TY - GEN
T1 - Inspecting TLS Anytime Anywhere
T2 - 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
AU - Baek, Joonsang
AU - Kim, Jongkil
AU - Susilo, Willy
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/10/5
Y1 - 2020/10/5
N2 - Transport Layer Security (TLS) is one of the most widely-used security protocols for the modern internet. However, TLS does not differentiate regular users from threat actors who want to evade detection through the privacy provided by TLS. For this reason, organizations have been increasingly interested in middlebox technology whereby encrypted TLS traffic can be filtered and inspected. So far, the majority of middleboxes utilizes the "TLS interception proxy"technique in which a middlebox acts as a proxy to intercept the TLS traffic between the user and the server. However, this approach has the problem of forcing the user to accept the proxy's certificate. It also has a performance issue as the proxy needs to decrypt and re-encrypt the traffic. In this paper, we make a new approach to TLS inspection. Our solution, which we call "IA2-TLS (Inspecting TLS Anytime Anywhere)", is based on the idea of securely binding the middlebox's "inspection key"with the random nonces used in the TLS protocol. Since IA2-TLS does not employ the TLS interception proxy technique, it does not have the problem of the proxy certificate management and performance degradation. Inspection through IA2-TLS is not confined to a specific location and can be provided at any areas along the path of the network. Moreover, the inspection can be performed in real time or non-real time, depending on the user's preference or network circumstances. We provide formal security analysis that the master-secret of the IA2-TLS protocol remains secure if the inspection key is kept secret. We also present our implementation of IA2-TLS, which shows the feasibility of our approach.
AB - Transport Layer Security (TLS) is one of the most widely-used security protocols for the modern internet. However, TLS does not differentiate regular users from threat actors who want to evade detection through the privacy provided by TLS. For this reason, organizations have been increasingly interested in middlebox technology whereby encrypted TLS traffic can be filtered and inspected. So far, the majority of middleboxes utilizes the "TLS interception proxy"technique in which a middlebox acts as a proxy to intercept the TLS traffic between the user and the server. However, this approach has the problem of forcing the user to accept the proxy's certificate. It also has a performance issue as the proxy needs to decrypt and re-encrypt the traffic. In this paper, we make a new approach to TLS inspection. Our solution, which we call "IA2-TLS (Inspecting TLS Anytime Anywhere)", is based on the idea of securely binding the middlebox's "inspection key"with the random nonces used in the TLS protocol. Since IA2-TLS does not employ the TLS interception proxy technique, it does not have the problem of the proxy certificate management and performance degradation. Inspection through IA2-TLS is not confined to a specific location and can be provided at any areas along the path of the network. Moreover, the inspection can be performed in real time or non-real time, depending on the user's preference or network circumstances. We provide formal security analysis that the master-secret of the IA2-TLS protocol remains secure if the inspection key is kept secret. We also present our implementation of IA2-TLS, which shows the feasibility of our approach.
KW - tls
KW - tls/ssl inspection
UR - http://www.scopus.com/inward/record.url?scp=85096391509&partnerID=8YFLogxK
U2 - 10.1145/3320269.3372199
DO - 10.1145/3320269.3372199
M3 - Conference contribution
AN - SCOPUS:85096391509
T3 - Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
SP - 116
EP - 126
BT - Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
PB - Association for Computing Machinery, Inc
Y2 - 5 October 2020 through 9 October 2020
ER -