zenon/bachelorarbeit
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add references for TLS

Browse Source
This commit is contained in:
Tobias Eidelpes 2020-08-25 14:23:00 +02:00
parent a108cd5778
commit 173acfa323
2 changed files with 43 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
methods.tex
View File

@ -858,31 +858,32 @@ for example.
\subsection{TLS Session Resumption} \subsection{TLS Session Resumption}
\label{subsec:tls session resumption} \label{subsec:tls session resumption}
\gls{TLS} is widely used today to securely encapsulate communication across the \gls{TLS} \cite{rescorlaTransportLayerSecurity2018} is widely used today to
web. For bandwidth savings and better performance, it is possible to cache a securely encapsulate communication across the web. For bandwidth savings and
\gls{TLS} session to allow reusing an already established secure connection at a better performance, it is possible to cache a \gls{TLS} session to allow reusing
later point in time. Versions prior to \gls{TLS} 1.3 used two mechanisms to an already established secure connection at a later point in time. Versions
accomplish this: \gls{TLS} session identifiers and session tickets. Session prior to \gls{TLS} 1.3 used two mechanisms to accomplish this: \gls{TLS} session
identifiers are sent by the server along with the initial handshake with the identifiers and session tickets. Session identifiers are sent by the server
user agent. The identifier is randomly generated and saved by the server so that along with the initial handshake with the user agent. The identifier is randomly
the current session can be found later. To resume a session, the user agent generated and saved by the server so that the current session can be found
sends the identifier with the ClientHello message to the server. The server can later. To resume a session, the user agent sends the identifier with the
then match the identifier to the previously initiated session and responds with ClientHello message to the server. The server can then match the identifier to
the same session identifier to signal to the user agent that the session can be the previously initiated session and responds with the same session identifier
resumed. Session tickets are only issued by the server when the client has to signal to the user agent that the session can be resumed. Session tickets are
expressed support for them. They are encrypted and provided by the server after only issued by the server when the client has expressed support for them. They
a successful handshake via an out-of-band message. The ticket contains all the are encrypted and provided by the server after a successful handshake via an
necessary information to reestablish a secure connection. When the user agent out-of-band message. The ticket contains all the necessary information to
wishes to resume a connection, the session ticket is sent along with the first reestablish a secure connection. When the user agent wishes to resume a
ClientHello message and the server can decrypt the ticket and resume the connection, the session ticket is sent along with the first ClientHello message
session. and the server can decrypt the ticket and resume the session.
In \gls{TLS} version 1.3 the session identifiers and tickets have been replaced In \gls{TLS} version 1.3 \cite{rescorlaTransportLayerSecurity2018} the session
with a \gls{PSK}. Instead of sending a ticket which is not encapsulated in the identifiers and tickets have been replaced with a \gls{PSK}. Instead of sending
\gls{TLS}-secured connection, a \gls{PSK} identity is sent from the server after a ticket which is not encapsulated in the \gls{TLS}-secured connection, a
the initial handshake, usually avoiding out-of-band communication. The \gls{PSK} \gls{PSK} identity is sent from the server after the initial handshake, usually
identity provides a mechanism by which information associated with a secure avoiding out-of-band communication. The \gls{PSK} identity provides a mechanism
connection (certificates, keys) can be restored. by which information associated with a secure connection (certificates, keys)
can be restored.
Because resuming a connection reuses information that has been exchanged before Because resuming a connection reuses information that has been exchanged before
to establish secure communication, individual sessions can be linked together to establish secure communication, individual sessions can be linked together

18
references.bib
View File

@ -456,6 +456,15 @@
series = {{{CCS}} '16} series = {{{CCS}} '16}
} }
@misc{europeanparliamentGeneralDataProtection2016,
title = {General {{Data Protection Regulation}}},
author = {European Parliament and European Council},
year = {2016},
month = apr,
url = {https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679\&from=EN\#d1e6620-1-1},
urldate = {2020-08-25}
}
@inproceedings{falahrastegarTrackingPersonalIdentifiers2016, @inproceedings{falahrastegarTrackingPersonalIdentifiers2016,
title = {Tracking {{Personal Identifiers Across}} the {{Web}}}, title = {Tracking {{Personal Identifiers Across}} the {{Web}}},
booktitle = {Passive and {{Active Measurement}}}, booktitle = {Passive and {{Active Measurement}}},
@ -1168,6 +1177,15 @@ Impact of CSS-based history detection},
note = {Accessed 2020-02-08} note = {Accessed 2020-02-08}
} }
@misc{rescorlaTransportLayerSecurity2018,
title = {The {{Transport Layer Security}} ({{TLS}}) {{Protocol Version}} 1.3},
author = {Rescorla {$<$}ekr@rtfm.com{$>$}, Eric},
year = {2018},
month = aug,
url = {https://tools.ietf.org/html/rfc8446},
urldate = {2020-08-25}
}
@inproceedings{reznichenkoAuctionsDonottrackCompliant2011, @inproceedings{reznichenkoAuctionsDonottrackCompliant2011,
title = {Auctions in Do-Not-Track Compliant Internet Advertising}, title = {Auctions in Do-Not-Track Compliant Internet Advertising},
booktitle = {Proceedings of the 18th {{ACM}} Conference on {{Computer}} and Communications Security}, booktitle = {Proceedings of the 18th {{ACM}} Conference on {{Computer}} and Communications Security},