University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Content Delivery over TLS: A Cryptographic Analysis of Keyless SSL

Bhargavan, K, Boureanu, Ioana, Fouque, P-A, Onete, C and Richard, B (2017) Content Delivery over TLS: A Cryptographic Analysis of Keyless SSL In: 2nd IEEE European Symposium on Security and Privacy, 2017-04-26 - 2017-04-28, Paris, France.

[img]
Preview
Text
mainKeyless.pdf - Accepted version Manuscript
Available under License : See the attached licence file.

Download (760kB) | Preview
[img]
Preview
PDF (licence)
SRI_deposit_agreement.pdf
Available under License : See the attached licence file.

Download (33kB) | Preview

Abstract

The Transport Layer Security (TLS) protocol is designed to allow two parties, a client and a server, to communicate securely over an insecure network. However, when TLS connections are proxied through an intermediate middlebox, like a Content Delivery Network (CDN), the standard endto- end security guarantees of the protocol no longer apply. In this paper, we investigate the security guarantees provided by Keyless SSL, a CDN architecture currently deployed by CloudFlare that composes two TLS 1.2 handshakes to obtain a proxied TLS connection. We demonstrate new attacks that show that Keyless SSL does not meet its intended security goals. These attacks have been reported to CloudFlare and we are in the process of discussing fixes. We argue that proxied TLS handshakes require a new, stronger, 3-party security definition. We present 3(S)ACCEsecurity, a generalization of the 2-party ACCE security definition that has been used in several previous proofs for TLS. We modify Keyless SSL and prove that our modifications guarantee 3(S)ACCE-security, assuming ACCE-security for the individual TLS 1.2 connections. We also propose a new design for Keyless TLS 1.3 and prove that it achieves 3(S)ACCEsecurity, assuming that the TLS 1.3 handshake implements an authenticated 2-party key exchange. Notably, we show that secure proxying in Keyless TLS 1.3 is computationally lighter and requires simpler assumptions on the certificate infrastructure than our proposed fix for Keyless SSL. Our results indicate that proxied TLS architectures, as currently used by a number of CDNs, may be vulnerable to subtle attacks and deserve close attention.

Item Type: Conference or Workshop Item (Conference Paper)
Subjects : Computer Science
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
NameEmailORCID
Bhargavan, KUNSPECIFIEDUNSPECIFIED
Boureanu, Ioanai.boureanu@surrey.ac.ukUNSPECIFIED
Fouque, P-AUNSPECIFIEDUNSPECIFIED
Onete, CUNSPECIFIEDUNSPECIFIED
Richard, BUNSPECIFIEDUNSPECIFIED
Date : 2017
Copyright Disclaimer : © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Contributors :
ContributionNameEmailORCID
UNSPECIFIEDIEEE, UNSPECIFIEDUNSPECIFIED
Related URLs :
Depositing User : Symplectic Elements
Date Deposited : 28 Feb 2017 14:06
Last Modified : 19 Jul 2017 11:22
URI: http://epubs.surrey.ac.uk/id/eprint/813643

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800