maTLS: How to Make TLS middlebox-aware?

September 18, 2019
tls web

maTLS: How to Make TLS middlebox-aware?

Current Solution

MITM: * Client: fake root certificate * Server: CDNs request server private keys.

=> Increased risks in MITM attack
=> How to work honestly?
    1. encryption-based
    2. TEE-based
    3. TLS extension-based

SplitTLS:

maTLS:

  1. authenticate all middleboxes
  2. audit all middleboxes
  3. security parameter verification
  4. valid modification checks

Middlebox transparency (MT): MT system targets middlebox certificates, it logs certificates, which can be publicly mon- itored and audited by any interested parties.

/images/3.png

How to do

An extension in middlebox’ X509 Certificates indicates the access of this middlebox.

/images/5.png

Safely Exporting Keys from Secure Channels: On the Security of EAP-TLS and TLS Key Exporters

September 22, 2019
tls web

The use of TLS in Censorship Circumvention

September 18, 2019
tls web

Hybrid key exchange in TLS 1.3 or SSH

September 17, 2019
tls web