Paper 2020/1366

LURK: Server-Controlled TLS Delegation

Ioana Boureanu, Daniel Migault, Stere Preda, Hyame Assem Alamedine, Sanjay Mishra, Frederic Fieau, and Mohammad Mannan

Abstract

By design, TLS (Transport Layer Security) is a 2-party, end-to-end protocol. Yet, in practice, TLS delegation is often deployed: that is, middlebox proxies inspect and even modify TLS traffic between the endpoints. Recently, industry-leaders (e.g., Akamai, Cloudflare, Telefonica, Ericcson), standardization bodies (e.g., IETF, ETSI), and academic researchers have proposed numerous ways of achieving safer TLS delegation. We present LURK the LURK (Limited Use of Remote Keys) extension for TLS~1.2, a suite of designs for TLS delegation, where the TLS-server is aware of the middlebox. We implement and test LURK. We also cryptographically prove and formally verify, in Proverif, the security of LURK. Finally, we comprehensively analyze how our designs balance (provable) security and competitive performance.

Note: This paper is an extended version of our IEEE TrustCom 2020 paper [a]. We are making this version available in order to have more clear results and discussions in comparison to its short version. [a] Ioana Boureanu and Daniel Migault and Stere Preda and Hyame Assem Alamedine and Sanjay Mishra and Frederic Fieau and Mohammad Mannan “LURK: Server-Controlled TLS Delegation”, in Proceedings of the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2020), Guangzhou, China, December 29, 2020 - January 1, 2021

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Internet securityMiddleboxesCryptographic protocolsTransport protocolsTLSProverif
Contact author(s)
i boureanu @ surrey ac uk
daniel migault @ ericsson com
stere preda @ ericsson com
hyame a alameddine @ ericsson com
sanjay mishra @ verizon com
frederic fieau @ orange com
m mannan @ concordia ca
History
2020-11-02: received
Short URL
https://ia.cr/2020/1366
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/1366,
      author = {Ioana Boureanu and Daniel Migault and Stere Preda and Hyame Assem Alamedine and Sanjay Mishra and Frederic Fieau and Mohammad Mannan},
      title = {LURK: Server-Controlled TLS Delegation},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1366},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/1366}},
      url = {https://eprint.iacr.org/2020/1366}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.