International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Security Notions for Bidirectional Channels

Giorgia Azzurra Marson , Ruhr University Bochum
Bertram Poettering , Ruhr University Bochum
DOI: 10.13154/tosc.v2017.i1.405-426
Search ePrint
Search Google
Abstract: This paper closes a definitional gap in the context of modeling cryptographic two-party channels. We note that, while most security models for channels consider exclusively unidirectional communication, real-world protocols like TLS and SSH are rather used for bidirectional interaction. The motivational question behind this paper is: Can analyses conducted with the unidirectional setting in mind—including the current ones for TLS and SSH—also vouch for security in the case of bidirectional channel usage? And, in the first place, what does security in the bidirectional setting actually mean? After developing confidentiality and integrity notions for bidirectional channels, we analyze a standard way of combining two unidirectional channels to realize one bidirectional channel. Although it turns out that this construction is, in general, not as secure as commonly believed, we confirm that for many practical schemes security is provided also in the bidirectional sense.
  title={Security Notions for Bidirectional Channels},
  journal={IACR Trans. Symmetric Cryptol.},
  publisher={Ruhr-Universität Bochum},
  volume={2017, Issue 1},
  author={Giorgia Azzurra Marson and Bertram Poettering},