TY - GEN
T1 - Multi-context TLS (mcTLS)
T2 - ACM Conference on Special Interest Group on Data Communication, SIGCOMM 2015
AU - Naylor, David
AU - Schomp, Kyle
AU - Varvello, Matteo
AU - Leontiadis, Ilias
AU - Blackburn, Jeremy
AU - Lopez, Diego
AU - Papagiannaki, Konstantina
AU - Rodriguez, Pablo Rodriguez
AU - Steenkiste, Peter
N1 - Publisher Copyright: © 2015 ACM.
PY - 2015/8/17
Y1 - 2015/8/17
N2 - A significant fraction of Internet trafic is now encrypted and HTTPS will likely be the default in HTTP/2. How- ever, Transport Layer Security (TLS), the standard protocol for encryption in the Internet, assumes that all functionality resides at the endpoints, making it impossible to use in-network services that optimize network resource usage, improve user experience, and protect clients and servers from security threats. Re-introducing in-network functionality into TLS sessions today is done through hacks, often weakening overall security. In this paper we introduce multi-context TLS (mcTLS), which extends TLS to support middleboxes. mcTLS breaks the current "all-or-nothing"security model by al- lowing endpoints and content providers to explicitly in- Troduce middleboxes in secure end-to-end sessions while controlling which parts of the data they can read or write. We evaluate a prototype mcTLS implementation in both controlled and "live" experiments, showing that its benefits come at the cost of minimal overhead. More importantly, we show that mcTLS can be incrementally deployed and requires only small changes to client, server, and middlebox software.
AB - A significant fraction of Internet trafic is now encrypted and HTTPS will likely be the default in HTTP/2. How- ever, Transport Layer Security (TLS), the standard protocol for encryption in the Internet, assumes that all functionality resides at the endpoints, making it impossible to use in-network services that optimize network resource usage, improve user experience, and protect clients and servers from security threats. Re-introducing in-network functionality into TLS sessions today is done through hacks, often weakening overall security. In this paper we introduce multi-context TLS (mcTLS), which extends TLS to support middleboxes. mcTLS breaks the current "all-or-nothing"security model by al- lowing endpoints and content providers to explicitly in- Troduce middleboxes in secure end-to-end sessions while controlling which parts of the data they can read or write. We evaluate a prototype mcTLS implementation in both controlled and "live" experiments, showing that its benefits come at the cost of minimal overhead. More importantly, we show that mcTLS can be incrementally deployed and requires only small changes to client, server, and middlebox software.
KW - HTTPS
KW - SSL
KW - TLS
UR - https://www.scopus.com/pages/publications/84962271239
U2 - 10.1145/2785956.2787482
DO - 10.1145/2785956.2787482
M3 - Conference contribution
T3 - SIGCOMM 2015 - Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication
SP - 199
EP - 212
BT - SIGCOMM 2015 - Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication
PB - Association for Computing Machinery
Y2 - 17 August 2015 through 21 August 2015
ER -