Inspecting TLS Anytime Anywhere: A New Approach to TLS Interception

Joonsang Baek, Jongkil Kim, Willy Susilo

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Transport Layer Security (TLS) is one of the most widely-used security protocols for the modern internet. However, TLS does not differentiate regular users from threat actors who want to evade detection through the privacy provided by TLS. For this reason, organizations have been increasingly interested in middlebox technology whereby encrypted TLS traffic can be filtered and inspected. So far, the majority of middleboxes utilizes the "TLS interception proxy"technique in which a middlebox acts as a proxy to intercept the TLS traffic between the user and the server. However, this approach has the problem of forcing the user to accept the proxy's certificate. It also has a performance issue as the proxy needs to decrypt and re-encrypt the traffic. In this paper, we make a new approach to TLS inspection. Our solution, which we call "IA2-TLS (Inspecting TLS Anytime Anywhere)", is based on the idea of securely binding the middlebox's "inspection key"with the random nonces used in the TLS protocol. Since IA2-TLS does not employ the TLS interception proxy technique, it does not have the problem of the proxy certificate management and performance degradation. Inspection through IA2-TLS is not confined to a specific location and can be provided at any areas along the path of the network. Moreover, the inspection can be performed in real time or non-real time, depending on the user's preference or network circumstances. We provide formal security analysis that the master-secret of the IA2-TLS protocol remains secure if the inspection key is kept secret. We also present our implementation of IA2-TLS, which shows the feasibility of our approach.

Original languageEnglish
Title of host publicationProceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
PublisherAssociation for Computing Machinery, Inc
Pages116-126
Number of pages11
ISBN (Electronic)9781450367509
DOIs
StatePublished - 5 Oct 2020
Event15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 - Virtual, Online, Taiwan, Province of China
Duration: 5 Oct 20209 Oct 2020

Publication series

NameProceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020

Conference

Conference15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
Country/TerritoryTaiwan, Province of China
CityVirtual, Online
Period5/10/209/10/20

Bibliographical note

Publisher Copyright:
© 2020 ACM.

Keywords

  • tls
  • tls/ssl inspection

Fingerprint

Dive into the research topics of 'Inspecting TLS Anytime Anywhere: A New Approach to TLS Interception'. Together they form a unique fingerprint.

Cite this