Efficient Forward Secrecy for TLS-PSK from Pure Symmetric Cryptography

Transport layer security (TLS) is by far the most important protocol on the Internet for establishing secure session keys and providing authentication and secure communications. In various environments, the TLS pre-shared key cipher suite (TLS-PSK) is an attractive option for remote authentication, for example, between servers and constrained clients like smart cards, in mobile phone authentication, EMV-based payment, or authentication via electronic ID cards. However, without (EC)DHE, plain TLS-PSK does not have essential security features such as forward secrecy due to its fully symmetric keys and key schedule. In this work, we propose highly efficient methods for enhancing the security of plain TLS-PSK. First, we extend the key evolving scheme (KES) notion, which enables the construction of pure symmetric key based AKE protocols with perfect forward secrecy (PFS), and our construction of KES does not depend on any asymmetric cryptographic primitives. Moreover, we design mechanisms to re-synchronize PSKs of two communication parties with logarithmic complexity, whereas the existing protocols only tolerate +/- 1 de-synchronization, or have linear complexity for re-synchronization. In addition, we show that our protocol is highly efficient, both asymptotically and practically, by comparing it with existing TLS-PSK in performance with identical security parameters. Finally, we show that our generic KES construction can be perfectly integrated into all (fully symmetric) TLS-PSK with minimum modification of the original protocol itself.