Security Notions for Bidirectional Channels

Authors

  • Giorgia Azzurra Marson Ruhr University Bochum, Bochum, Germany
  • Bertram Poettering Ruhr University Bochum, Bochum, Germany

DOI:

https://doi.org/10.13154/tosc.v2017.i1.405-426

Keywords:

cryptographic channels, bidirectional communication, security models

Abstract

This paper closes a definitional gap in the context of modeling cryptographic two-party channels. We note that, while most security models for channels consider exclusively unidirectional communication, real-world protocols like TLS and SSH are rather used for bidirectional interaction. The motivational question behind this paper is: Can analyses conducted with the unidirectional setting in mind—including the current ones for TLS and SSH—also vouch for security in the case of bidirectional channel usage? And, in the first place, what does security in the bidirectional setting actually mean? After developing confidentiality and integrity notions for bidirectional channels, we analyze a standard way of combining two unidirectional channels to realize one bidirectional channel. Although it turns out that this construction is, in general, not as secure as commonly believed, we confirm that for many practical schemes security is provided also in the bidirectional sense.

Downloads

Published

2017-03-08

How to Cite

Marson, G. A., & Poettering, B. (2017). Security Notions for Bidirectional Channels. IACR Transactions on Symmetric Cryptology, 2017(1), 405–426. https://doi.org/10.13154/tosc.v2017.i1.405-426

Issue

Section

Articles