By design, TLS (Transport Layer Security) is a 2-party, end-to-end protocol. Yet, in practice, TLS delegation is often deployed: that is, middlebox proxies inspect and even modify TLS traffic between the endpoints. Recently, industry-leaders (for example, Akamai, Cloudflare, Telefonica, Ericsson), standardization bodies (for example, IETF, ETSI), and academic researchers have proposed numerous ways of achieving safer TLS delegation. We present the LURK (Limited Use of Remote Keys) extension for TLS 1.2, a suite of designs for TLS delegation, where the TLS-server is aware of the middlebox. We implement and test LURK. We also cryptographically prove and formally verify, in Proverif, the security of LURK. Finally, we comprehensively analyze how our designs balance (provable) security and competitive performance.
Full abstract in IEEE Xplore, DOI:10.1109/TrustCom50675.2020.00036
Authors:
Ioana Boureanu – University of Surrey
Daniel Migault, Stere Preda, Hyame Assem Alameddine – Ericsson Research
Sanjay Mishra – Verizon
Frederic Fieau – Orange
Mohammad Mannan – Concordia University
Presented at the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020, Guangzhou, China, December 29, 2020 - January 1, 2021.
© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse.