# Inductive Analysis of the Internet Protocol TLS

**Authors:** Lawrence C. Paulson

arXiv: 1907.07559 · 2019-07-18

## TL;DR

This paper presents an inductive, formal analysis of the TLS protocol using Isabelle, demonstrating its security properties and complexity despite its intricate design.

## Contribution

It provides the first formal, inductive proof of TLS security properties, highlighting the protocol's robustness and verifying its security with modest resources.

## Key findings

- All security goals can be proved
- Session resumption remains secure with compromised old keys
- Verification required six man-weeks and three minutes of processing

## Abstract

Internet browsers use security protocols to protect sensitive messages. An inductive analysis of TLS (a descendant of SSL 3.0) has been performed using the theorem prover Isabelle. Proofs are based on higher-order logic and make no assumptions concerning beliefs or finiteness. All the obvious security goals can be proved; session resumption appears to be secure even if old session keys have been compromised. The proofs suggest minor changes to simplify the analysis. TLS, even at an abstract level, is much more complicated than most protocols that researchers have verified. Session keys are negotiated rather than distributed, and the protocol has many optional parts. Nevertheless, the resources needed to verify TLS are modest: six man-weeks of effort and three minutes of processor time.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1907.07559/full.md

## Figures

7 figures with captions in the complete paper: https://tomesphere.com/paper/1907.07559/full.md

## References

12 references — full list in the complete paper: https://tomesphere.com/paper/1907.07559/full.md

---
Source: https://tomesphere.com/paper/1907.07559