TLS Tandem

Nowadays, the TLS protocol (transport layer security) is the de facto standard for securing transactions across the Internet. It provides end-to-end secure communications with one way or mutual authentication between two network nodes. However, this protocol suffers from serious vulnerabilities because classical software implementations are not trusted and allow the use of falsified credentials (e.g. revoked and false certificates) and provide an unsecured storage of credentials (private keys, passwords, etc.). In this paper, we introduce the TLS smart card to prevent those issues and we describe the TLS Tandem protocol, a TLS extension cohabiting between two TLS software installed in both a docking host and a smart card. The card of our architecture, after which the TLS authentication is successfully performed, derives secret keys from the master secret key, and transmits these values to the TLS software installed in the docking host. We discuss the performance and the efficiency of TLS Tandem. The implementation and performances analysis are performed using smart cards and Java Card libraries.