LURK: Server-Controlled TLS Delegation [article]

Ioana Boureanu, Daniel Migault, Stere Preda, Hyame Assem Alamedine, Sanjay Mishra, Frederic Fieau, Mohammad Mannan
2020 IACR Cryptology ePrint Archive  
By design, TLS (Transport Layer Security) is a 2-party, endto-end protocol. Yet, in practice, TLS delegation is often deployed: that is, middlebox proxies inspect and even modify TLS traffic between the endpoints. Recently, industry-leaders (e.g., Akamai, Cloudflare, Telefonica, Ericcson), standardization bodies (e.g., IETF, ETSI), and academic researchers have proposed numerous ways of achieving safer TLS delegation. We present LURK the LURK (Limited Use of Remote Keys) extension for TLS 1.2,
more » ... suite of designs for TLS delegation, where the TLS-server is aware of the middlebox. We implement and test LURK . We also cryptographically prove and formally verify, in Proverif, the security of LURK . Finally, we comprehensively analyze how our designs balance (provable) security and competitive performance. 6 Since TLS 1.2 RSA mode does not ensure forward secrecy, placing a mediating party in between the client and the server can lead to replay attacks. This was shown for Keyless SSL TLS 1.2 in RSA mode, and a repair was proposed via the 3(S)ACCE-K-SSL design [5]; our replay-prevention mechanism differs from this design.
dblp:journals/iacr/BoureanuMPAMFM20 fatcat:dglpuwpyvvc6xjo4xvsnuyblri