DeepAI AI Chat
Log In Sign Up

Short-Lived Forward-Secure Delegation for TLS

by   Lukas Alber, et al.

On today's Internet, combining the end-to-end security of TLS with Content Delivery Networks (CDNs) while ensuring the authenticity of connections results in a challenging delegation problem. When CDN servers provide content, they have to authenticate themselves as the origin server to establish a valid end-to-end TLS connection with the client. In standard TLS, the latter requires access to the secret key of the server. To curb this problem, multiple workarounds exist to realize a delegation of the authentication. In this paper, we present a solution that renders key sharing unnecessary and reduces the need for workarounds. By adapting identity-based signatures to this setting, our solution offers short-lived delegations. Additionally, by enabling forward-security, existing delegations remain valid even if the server's secret key leaks. We provide an implementation of the scheme and discuss integration into a TLS stack. In our evaluation, we show that an efficient implementation incurs less overhead than a typical network round trip. Thereby, we propose an alternative approach to current delegation practices on the web.


page 1

page 2

page 3

page 4


A Forward-secure Efficient Two-factor Authentication Protocol

Two-factor authentication (2FA) schemes that rely on a combination of kn...

Two-Server Verifiable Homomorphic Secret Sharing for High-Degree Polynomials

Homomorphic secret sharing (HSS) allows multiple input clients to secret...

Group Key Agreement in Information Centric Networks with Tree Group Diffie-Hellman

The client-server model is known to scale badly without redundant server...

InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

In today's web ecosystem, a website that uses a Content Delivery Network...

TurboTLS: TLS connection establishment with 1 less round trip

We show how to establish TLS connections using one less round trip. In o...

On the Interplay between TLS Certificates and QUIC Performance

In this paper, we revisit the performance of the QUIC connection setup a...

Active TLS Stack Fingerprinting: Characterizing TLS Server Deployments at Scale

Active measurements can be used to collect server characteristics on a l...