ARTICLE | doi:10.20944/preprints202102.0102.v1
Subject: Mathematics & Computer Science, Algebra & Number Theory Keywords: Transport Layer Security; Handshake; Session resumption; Paired token; Stateless; One-time authenticated session resumption; Privacy; Untraceability
Online: 3 February 2021 (09:53:50 CET)
Transport Layer Security (TLS) is a cryptographic protocol that provides communications security between two peers and it is widely used in many applications. To reduce the latency in TLS handshake session resumption using pre-shared key (PSK) had been used. But current methods in PSK mode handshake uses a fixed session key multiple times for the lifetime of session ticket. Reuse of fixed session key should be very careful in the point of communications security. It is vulnerable to replay attacks and there is a possibility of tracking users. Paired token (PT) is a new secondary credential scheme that provides pre-shared key in stateless way in client-server environment. Server issues paired token (public token and secret token) to authenticated client. Public token represents signed identity of client and secret token is a kind of shared secret between client and server. Once client is equipped with PT, it can be used for many symmetric key based cryptographic applications such as authentication, authorization, key establishment, etc. It was also shown that it can be used for one-time authenticated key establishment using the time-based one-time password (TOTP) approach. In this paper we apply the PT and TOTP approach to TLS to achieve stateless one-time authenticated session resumption. Server executes full handshake of TLS 1.3 and issues PT to authenticated client. Then client and server can execute one-time authenticated session resumption using PT in stateless way in server side. In every runs of session resumption distinct session keys are established that the same PT can be used safely for longer lifetime. If anonymous PT is used with renewal issuing, user privacy, untraceability and forward security can be achieved easily. It will provide a huge performance gain in large-scale distributed services.