maTLS: How to Make TLS middlebox-aware?

Middleboxes are widely deployed in order to enhance security and performance in networking. As communication over TLS becomes increasingly common, however, the end-to-end channel model of TLS undermines the efficacy of middleboxes. Existing solutions, such as ‘SplitTLS’, which intercepts TLS sessions, often introduce significant security risks by installing a custom root certificate or sharing a private key. Many studies have confirmed security vulnerabilities when combining TLS with middleboxes, which include certificate validation failures, use of obsolete ciphersuites, and unwanted content modification. To address the above issues, we introduce a middlebox-aware TLS protocol, dubbed maTLS, which allows middleboxes to participate in the TLS session in a visible and auditable fashion. Every participating middlebox now splits a session into two segments with their own security parameters in collaboration with the two endpoints. The maTLS protocol is designed to authenticate the middleboxes to verify the security parameters of segments, and to audit the middleboxes’ write operations. Thus, security of the session is ensured. We prove the security model of maTLS by using Tamarin, a state-of-theart security verification tool. We also carry out testbed-based experiments to show that maTLS achieves the above security goals with marginal overhead.

[1]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[2]  Mark Nottingham Problems with Proxies in HTTP , 2014 .

[3]  Taejoong Chung,et al.  Tunneling for Transparency: A Large-Scale Analysis of End-to-End Violations in the Internet , 2016, Internet Measurement Conference.

[4]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[5]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[6]  Jeff Jarmoc,et al.  SSL/TLS Interception Proxies and Transitive Trust , 2012 .

[7]  Sylvia Ratnasamy,et al.  SafeBricks: Shielding Network Functions in the Cloud , 2018, NSDI.

[8]  Zhi Liu,et al.  Embark: Securely Outsourcing Middleboxes to the Cloud , 2016, NSDI.

[9]  Pablo Rodriguez,et al.  Multi-Context TLS (mcTLS): Enabling Secure In-Network Functionality in TLS , 2015, Comput. Commun. Rev..

[10]  Daniel Zappala,et al.  TLS Proxies: Friend or Foe? , 2014, Internet Measurement Conference.

[11]  Sotiris Ioannidis,et al.  A Large-scale Analysis of Content Modification by Open HTTP Proxies , 2018, NDSS.

[12]  Sylvia Ratnasamy,et al.  BlindBox: Deep Packet Inspection over Encrypted Traffic , 2015, SIGCOMM.

[13]  Mohammad Mannan,et al.  Killed by Proxy: Analyzing Client-end TLS Interce , 2016, NDSS.

[14]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[15]  Dan Wing,et al.  TLS Proxy Server Extension , 2012 .

[16]  Dongsu Han,et al.  SGX-Box: Enabling Visibility on Encrypted Traffic using a Secure Middlebox Module , 2017, APNet.

[17]  Yan Grunenberger,et al.  The Cost of the "S" in HTTPS , 2014, CoNEXT.

[18]  Paul E. Hoffman,et al.  The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA , 2012, RFC.

[19]  Christos Gkantsidis,et al.  And Then There Were More: Secure Communication for More Than Two Parties , 2017, CoNEXT.

[20]  X Itu,et al.  Information technology-open systems interconnection-the directory: Public-key and attribute certific , 2000 .

[21]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[22]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[23]  Adrienne Porter Felt,et al.  Measuring HTTPS Adoption on the Web , 2017, USENIX Security Symposium.

[24]  David A. Basin,et al.  The TAMARIN Prover for the Symbolic Analysis of Security Protocols , 2013, CAV.

[25]  Eric Rescorla,et al.  HTTP Over TLS , 2000, RFC.

[26]  Adam Langley,et al.  Certificate Transparency , 2014, RFC.

[27]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[28]  Nick Sullivan,et al.  The Security Impact of HTTPS Interception , 2017, NDSS.

[29]  Andrei Popov,et al.  Prohibiting RC4 Cipher Suites , 2015, RFC.

[30]  Amr M. Youssef,et al.  To Intercept or Not to Intercept: Analyzing TLS Interception in Network Appliances , 2018, AsiaCCS.

[31]  Vidya Narayanan Explicit Proxying in HTTP - Problem Statement And Goals , 2013 .

[32]  Salvatore Loreto,et al.  Explicit Trusted Proxy in HTTP/2.0 , 2014 .

[33]  Matthew Green,et al.  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[34]  Alfredo Pironti,et al.  A Messy State of the Union: Taming the Composite State Machines of TLS , 2015, 2015 IEEE Symposium on Security and Privacy.

[35]  Collin Jackson,et al.  Analyzing Forged SSL Certificates in the Wild , 2014, 2014 IEEE Symposium on Security and Privacy.

[36]  Bruce M. Maggs,et al.  Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem , 2016, CCS.

[37]  Christof Fetzer,et al.  ShieldBox: Secure Middleboxes using Shielded Execution , 2018, SOSR.