zenon/bachelorarbeit
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add references for TLS

Browse Source
This commit is contained in:
Tobias Eidelpes 2020-08-25 14:23:00 +02:00
parent a108cd5778
commit 173acfa323
2 changed files with 43 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
methods.tex
View File

@ -858,31 +858,32 @@ for example.
\subsection{TLS Session Resumption}
\label{subsec:tls session resumption}
\gls{TLS} is widely used today to securely encapsulate communication across the
web. For bandwidth savings and better performance, it is possible to cache a
\gls{TLS} session to allow reusing an already established secure connection at a
later point in time. Versions prior to \gls{TLS} 1.3 used two mechanisms to
accomplish this: \gls{TLS} session identifiers and session tickets. Session
identifiers are sent by the server along with the initial handshake with the
user agent. The identifier is randomly generated and saved by the server so that
the current session can be found later. To resume a session, the user agent
sends the identifier with the ClientHello message to the server. The server can
then match the identifier to the previously initiated session and responds with
the same session identifier to signal to the user agent that the session can be
resumed. Session tickets are only issued by the server when the client has
expressed support for them. They are encrypted and provided by the server after
a successful handshake via an out-of-band message. The ticket contains all the
necessary information to reestablish a secure connection. When the user agent
wishes to resume a connection, the session ticket is sent along with the first
ClientHello message and the server can decrypt the ticket and resume the
session.
\gls{TLS} \cite{rescorlaTransportLayerSecurity2018} is widely used today to
securely encapsulate communication across the web. For bandwidth savings and
better performance, it is possible to cache a \gls{TLS} session to allow reusing
an already established secure connection at a later point in time. Versions
prior to \gls{TLS} 1.3 used two mechanisms to accomplish this: \gls{TLS} session
identifiers and session tickets. Session identifiers are sent by the server
along with the initial handshake with the user agent. The identifier is randomly
generated and saved by the server so that the current session can be found
later. To resume a session, the user agent sends the identifier with the
ClientHello message to the server. The server can then match the identifier to
the previously initiated session and responds with the same session identifier
to signal to the user agent that the session can be resumed. Session tickets are
only issued by the server when the client has expressed support for them. They
are encrypted and provided by the server after a successful handshake via an
out-of-band message. The ticket contains all the necessary information to
reestablish a secure connection. When the user agent wishes to resume a
connection, the session ticket is sent along with the first ClientHello message
and the server can decrypt the ticket and resume the session.
In \gls{TLS} version 1.3 the session identifiers and tickets have been replaced
with a \gls{PSK}. Instead of sending a ticket which is not encapsulated in the
\gls{TLS}-secured connection, a \gls{PSK} identity is sent from the server after
the initial handshake, usually avoiding out-of-band communication. The \gls{PSK}
identity provides a mechanism by which information associated with a secure
connection (certificates, keys) can be restored.
In \gls{TLS} version 1.3 \cite{rescorlaTransportLayerSecurity2018} the session
identifiers and tickets have been replaced with a \gls{PSK}. Instead of sending
a ticket which is not encapsulated in the \gls{TLS}-secured connection, a
\gls{PSK} identity is sent from the server after the initial handshake, usually
avoiding out-of-band communication. The \gls{PSK} identity provides a mechanism
by which information associated with a secure connection (certificates, keys)
can be restored.
Because resuming a connection reuses information that has been exchanged before
to establish secure communication, individual sessions can be linked together

18
references.bib
View File

@ -456,6 +456,15 @@
series = {{{CCS}} '16}
}
@misc{europeanparliamentGeneralDataProtection2016,
title = {General {{Data Protection Regulation}}},
author = {European Parliament and European Council},
year = {2016},
month = apr,
url = {https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679\&from=EN\#d1e6620-1-1},
urldate = {2020-08-25}
}
@inproceedings{falahrastegarTrackingPersonalIdentifiers2016,
title = {Tracking {{Personal Identifiers Across}} the {{Web}}},
booktitle = {Passive and {{Active Measurement}}},
@ -1168,6 +1177,15 @@ Impact of CSS-based history detection},
note = {Accessed 2020-02-08}
}
@misc{rescorlaTransportLayerSecurity2018,
title = {The {{Transport Layer Security}} ({{TLS}}) {{Protocol Version}} 1.3},
author = {Rescorla {$<$}ekr@rtfm.com{$>$}, Eric},
year = {2018},
month = aug,
url = {https://tools.ietf.org/html/rfc8446},
urldate = {2020-08-25}
}
@inproceedings{reznichenkoAuctionsDonottrackCompliant2011,
title = {Auctions in Do-Not-Track Compliant Internet Advertising},
booktitle = {Proceedings of the 18th {{ACM}} Conference on {{Computer}} and Communications Security},