maTLS: How to Make TLS middlebox-aware? Hyunwoo Lee, Zach Smith, Junghwan Lim†, Gyeongjae Choi, Selin Chun, Taejoong Chung, Ted “Taekyoung” Kwon
Network and Distributed Systems Security (NDSS) Symposium 2019
Current Solution MITM: * Client: fake root certificate * Server: CDNs request server private keys.
=> Increased risks in MITM attack => How to work honestly? 1. encryption-based 2. TEE-based 3. TLS extension-based SplitTLS:
authentication: client can not authenticate the intend server Confidentiality: weak ciphersuite Integrity：Not behaved Middlebox maTLS: