Attacks on even the latest version (version 1.2) of Transport Layer Security (TLS) have had considerable press recently with the publication of
the DROWN attack which uses the legacy SSL v2 as the attack vector. Proof that mistakes of the past can haunt the present. So, as discussion at the
Internet Engineering Task Force (IETF) group
working on TLS 1.3 continue a
very timely paper has emerged adding some very important technical detail on the issue of "key update" in the
draft specification.
The
paper from researchers at Royal Holloway demonstrates the necessity for key update. The paper using the
Galois Counter Mode (GCM) of the Advanced Encryption Standard (AES)
(implemented by a whole range of organisations) to show that the more data that is transmitted using a given key the higher the probability of a successful attack on the confidentiality afforded by AES-CGM.
