A Formal Treatment of Accountable Proxying Over TLS
Tools
Tools
Tools
Bhargavan, Karthikeyan, Boureanu, Ioana, Delignat-Lavaud, Antoine, Fouque, Pierre-Alain and Onete, Cristina (2018) A Formal Treatment of Accountable Proxying Over TLS In: 2018 IEEE Symposium on Security and Privacy (SP), 20-24 May 2018, San Francisco, California, USA.
Full text not available from this repository.
Official URL: https://doi.org/10.1109/SP.2018.00021
Abstract
Much of Internet traffic nowadays passes through active proxies, whose role is to inspect, filter, cache, or transform data exchanged between two endpoints. To perform their tasks, such proxies modify channel-securing protocols, like TLS, resulting in serious vulnerabilities. Such problems are exacerbated by the fact that middleboxes are often invisible to one or both endpoints, leading to a lack of accountability. A recent protocol, called mcTLS, pioneered accountability for proxies, which are authorized by the endpoints and given limited read/write permissions to application traffic. Unfortunately, we show that mcTLS is insecure: the protocol modifies the TLS protocol, exposing it to a new class of middlebox-confusion attacks. Such attacks went unnoticed mainly because mcTLS lacked a formal analysis and security proofs. Hence, our second contribution is to formalize the goal of accountable proxying over secure channels. Third, we propose a provably-secure alternative to soon-to-be-standardized mcTLS: a generic and modular protocol-design that care- fully composes generic secure channel-establishment protocols, which we prove secure. Finally, we present a proof-of-concept implementation of our design, instantiated with unmodified TLS 1.3, and evaluate its overheads.
| Item Type: | Conference or Workshop Item (Conference Paper) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Divisions : | Faculty of Engineering and Physical Sciences > Computing Science | ||||||||||||||||||
| Authors : |
|
||||||||||||||||||
| Date : | 26 July 2018 | ||||||||||||||||||
| DOI : | 10.1109/SP.2018.00021 | ||||||||||||||||||
| Uncontrolled Keywords : | mcTLS; TLS 1.3; Provable security; Servers; Middleboxes; Protocols; Cloud computing; Browsers; Public key | ||||||||||||||||||
| Depositing User : | Clive Harris | ||||||||||||||||||
| Date Deposited : | 22 Feb 2019 08:17 | ||||||||||||||||||
| Last Modified : | 22 Feb 2019 08:17 | ||||||||||||||||||
| URI: | http://epubs.surrey.ac.uk/id/eprint/850546 |
Actions (login required)
 |
View Item |
Downloads
Downloads per month over past year