An Analysis of the Transport Layer Security Protocol

Thyla van der Merwe

Research output: ThesisDoctoral Thesis

1565 Downloads (Pure)


The Transport Layer Security (TLS) protocol is the de facto means for securing communications on the World Wide Web. Originally developed by Netscape Communications, the protocol came under the auspices of the Internet Engineering Task Force (IETF) in the mid 1990s and today serves millions, if not billions, of users on a daily basis. The ubiquitous nature of the protocol has, especially in recent years, made the protocol an attractive target for security researchers. Since the release of TLS 1.2 in 2008, the protocol has suffered many high-profile, and increasingly practical, attacks. Coupled with pressure to improve the protocol's efficiency, this deluge of identified weaknesses prompted the IETF to develop a new version of the protocol, namely TLS 1.3.

In the development of the new version of the protocol, the IETF TLS Working Group has adopted an ``analysis-prior-to-deployment" design philosophy. This is in sharp contrast to all previous versions of the protocol. We present an account of the TLS standardisation narrative, commenting on the differences between the reactive development process for TLS 1.2 and below, and the more proactive design process for TLS 1.3. As part of this account, we present work that falls on both sides of this design transition. We contribute to the large body of work highlighting weaknesses in TLS 1.2 and below by presenting two classes of attacks against the RC4 stream cipher when used in TLS. Our attacks exploit statistical biases in the RC4 keystream to recover TLS-protected user passwords and cookies. Next we present a symbolic analysis of the TLS 1.3 draft specification, using the Tamarin prover, to show that TLS 1.3 meets the desired goals of authenticated key exchange, thus contributing to a concerted effort by the TLS community to ensure the protocol's robustness prior to its official release.
Original languageEnglish
Awarding Institution
  • Royal Holloway, University of London
  • Paterson, Kenneth, Supervisor
Thesis sponsors
Award date1 Jun 2018
Publication statusUnpublished - 2018


  • Cyber Security
  • Transport Layer Security
  • Thyla van der Merwe

Cite this