Misbinding Raw Public Keys to Identities in TLS

Mariam Moustafa; Mohit Sethi; Tuomas Aura

doi:10.1007/978-3-031-79007-2_4

Misbinding Raw Public Keys to Identities in TLS

Mariam Moustafa^*, Mohit Sethi, Tuomas Aura

^*Tämän työn vastaava kirjoittaja

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

Abstrakti

The adoption of security protocols such as Transport Layer Security (TLS) has significantly improved the state of traffic encryption and integrity protection on the Internet. Despite rigorous analysis, vulnerabilities continue to emerge, sometimes due to fundamental flaws in the protocol specification. This paper examines the security of TLS when using Raw Public Key (RPK) authentication. This mode has not been as extensively studied as X.509 certificates and Pre-Shared Keys (PSK). We develop a formal model of TLS RPK using applied pi calculus and the ProVerif verification tool, revealing that the RPK mode is susceptible to identity misbinding attacks. Our contributions include formal models of TLS RPK with several mechanisms for binding the endpoint identity to its public key, verification results, practical scenarios demonstrating the misbinding attack, and recommendations for mitigating such vulnerabilities. These findings highlight the need for improved security measures in TLS RPK.

Alkuperäiskieli	Englanti
Otsikko	Secure IT Systems - 29th Nordic Conference, NordSec 2024, Proceedings
Toimittajat	Leonardo Horn Iwaya, Liina Kamm, Leonardo Martucci, Tobias Pulls
Kustantaja	Springer
Sivut	62-79
Sivumäärä	18
ISBN (elektroninen)	978-3-031-79007-2
ISBN (painettu)	978-3-031-79006-5
DOI - pysyväislinkit	https://doi.org/10.1007/978-3-031-79007-2_4
Tila	Julkaistu - 28 tammik. 2025
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	Nordic Conference on Secure IT Systems - Karlstad, Ruotsi Kesto: 6 marrask. 2024 → 7 marrask. 2024 Konferenssinumero: 29

Julkaisusarja

Nimi	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Kustantaja	Springer
Vuosikerta	15396 LNCS
ISSN (painettu)	0302-9743
ISSN (elektroninen)	1611-3349

Conference

Conference	Nordic Conference on Secure IT Systems
Lyhennettä	NordSec
Maa/Alue	Ruotsi
Kaupunki	Karlstad
Ajanjakso	06/11/2024 → 07/11/2024

Pääsy asiakirjaan

10.1007/978-3-031-79007-2_4

https://arxiv.org/abs/2411.09770

Muut tiedostot ja linkit

Linkki julkaisuun Scopuksessa

Siteeraa tätä

Moustafa, M., Sethi, M., & Aura, T. (2025). Misbinding Raw Public Keys to Identities in TLS. teoksessa L. Horn Iwaya, L. Kamm, L. Martucci, & T. Pulls (Toimittajat), Secure IT Systems - 29th Nordic Conference, NordSec 2024, Proceedings (Sivut 62-79). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vuosikerta 15396 LNCS). Springer. https://doi.org/10.1007/978-3-031-79007-2_4

Moustafa, Mariam ; Sethi, Mohit ; Aura, Tuomas. / Misbinding Raw Public Keys to Identities in TLS. Secure IT Systems - 29th Nordic Conference, NordSec 2024, Proceedings. Toimittaja / Leonardo Horn Iwaya ; Liina Kamm ; Leonardo Martucci ; Tobias Pulls. Springer, 2025. Sivut 62-79 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{ff247799342947e9bd28e451250d10f6,

title = "Misbinding Raw Public Keys to Identities in TLS",

abstract = "The adoption of security protocols such as Transport Layer Security (TLS) has significantly improved the state of traffic encryption and integrity protection on the Internet. Despite rigorous analysis, vulnerabilities continue to emerge, sometimes due to fundamental flaws in the protocol specification. This paper examines the security of TLS when using Raw Public Key (RPK) authentication. This mode has not been as extensively studied as X.509 certificates and Pre-Shared Keys (PSK). We develop a formal model of TLS RPK using applied pi calculus and the ProVerif verification tool, revealing that the RPK mode is susceptible to identity misbinding attacks. Our contributions include formal models of TLS RPK with several mechanisms for binding the endpoint identity to its public key, verification results, practical scenarios demonstrating the misbinding attack, and recommendations for mitigating such vulnerabilities. These findings highlight the need for improved security measures in TLS RPK.",

keywords = "formal modeling, identity misbinding, raw public key, TLS",

author = "Mariam Moustafa and Mohit Sethi and Tuomas Aura",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; Nordic Conference on Secure IT Systems, NordSec ; Conference date: 06-11-2024 Through 07-11-2024",

year = "2025",

month = jan,

day = "28",

doi = "10.1007/978-3-031-79007-2_4",

language = "English",

isbn = "978-3-031-79006-5",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "62--79",

editor = "{Horn Iwaya}, Leonardo and Liina Kamm and Leonardo Martucci and Tobias Pulls",

booktitle = "Secure IT Systems - 29th Nordic Conference, NordSec 2024, Proceedings",

address = "Germany",

}

Moustafa, M , Sethi, M & Aura, T 2025, Misbinding Raw Public Keys to Identities in TLS. julkaisussa L Horn Iwaya, L Kamm, L Martucci & T Pulls (toim), Secure IT Systems - 29th Nordic Conference, NordSec 2024, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vuosikerta 15396 LNCS, Springer, Sivut 62-79, Nordic Conference on Secure IT Systems, Karlstad, Ruotsi, 06/11/2024. https://doi.org/10.1007/978-3-031-79007-2_4

Misbinding Raw Public Keys to Identities in TLS. / Moustafa, Mariam ; Sethi, Mohit ; Aura, Tuomas.
Secure IT Systems - 29th Nordic Conference, NordSec 2024, Proceedings. toim. / Leonardo Horn Iwaya; Liina Kamm; Leonardo Martucci; Tobias Pulls. Springer, 2025. s. 62-79 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vuosikerta 15396 LNCS).

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

TY - GEN

T1 - Misbinding Raw Public Keys to Identities in TLS

AU - Moustafa, Mariam

AU - Sethi, Mohit

AU - Aura, Tuomas

N1 - Conference code: 29

PY - 2025/1/28

Y1 - 2025/1/28

N2 - The adoption of security protocols such as Transport Layer Security (TLS) has significantly improved the state of traffic encryption and integrity protection on the Internet. Despite rigorous analysis, vulnerabilities continue to emerge, sometimes due to fundamental flaws in the protocol specification. This paper examines the security of TLS when using Raw Public Key (RPK) authentication. This mode has not been as extensively studied as X.509 certificates and Pre-Shared Keys (PSK). We develop a formal model of TLS RPK using applied pi calculus and the ProVerif verification tool, revealing that the RPK mode is susceptible to identity misbinding attacks. Our contributions include formal models of TLS RPK with several mechanisms for binding the endpoint identity to its public key, verification results, practical scenarios demonstrating the misbinding attack, and recommendations for mitigating such vulnerabilities. These findings highlight the need for improved security measures in TLS RPK.

AB - The adoption of security protocols such as Transport Layer Security (TLS) has significantly improved the state of traffic encryption and integrity protection on the Internet. Despite rigorous analysis, vulnerabilities continue to emerge, sometimes due to fundamental flaws in the protocol specification. This paper examines the security of TLS when using Raw Public Key (RPK) authentication. This mode has not been as extensively studied as X.509 certificates and Pre-Shared Keys (PSK). We develop a formal model of TLS RPK using applied pi calculus and the ProVerif verification tool, revealing that the RPK mode is susceptible to identity misbinding attacks. Our contributions include formal models of TLS RPK with several mechanisms for binding the endpoint identity to its public key, verification results, practical scenarios demonstrating the misbinding attack, and recommendations for mitigating such vulnerabilities. These findings highlight the need for improved security measures in TLS RPK.

KW - formal modeling

KW - identity misbinding

KW - raw public key

KW - TLS

UR - http://www.scopus.com/inward/record.url?scp=85218501960&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-79007-2_4

DO - 10.1007/978-3-031-79007-2_4

M3 - Conference article in proceedings

AN - SCOPUS:85218501960

SN - 978-3-031-79006-5

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 62

EP - 79

BT - Secure IT Systems - 29th Nordic Conference, NordSec 2024, Proceedings

A2 - Horn Iwaya, Leonardo

A2 - Kamm, Liina

A2 - Martucci, Leonardo

A2 - Pulls, Tobias

PB - Springer

T2 - Nordic Conference on Secure IT Systems

Y2 - 6 November 2024 through 7 November 2024

ER -

Moustafa M , Sethi M , Aura T. Misbinding Raw Public Keys to Identities in TLS. julkaisussa Horn Iwaya L, Kamm L, Martucci L, Pulls T, toimittajat, Secure IT Systems - 29th Nordic Conference, NordSec 2024, Proceedings. Springer. 2025. s. 62-79. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-79007-2_4