vtTLS: A Vulnerability-Tolerant Communication Protocol (short paper)

TitlevtTLS: A Vulnerability-Tolerant Communication Protocol (short paper)
Publication TypeConference Paper
Year of Publication2016
AuthorsJoaquim A, Pardal M, Correia M
Conference NameThe 15th IEEE International Symposium on Network Computing and Applications (NCA 2016)
Date PublishedCambridge, MA US
PublisherIEEE Computer Society
Conference LocationCambridge, MA USA
Accession Number16540799

We present VTTLS, a vulnerability-tolerant communication protocol. There are often concerns about the strength of some of the encryption mechanisms used in SSL/TLS channels, with some regarded as insecure at some point in time. VTTLS is our solution to mitigate the problem of secure communication channels being vulnerable to attacks due to unexpected vulnerabilities in encryption mechanisms. It is based on diversity and redundancy of cryptographic mechanisms and certificates to provide a secure communication channel even when one or more mechanisms are vulnerable. VTTLS relies on a combination of k cipher suites. Even if k-1 cipher suites are insecure or vulnerable, VTTLS relies on the remaining cipher suites to maintain the channel secure. We evaluated the performance of VTTLS by comparing it to an OpenSSL channel.