论文笔记| maTLS: How to Make TLS middlebox-aware?

2019-09-18 reading tls web

maTLS: How to Make TLS middlebox-aware?

  • Hyunwoo Lee, Zach Smith, Junghwan Lim†, Gyeongjae Choi, Selin Chun, Taejoong Chung, Ted “Taekyoung” Kwon

  • Network and Distributed Systems Security (NDSS) Symposium 2019

Current Solution

MITM:

  • Client: fake root certificate
  • Server: CDNs request server private keys.
=> Increased risks in MITM attack
=> How to work honestly?
    1. encryption-based
    2. TEE-based
    3. TLS extension-based

SplitTLS:

  • authentication: client can not authenticate the intend server
  • Confidentiality: weak ciphersuite
  • Integrity:Not behaved Middlebox

maTLS:

  1. authenticate all middleboxes
  2. audit all middleboxes
  3. security parameter verification
  4. valid modification checks

Middlebox transparency (MT): MT system targets middlebox certificates, it logs certificates, which can be publicly mon- itored and audited by any interested parties.

/images/3.png

How to do

An extension in middlebox' X509 Certificates indicates the access of this middlebox.

/images/5.png

本人保留对侵权者及其全家发动因果律武器的权利

版权提醒

如无特殊申明,本站所有文章均是本人原创。转载请务必附上原文链接:https://www.elliot98.top/post/lab/ndss2019-matls/

如有其它需要,请邮件联系!版权所有,违者必究!