• DocumentCode
    612049
  • Title

    Implementing TLS with Verified Cryptographic Security

  • Author

    Bhargavan, Karthikeyan ; Fournet, Cedric ; Kohlweiss, Markulf ; Pironti, A. ; Strub, P.

  • fYear
    2013
  • fDate
    19-22 May 2013
  • Firstpage
    445
  • Lastpage
    459
  • Abstract
    TLS is possibly the most used protocol for secure communications, with a 18-year history of flaws and fixes, ranging from its protocol logic to its cryptographic design, and from the Internet standard to its diverse implementations. We develop a verified reference implementation of TLS 1.2. Our code fully supports its wire formats, ciphersuites, sessions and connections, re-handshakes and resumptions, alerts and errors, and data fragmentation, as prescribed in the RFCs; it interoperates with mainstream web browsers and servers. At the same time, our code is carefully structured to enable its modular, automated verification, from its main API down to computational assumptions on its cryptographic algorithms. Our implementation is written in F# and specified in F7. We present security specifications for its main components, such as authenticated stream encryption for the record layer and key establishment for the handshake. We describe their verification using the F7 typechecker. To this end, we equip each cryptographic primitive and construction of TLS with a new typed interface that captures its security properties, and we gradually replace concrete implementations with ideal functionalities. We finally typecheck the protocol state machine, and obtain precise security theorems for TLS, as it is implemented and deployed. We also revisit classic attacks and report a few new ones.
  • Keywords
    Internet; application program interfaces; computer network security; cryptographic protocols; file servers; formal specification; online front-ends; API; F#; F7 typechecker; Internet standard; RFC; TLS 1.2; Web servers; alerts; authenticated stream encryption; ciphersuites; classic attacks; connections; cryptographic design; data fragmentation; errors; key establishment; mainstream Web browser; protocol logic; protocol state machine; re-handshakes; record layer; resumption; security specifications; sessions; time 18 year; transport layer security; typed interface; verified cryptographic security; wire formats; Encryption; Libraries; Protocols; Servers; Standards; Formal Verification; Provable Security; Security Protocol Implementation; Transport Layer Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy (SP), 2013 IEEE Symposium on
  • Conference_Location
    Berkeley, CA
  • ISSN
    1081-6011
  • Print_ISBN
    978-1-4673-6166-8
  • Electronic_ISBN
    1081-6011
  • Type

    conf

  • DOI
    10.1109/SP.2013.37
  • Filename
    6547126