Volume 31 Issue 2
Mar.  2022
Turn off MathJax
Article Contents
ZHANG Xinglong, CHENG Qingfeng, LI Yuting. LaTLS: A Lattice-Based TLS Proxy Protocol[J]. Chinese Journal of Electronics, 2022, 31(2): 313-321. doi: 10.1049/cje.2018.00.357
Citation: ZHANG Xinglong, CHENG Qingfeng, LI Yuting. LaTLS: A Lattice-Based TLS Proxy Protocol[J]. Chinese Journal of Electronics, 2022, 31(2): 313-321. doi: 10.1049/cje.2018.00.357

LaTLS: A Lattice-Based TLS Proxy Protocol

doi: 10.1049/cje.2018.00.357
Funds:  This work was supported by the National Natural Science Foundation of China (61872449).
More Information
  • Author Bio:

    was born in Chuzhou, China. He is a graduate student in the State Key Laboratory of Mathematical Engineering and Advanced Computing. His main research interests include network protocol and cyber security. (Email: solace007@sina.cn)

    (corresponding author) received the M.S. degree in mathematics from National University of Defense Technology, Changsha, China in 2004 and Ph.D. degree in mathematics from Information Engineering University, Zhengzhou, China in 2011. He is currently an Associate Professor with the State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, China. His research interests include cryptography and information security. (Email: qingfengc2008@sina.com)

    was born in Zhengzhou, China. She is a graduate student in the State Key Laboratory of Mathematical Engineering and Advanced Computing. Her main research interests include network protocol and cyber security. (Email: 1006150850@qq.com)

  • Received Date: 2018-10-31
  • Accepted Date: 2021-09-29
  • Available Online: 2021-11-30
  • Publish Date: 2022-03-05
  • The function of the Internet proxy is to check and convert the data exchanged between client and server. In fact, the two-party secure communication protocol with good security is turned into an unsafe multiparty protocol. At present, there are relatively few proxy protocols that can be applied in practice. This paper analyzes the classic agent protocol mcTLS and pointed out the security issues. We focus on the security of TLS 1.3 and proposed a lattice-based multi-party proxy protocol: LaTLS. LaTLS can be proved secure in the eCK model, it can resist key-sharing attacks, counterfeiting attacks, replay attacks, and achieve forward security. Compared with traditional DH and ECDH schemes, LaTLS is more effcient. Its security is based on the shortest vector problem, therefor it has anti-quantum attack properties.
  • loading
  • [1]
    Xu X., Jiang Y., Flach T., et al., “Investigating transparent web proxies in cellular networks,” in Proc. of International Conference on Passive and Active Network Measurement, pp.262–276, 2015.
    [2]
    RFC2246:1999, The TLS Protocol Version 1.0, proposed standard.
    [3]
    R. Peon, “Explicit proxies for HTTP/2.0. Internet-Draft draftrpeon-httpbis-exproxy-00,” available at: https://datatracker.ietf.org/doc/draft-rpeon-httpbis-exproxy, 2012.
    [4]
    Loreto S, Mattsson J, Skog R, et al., “Explicit trusted proxy in HTTP/2.0. InternetDraft draft-loreto-httpbis-trusted-proxy20-01,” available at: https://datatracker.ietf.org/doc/draft-loreto-httpbis-trusted-proxy20, 2014.
    [5]
    Gero C E, Shapiro J N, and Burd D J, “Providing forward secrecy in a terminating SSL/TLS connection proxy using ephemeral Diffie-Hellman key exchange,” Patent, 9531685, USA, 2016-12-27.
    [6]
    Waked L, Mannan M, and Youssef A, “To intercept or not to intercept: Analyzing TLS interception in network appliances,” in Proc. of the 2018 Asia Conference on Computer and Communications Security, Incheon Republic of Korea, pp.399–412, 2018.
    [7]
    Naylor D, Schomp K, Varvello M, et al., “Multi-context TLS(mcTLS): Enabling secure in-network functionality in TLS,” in Proc. of ACM SIGCOMM 2015, London, UK, pp.199–212, 2015.
    [8]
    Bhargavan K, Boureanu I, Delignat-Lavaud A, et al., “A formal treatment of accountable proxying over TLS,” in Proc. of 2018 IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp.799–816, 2018.
    [9]
    Chen M, “Strongly secure and anonymous two-party authenticated key agreement for mobile roaming service,” Acta Electronica Sinica, vol.47, no.1, pp.16–24, 2019. (in Chinese)
    [10]
    Diffe W and Hellman M, “New directions in cryptography,” IEEE Transactions on Information Theory, vol.22, no.6, pp.644–654, 1976. doi: 10.1109/TIT.1976.1055638
    [11]
    Shor P W, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIAM Review, vol.41, no.2, pp.303–332, 1999. doi: 10.1137/S0036144598347011
    [12]
    Peikert C, “Lattice cryptography for the internet,” in Proc. of International Workshop on Post-Quantum Cryptography, Waterloo, ON, Canada, pp.197–219, 2014.
    [13]
    Regev O, “On lattices, learning with errors, random linear codes, and Cryptography,” Journal of the ACM(JACM), vol.56, no.6, article no.34, 2009.
    [14]
    Langlois A, Ling S, Nguyen K, et al., “Lattice-based group signature scheme with verifier-local revocation,” in Proc. of International Workshop on Public Key Cryptography, Buenos Aires, Argentina, pp.345–361, 2014.
    [15]
    Ling S, Nguyen K, and Wang H., “Group signatures from lattices: Simpler, tighter, shorter, ring-based,” in Proc. of IACR International Workshop on Public Key Cryptography, Gaithersburg, MD, USA, pp.427–449, 2015.
    [16]
    Hongfei Z, Yu’an T, Xiao Y, et al., “An identity-based proxy signature on NTRU lattice,” Chinese Journal of Electronics, vol.27, no.2, pp.297–303, 2018. doi: 10.1049/cje.2017.09.008
    [17]
    Jia XIE, Yupu HU, Juntao GAO, et al., “Certificateless sequential aggregate signature scheme on NTRU lattice,” Chinese Journal of Electronics, vol.28, no.2, pp.294–300, 2019. doi: 10.1049/cje.2019.01.019
    [18]
    Zhichao Y, Duong D H, Susilo W, et al., “An effcient post-quantum identity based signature,” Chinese Journal of Electronics, vol.30, no.2, pp.238–248, 2021. doi: 10.1049/cje.2021.01.006
    [19]
    Koo N H, Jo G H, Go B H, et al., “An NTRU-based key agreement scheme for wireless sensor networks,” The Journal of Korean Institute of Communications and Information Sciences, vol.35, no.5c, pp.445–453, 2010.
    [20]
    Yatao Y, Yaze Z, Zichen L, et al., “RAKA: New authenticated key agreement protocol based on ring-LWE,” Journal of Computer Research and Development, vol.54, no.10, pp.2187–2192, 2017.
    [21]
    Caifen W and Li C, “Three-party password authenticated key agreement protocol with user anonymity based on lattice,” Journal on Communications, vol.39, no.2, article no.21, 2018.
    [22]
    Li Z, Zhang Y, and Zhang F, “New design of authenticated key agreement protocol based on NTRU,” Application Research of Computers, vol.48, no.2, pp.532–535, 2018.
    [23]
    Hoffstein J, Pipher J, and Silverman J H, “NTRU: A ring-based public key cryptosystem,” in Proc. of the Third Int. Symp. on Algorithmic Number Theory, pp.267–288, 1998.
    [24]
    E. Rescorla, “The transport layer security (TLS) protocol version 1.3-draft-ietf-tls-tls13-21,” available at: https://tools.ietf.org/html/draft-ietf-tls-tls13-21, 2017.
    [25]
    Saltzer J H, Reed D P, and Clark D D, “End-to-end arguments in system design,” ACM Transactions on Computer Systems, vol.2, no.4, pp.277–288, 1984. doi: 10.1145/357401.357402
    [26]
    Douglas Stebila and Nick Sullivan, “An analysis of TLS handshake proxying,” in Proc. of TrustCom 2015, Helsinki, Finland, pp.279–286, 2015.
    [27]
    Hu Yupu, “A novel NTRU-Class digital signature scheme,” Chinese Journal of Computers, vol.31, no.9, pp.1661–1666, 2008.
    [28]
    LaMacchia B, Lauter K and Mityagin A, “Stronger security of authenticated key exchange,” in Proc. of Int. Conf. on Provable Security, Wollongong, NSW, Australia, pp.1–16, 2007.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(4)  / Tables(1)

    Article Metrics

    Article views (156) PDF downloads(16) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return