Timestamps in key distribution protocols
Communications of the ACM
Using encryption for authentication in large networks of computers
Communications of the ACM
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
| Hi-index | 0.00 |
In this paper we use extended NCP logic to formally analyze SSL 3.0, and show two important weak points of the protocol, which are the server's not assured of the freshness and the origin of the pre-master secret when RSA is used for key exchange. We only give specification and analysis of one authentication mode of SSL 3.0 in detail, but all authentication modes have the two weak points. Especially, the flaw of the freshness of the pre-master secret may result in reuse of the pre-master secret, and we properly remedy it by introducing a nonce.