Downgrade Resilience in Key-Exchange Protocols

Explore downgrade resilience in key-exchange protocols through this 20-minute IEEE conference talk presented at the 2016 IEEE Symposium on Security & Privacy. Delve into the challenges of configurable protocols like TLS, SSH, IPsec, and ZRTP, and learn how to support configurability while ensuring the negotiation of preferred modes. Examine the causes of downgrade attacks, survey existing standards' downgrade resilience, and understand the concept of downgrade security. Discover design patterns that guarantee downgrade security and how they can be applied to strengthen existing protocols, including the draft of TLS 1.3. Gain insights into transcript authentication, downgrade-secure configurations, and protocol execution models for analyzing complex real-world protocols.

Intro
Downgrade as an everyday phenomen
Negotiation
Transcript authentication vs. Downgrades
Downgrade secure configurations
Protocol execution model
Reducing complex real-world protocol analysis
Downgrade security of TLS 1.3
Downgrade Resilience in key Exchange