further interest beyond IDM protocols, especially for mobile devices relying heavily on the security offered by web technologies. By binding the SAML assertion to cryptographically derived values of the TLS session that has been agreed upon between client and the service provider, this approach provides anonymity of the mobile browser while allowing Relying Party and Identity Provider to detect the presence of a man-in-the-middle attack.