Skip to Main content Skip to Navigation
Documents associated with scientific events

Content Delivery over TLS: A Cryptographic Analysis of Keyless SSL

Abstract : The Transport Layer Security (TLS) protocol is designed to allow two parties, a client and a server, to communicate securely over an insecure network. However, when TLS connections are proxied through an intermediate middlebox, like a Content Delivery Network (CDN), the standard end-to-end security guarantees of the protocol no longer apply. In this paper, we investigate the security guarantees provided by Keyless SSL, a CDN architecture currently deployed by CloudFlare that composes two TLS 1.2 handshakes to obtain a proxied TLS connection. We demonstrate new attacks that show that Keyless SSL does not meet its intended security goals. These attacks have been reported to CloudFlare and we are in the process of discussing fixes. We argue that proxied TLS handshakes require a new, stronger, 3-party security definition. We present 3(S)ACCE-security, a generalization of the 2-party ACCE security definition that has been used in several previous proofs for TLS. We modify Keyless SSL and prove that our modifications guarantee 3(S)ACCE-security, assuming ACCE-security for the individual TLS 1.2 connections. We also propose a new design for Keyless TLS 1.3 and prove that it achieves 3(S)ACCE-security, assuming that the TLS 1.3 handshake implements an authenticated 2-party key exchange. Notably, we show that secure proxying in Keyless TLS 1.3 is computationally lighter and requires simpler assumptions on the certificate infrastructure than our proposed fix for Keyless SSL. Our results indicate that proxied TLS architectures, as currently used by a number of CDNs, may be vulnerable to subtle attacks and deserve close attention.
Document type :
Documents associated with scientific events
Complete list of metadata

Cited literature [13 references]  Display  Hide  Download
Contributor : Bhargavan Karthikeyan Connect in order to contact the contributor
Submitted on : Saturday, December 8, 2018 - 10:39:44 AM
Last modification on : Wednesday, June 8, 2022 - 12:50:04 PM
Long-term archiving on: : Saturday, March 9, 2019 - 12:54:37 PM


Files produced by the author(s)



Karthikeyan Bhargavan, Ioana Boureanu, Pierre-Alain Fouque, Cristina Onete, Benjamin Richard. Content Delivery over TLS: A Cryptographic Analysis of Keyless SSL. EuroS&P 2017 - 2nd IEEE European Symposium on Security and Privacy, Apr 2017, Paris, France. IEEE, pp.600-615, 2017, ⟨10.1109/EuroSP.2017.52⟩. ⟨hal-01673853v2⟩



Record views


Files downloads