mdTLS: How to Make Middlebox-Aware TLS More Efficient?

Taehyun Ahn; Jiwon Kwak; Seungjoo Kim

doi:10.1007/978-981-97-1238-0_3

mdTLS: How to Make Middlebox-Aware TLS More Efficient?

Taehyun Ahn, Jiwon Kwak, Seungjoo Kim

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Recently, many organizations have been installing middleboxes in their networks in large numbers to provide various services to their customers. Although middleboxes have the advantage of not being dependent on specific hardware and being able to provide a variety of services, they can become a new attack target for hackers. Therefore, many researchers have proposed security-enchanced TLS protocols, but their results have some limitations. In this paper, we proposed a middlebox-delegated TLS (mdTLS) protocol that not only achieves the same security level but also requires relatively less computation compared to recent research results. mdTLS is a TLS protocol designed based on the proxy signature scheme, which requires about 39% less computation than middlebox-aware TLS (maTLS), which is the best in security and performance among existing research results. In order to substantiate the enhanced security of mdTLS, we conducted a formal verification using the Tamarin. Our verification demonstrates that mdTLS not only satisfies the security properties set forth by maTLS but also complies with the essential security properties required for proxy signature scheme (All of the formal models and lemmas are open to the public through the following url https://github.com/HackProof/mdTLS).

Original language	English
Title of host publication	Information Security and Cryptology – ICISC 2023 - 26th International Conference on Information Security and Cryptology, ICISC 2023, Revised Selected Papers
Editors	Hwajeong Seo, Suhri Kim
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	39-59
Number of pages	21
ISBN (Print)	9789819712373
DOIs	https://doi.org/10.1007/978-981-97-1238-0_3
Publication status	Published - 2024
Event	26th International Conference on Information Security and Cryptology on Information Security and Cryptology, ICISC 2023 - Seoul, Korea, Republic of Duration: 2023 Nov 29 → 2023 Dec 1

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14562 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	26th International Conference on Information Security and Cryptology on Information Security and Cryptology, ICISC 2023
Country/Territory	Korea, Republic of
City	Seoul
Period	23/11/29 → 23/12/1

Bibliographical note

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.

Keywords

Formal verification
Middlebox
Proxy signature
maTLS

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-981-97-1238-0_3

Cite this

Ahn, T., Kwak, J., & Kim, S. (2024). mdTLS: How to Make Middlebox-Aware TLS More Efficient? In H. Seo, & S. Kim (Eds.), Information Security and Cryptology – ICISC 2023 - 26th International Conference on Information Security and Cryptology, ICISC 2023, Revised Selected Papers (pp. 39-59). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14562 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-97-1238-0_3

mdTLS: How to Make Middlebox-Aware TLS More Efficient? / Ahn, Taehyun; Kwak, Jiwon; Kim, Seungjoo.
Information Security and Cryptology – ICISC 2023 - 26th International Conference on Information Security and Cryptology, ICISC 2023, Revised Selected Papers. ed. / Hwajeong Seo; Suhri Kim. Springer Science and Business Media Deutschland GmbH, 2024. p. 39-59 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14562 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ahn, T, Kwak, J & Kim, S 2024, mdTLS: How to Make Middlebox-Aware TLS More Efficient? in H Seo & S Kim (eds), Information Security and Cryptology – ICISC 2023 - 26th International Conference on Information Security and Cryptology, ICISC 2023, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14562 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 39-59, 26th International Conference on Information Security and Cryptology on Information Security and Cryptology, ICISC 2023, Seoul, Korea, Republic of, 23/11/29. https://doi.org/10.1007/978-981-97-1238-0_3

Ahn T, Kwak J, Kim S. mdTLS: How to Make Middlebox-Aware TLS More Efficient? In Seo H, Kim S, editors, Information Security and Cryptology – ICISC 2023 - 26th International Conference on Information Security and Cryptology, ICISC 2023, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2024. p. 39-59. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-981-97-1238-0_3

Ahn, Taehyun ; Kwak, Jiwon ; Kim, Seungjoo. / mdTLS : How to Make Middlebox-Aware TLS More Efficient?. Information Security and Cryptology – ICISC 2023 - 26th International Conference on Information Security and Cryptology, ICISC 2023, Revised Selected Papers. editor / Hwajeong Seo ; Suhri Kim. Springer Science and Business Media Deutschland GmbH, 2024. pp. 39-59 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{906f6a0133614e3cb8a1c5b63a558c4d,

title = "mdTLS: How to Make Middlebox-Aware TLS More Efficient?",

abstract = "Recently, many organizations have been installing middleboxes in their networks in large numbers to provide various services to their customers. Although middleboxes have the advantage of not being dependent on specific hardware and being able to provide a variety of services, they can become a new attack target for hackers. Therefore, many researchers have proposed security-enchanced TLS protocols, but their results have some limitations. In this paper, we proposed a middlebox-delegated TLS (mdTLS) protocol that not only achieves the same security level but also requires relatively less computation compared to recent research results. mdTLS is a TLS protocol designed based on the proxy signature scheme, which requires about 39\% less computation than middlebox-aware TLS (maTLS), which is the best in security and performance among existing research results. In order to substantiate the enhanced security of mdTLS, we conducted a formal verification using the Tamarin. Our verification demonstrates that mdTLS not only satisfies the security properties set forth by maTLS but also complies with the essential security properties required for proxy signature scheme (All of the formal models and lemmas are open to the public through the following url https://github.com/HackProof/mdTLS).",

keywords = "Formal verification, Middlebox, Proxy signature, maTLS",

author = "Taehyun Ahn and Jiwon Kwak and Seungjoo Kim",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.; 26th International Conference on Information Security and Cryptology on Information Security and Cryptology, ICISC 2023 ; Conference date: 29-11-2023 Through 01-12-2023",

year = "2024",

doi = "10.1007/978-981-97-1238-0\_3",

language = "English",

isbn = "9789819712373",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "39--59",

editor = "Hwajeong Seo and Suhri Kim",

booktitle = "Information Security and Cryptology – ICISC 2023 - 26th International Conference on Information Security and Cryptology, ICISC 2023, Revised Selected Papers",

address = "Germany",

}

TY - GEN

T1 - mdTLS

T2 - 26th International Conference on Information Security and Cryptology on Information Security and Cryptology, ICISC 2023

AU - Ahn, Taehyun

AU - Kwak, Jiwon

AU - Kim, Seungjoo

PY - 2024

Y1 - 2024

N2 - Recently, many organizations have been installing middleboxes in their networks in large numbers to provide various services to their customers. Although middleboxes have the advantage of not being dependent on specific hardware and being able to provide a variety of services, they can become a new attack target for hackers. Therefore, many researchers have proposed security-enchanced TLS protocols, but their results have some limitations. In this paper, we proposed a middlebox-delegated TLS (mdTLS) protocol that not only achieves the same security level but also requires relatively less computation compared to recent research results. mdTLS is a TLS protocol designed based on the proxy signature scheme, which requires about 39% less computation than middlebox-aware TLS (maTLS), which is the best in security and performance among existing research results. In order to substantiate the enhanced security of mdTLS, we conducted a formal verification using the Tamarin. Our verification demonstrates that mdTLS not only satisfies the security properties set forth by maTLS but also complies with the essential security properties required for proxy signature scheme (All of the formal models and lemmas are open to the public through the following url https://github.com/HackProof/mdTLS).

AB - Recently, many organizations have been installing middleboxes in their networks in large numbers to provide various services to their customers. Although middleboxes have the advantage of not being dependent on specific hardware and being able to provide a variety of services, they can become a new attack target for hackers. Therefore, many researchers have proposed security-enchanced TLS protocols, but their results have some limitations. In this paper, we proposed a middlebox-delegated TLS (mdTLS) protocol that not only achieves the same security level but also requires relatively less computation compared to recent research results. mdTLS is a TLS protocol designed based on the proxy signature scheme, which requires about 39% less computation than middlebox-aware TLS (maTLS), which is the best in security and performance among existing research results. In order to substantiate the enhanced security of mdTLS, we conducted a formal verification using the Tamarin. Our verification demonstrates that mdTLS not only satisfies the security properties set forth by maTLS but also complies with the essential security properties required for proxy signature scheme (All of the formal models and lemmas are open to the public through the following url https://github.com/HackProof/mdTLS).

KW - Formal verification

KW - Middlebox

KW - Proxy signature

KW - maTLS

UR - http://www.scopus.com/inward/record.url?scp=85189349486&partnerID=8YFLogxK

U2 - 10.1007/978-981-97-1238-0_3

DO - 10.1007/978-981-97-1238-0_3

M3 - Conference contribution

AN - SCOPUS:85189349486

SN - 9789819712373

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 39

EP - 59

BT - Information Security and Cryptology – ICISC 2023 - 26th International Conference on Information Security and Cryptology, ICISC 2023, Revised Selected Papers

A2 - Seo, Hwajeong

A2 - Kim, Suhri

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 29 November 2023 through 1 December 2023

ER -