Short-Lived Forward-Secure Delegation for TLS

09/04/2020
by   Lukas Alber, et al.
0

On today's Internet, combining the end-to-end security of TLS with Content Delivery Networks (CDNs) while ensuring the authenticity of connections results in a challenging delegation problem. When CDN servers provide content, they have to authenticate themselves as the origin server to establish a valid end-to-end TLS connection with the client. In standard TLS, the latter requires access to the secret key of the server. To curb this problem, multiple workarounds exist to realize a delegation of the authentication. In this paper, we present a solution that renders key sharing unnecessary and reduces the need for workarounds. By adapting identity-based signatures to this setting, our solution offers short-lived delegations. Additionally, by enabling forward-security, existing delegations remain valid even if the server's secret key leaks. We provide an implementation of the scheme and discuss integration into a TLS stack. In our evaluation, we show that an efficient implementation incurs less overhead than a typical network round trip. Thereby, we propose an alternative approach to current delegation practices on the web.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
08/04/2022

A Forward-secure Efficient Two-factor Authentication Protocol

Two-factor authentication (2FA) schemes that rely on a combination of kn...
research
04/25/2021

Two-Server Verifiable Homomorphic Secret Sharing for High-Degree Polynomials

Homomorphic secret sharing (HSS) allows multiple input clients to secret...
research
04/21/2020

Group Key Agreement in Information Centric Networks with Tree Group Diffie-Hellman

The client-server model is known to scale badly without redundant server...
research
09/04/2022

InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

In today's web ecosystem, a website that uses a Content Delivery Network...
research
02/10/2023

TurboTLS: TLS connection establishment with 1 less round trip

We show how to establish TLS connections using one less round trip. In o...
research
11/04/2022

On the Interplay between TLS Certificates and QUIC Performance

In this paper, we revisit the performance of the QUIC connection setup a...
research
06/27/2022

Active TLS Stack Fingerprinting: Characterizing TLS Server Deployments at Scale

Active measurements can be used to collect server characteristics on a l...

Please sign up or login with your details

Forgot password? Click here to reset