Secure connections are at the heart of today's Internet infrastructure, protecting confidentiality, integrity, and authenticity of data in transit, e.g., when doing online banking, accessing emails, or chatting with friends. The underlying cryptographic protocols (e.g., the prominent Transport Layer Security (TLS) protocol) are composed of two core components: A key exchange protocol first establishes a shared secret key between the two communication partners over a potentially insecure network. This key is then used in the follow-up secure channel protocol to protect the actual data to be communicated.The study of key exchange and secure channels is a foundational research topic in cryptography, with a substantial body of work underpinning classical designs for such protocols. Nevertheless, novel designs of secure connection protocols in practice go beyond what the current state of understanding in cryptographic theory can comprise in terms of techniques and security goals. Prime examples are the upcoming TLS version 1.3 currently developed by the Internet Engineering Task Force or the novel secure messaging protocol Signal (also underlying, e.g., WhatsApp, Facebook Messenger, or Google Allo), which are in daily use by millions to billions of users and devices. As these protocols underpin the security of our day-to-day interactions, it is however crucial to understand the security of these novel designs and to examine their strengths and weaknesses based on scientifically solid theoretical foundations.The proposed project will provide such solid foundations in terms of extended cryptographic security models, as well as assess the practical security of proposed and deployed real-world protocols based on the newly established understanding. To this end, we will devise novel formalisms capturing advanced aspects put forward in recent protocol designs. One major focus will be on an important and strong security guarantee protecting against compromises of secrets (so-called "forward secrecy"). We will study how forward secrecy can be achieved in a secure channel as well as when establishing the communication key with low latency. Novel designs of secure connections also have implications on how these connections are used by application programs and what properties they demand from the components they employ. Therefore, we will study how recent connection protocol designs integrate with application programs as well as with the underlying cryptographic building blocks the designs rely upon. This allows us to interpret the effects of novel designs both on the security they provide to applications and on the requirements they introduce to their components. Through these steps, the proposed project will improve the cryptographic understanding of novel secure connection protocols deployed in practice and their theoretical foundations.

DFG Programme Research Fellowships

International Connection Switzerland, United Kingdom, USA

Hosts Professor Mihir Bellare, Ph.D.; Professor Kenneth Graham Paterson, Ph.D.