This website requires JavaScript.

A survey and analysis of TLS interception mechanisms and motivations.

Xavier de Carné de CarnavaletPaul C. van Oorschot
arXiv: Cryptography and Security
Oct 2020
摘要
TLS is an end-to-end protocol designed to provide confidentiality and integrity guarantees that improve end-user security and privacy. While TLS helps defend against pervasive surveillance of intercepted unencrypted traffic, it also hinders several common beneficial operations typically performed by middleboxes on the network traffic. This issue has resulted in some parties proposing various methods that bypass the confidentiality goals of TLS by playing with keys and certificates essentially in a man-in-the-middle solution, and leads to new proposals that extend the protocol to accommodate third parties, delegation schemes to trusted middleboxes, and fine-grained control and verification mechanisms. To better understand the underlying motivation of such research proposals, we first review the use cases expecting plain HTTP traffic and discuss the extent to which TLS hinders these operations. We retain 19 scenarios where access to unencrypted traffic is still relevant and evaluate the incentives of the stakeholders involved. Second, we survey techniques and proposals by which TLS no longer delivers end-to-end security, and by which the notion of an end changes. We therefore include endpoint-side middleboxes and mid-path caching middleboxes such as Content Delivery Networks (CDNs), alike. Finally, we compare each scheme based on deployability and security characteristics, and evaluate their compatibility with the stakeholders' incentives. Our analysis leads to a number of findings and observations that we believe will be of interest to practitioners, policy makers and researchers.
展开全部
图表提取

暂无人提供速读十问回答

论文十问由沈向洋博士提出,鼓励大家带着这十个问题去阅读论文,用有用的信息构建认知模型。写出自己的十问回答,还有机会在当前页面展示哦。

Q1论文试图解决什么问题?
Q2这是否是一个新的问题?
Q3这篇文章要验证一个什么科学假设?
2
被引用
笔记
问答