Content delivery over TLS: a cryptographic analysis of keyless SSL - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Document Associé À Des Manifestations Scientifiques Année : 2017

Content delivery over TLS: a cryptographic analysis of keyless SSL

Résumé

—The Transport Layer Security (TLS) protocol is designed to allow two parties, a client and a server, to communicate securely over an insecure network. However, when TLS connections are proxied through an intermediate middlebox, like a Content Delivery Network (CDN), the standard end-to-end security guarantees of the protocol no longer apply. In this paper, we investigate the security guarantees provided by Keyless SSL, a CDN architecture currently deployed by CloudFlare that composes two TLS 1.2 handshakes to obtain a proxied TLS connection. We demonstrate new attacks that show that Keyless SSL does not meet its intended security goals. These attacks have been reported to CloudFlare and we are in the process of discussing fixes. We argue that proxied TLS handshakes require a new, stronger, 3-party security definition. We present 3(S)ACCE-security, a generalization of the 2-party ACCE security definition that has been used in several previous proofs for TLS. We modify Keyless SSL and prove that our modifications guarantee 3(S)ACCE-security, assuming ACCE-security for the individual TLS 1.2 connections. We also propose a new design for Keyless TLS 1.3 and prove that it achieves 3(S)ACCE-security, assuming that the TLS 1.3 handshake implements an authenticated 2-party key exchange. Notably, we show that secure proxying in Keyless TLS 1.3 is computationally lighter and requires simpler assumptions on the certificate infrastructure than our proposed fix for Keyless SSL. Our results indicate that proxied TLS architectures, as currently used by a number of CDNs, may be vulnerable to subtle attacks and deserve close attention.
Fichier principal
Vignette du fichier
mainKeyless.pdf (742.75 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01673853 , version 1 (01-01-2018)
hal-01673853 , version 2 (08-12-2018)

Identifiants

Citer

Karthikeyan Bhargavan, Ioana Boureanu, Cristina Onete, Pierre-Alain Fouque, Benjamin Richard. Content delivery over TLS: a cryptographic analysis of keyless SSL. EuroS&P 2017 - 2nd IEEE European Symposium on Security and Privacy, Apr 2017, Paris, France. IEEE, 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp.600-615, 2017, ⟨10.1109/EuroSP.2017.52⟩. ⟨hal-01673853v1⟩
470 Consultations
1064 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More