Kentaro Kita, Junji Takemasa, Y. Koizumi, T. Hasegawa
{"title":"基于TLS的安全中间箱通道及其对中间箱妥协的弹性","authors":"Kentaro Kita, Junji Takemasa, Y. Koizumi, T. Hasegawa","doi":"10.1109/INFOCOM53939.2023.10229081","DOIUrl":null,"url":null,"abstract":"A large portion of Internet traffic passes through middleboxes that read or modify messages. However, as more traffic is protected with TLS, middleboxes are becoming unable to provide their functions. To leverage middlebox functionality while preserving communication security, secure middlebox channel protocols have been designed as extensions of TLS. A key idea is that the endpoints explicitly incorporate middleboxes into the TLS handshake and grant each middlebox either the read or the write permission for their messages. Because each middlebox has the least data access privilege, these protocols are resilient against the compromise of a single middlebox. However, the existing studies have not comprehensively analyzed the communication security under the scenarios where multiple middleboxes are compromised. In this paper, we present novel attacks that break the security of the existing protocols under such scenarios and then modify maTLS, the state-of-the-art protocol, so that all the attacks are prevented with marginal overhead.","PeriodicalId":387707,"journal":{"name":"IEEE INFOCOM 2023 - IEEE Conference on Computer Communications","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Secure Middlebox Channel over TLS and its Resiliency against Middlebox Compromise\",\"authors\":\"Kentaro Kita, Junji Takemasa, Y. Koizumi, T. Hasegawa\",\"doi\":\"10.1109/INFOCOM53939.2023.10229081\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A large portion of Internet traffic passes through middleboxes that read or modify messages. However, as more traffic is protected with TLS, middleboxes are becoming unable to provide their functions. To leverage middlebox functionality while preserving communication security, secure middlebox channel protocols have been designed as extensions of TLS. A key idea is that the endpoints explicitly incorporate middleboxes into the TLS handshake and grant each middlebox either the read or the write permission for their messages. Because each middlebox has the least data access privilege, these protocols are resilient against the compromise of a single middlebox. However, the existing studies have not comprehensively analyzed the communication security under the scenarios where multiple middleboxes are compromised. In this paper, we present novel attacks that break the security of the existing protocols under such scenarios and then modify maTLS, the state-of-the-art protocol, so that all the attacks are prevented with marginal overhead.\",\"PeriodicalId\":387707,\"journal\":{\"name\":\"IEEE INFOCOM 2023 - IEEE Conference on Computer Communications\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE INFOCOM 2023 - IEEE Conference on Computer Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INFOCOM53939.2023.10229081\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE INFOCOM 2023 - IEEE Conference on Computer Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INFOCOM53939.2023.10229081","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Secure Middlebox Channel over TLS and its Resiliency against Middlebox Compromise
A large portion of Internet traffic passes through middleboxes that read or modify messages. However, as more traffic is protected with TLS, middleboxes are becoming unable to provide their functions. To leverage middlebox functionality while preserving communication security, secure middlebox channel protocols have been designed as extensions of TLS. A key idea is that the endpoints explicitly incorporate middleboxes into the TLS handshake and grant each middlebox either the read or the write permission for their messages. Because each middlebox has the least data access privilege, these protocols are resilient against the compromise of a single middlebox. However, the existing studies have not comprehensively analyzed the communication security under the scenarios where multiple middleboxes are compromised. In this paper, we present novel attacks that break the security of the existing protocols under such scenarios and then modify maTLS, the state-of-the-art protocol, so that all the attacks are prevented with marginal overhead.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
