Skip to Main content Skip to Navigation
Conference papers

A Formal Treatment of Accountable Proxying over TLS

Abstract : Much of Internet traffic nowadays passes through active proxies, whose role is to inspect, filter, cache, or transform data exchanged between two endpoints. To perform their tasks, such proxies modify channel-securing protocols, like TLS, resulting in serious vulnerabilities. Such problems are exacerbated by the fact that middleboxes are often invisible to one or both endpoints, leading to a lack of accountability. A recent protocol, called mcTLS, pioneered accountability for proxies, which are authorized by the endpoints and given limited read/write permissions to application traffic. Unfortunately, we show that mcTLS is insecure: the protocol modifies the TLS protocol, exposing it to a new class of middlebox-confusion attacks. Such attacks went unnoticed mainly because mcTLS lacked a formal analysis and security proofs. Hence, our second contribution is to formalize the goal of accountable proxying over secure channels. Third, we propose a provably-secure alternative to soon-to-be-standardized mcTLS: a generic and modular protocol-design that carefully composes generic secure channel-establishment protocols, which we prove secure. Finally, we present a proof-of-concept implementation of our design, instantiated with unmodified TLS 1.3 draft 23, and evaluate its overheads.
Complete list of metadata

Cited literature [39 references]  Display  Hide  Download

https://hal.inria.fr/hal-01948722
Contributor : Bhargavan Karthikeyan <>
Submitted on : Saturday, December 8, 2018 - 10:53:30 AM
Last modification on : Friday, July 10, 2020 - 4:14:00 PM
Long-term archiving on: : Saturday, March 9, 2019 - 12:40:29 PM

File

main.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01948722, version 1

Citation

Karthikeyan Bhargavan, Ioana Boureanu, Antoine Delignat-Lavaud, Pierre-Alain Fouque, Cristina Onete. A Formal Treatment of Accountable Proxying over TLS. SP 2018 - IEEE Symposium on Security and Privacy, May 2018, San Francisco, United States. ⟨hal-01948722⟩

Share

Metrics

Record views

155

Files downloads

619