Hyunwoo Lee (Seoul National University), Zach Smith (University of Luxembourg), Junghwan Lim (Seoul National University), Gyeongjae Choi (Seoul National University), Selin Chun (Seoul National University), Taejoong Chung (Rochester Institute of Technology), Ted "Taekyoung" Kwon (Seoul National University)

Middleboxes (MBs) are widely deployed in order to enhance security and performance in networking.
However, as the communications over the TLS become increasingly common, the end-to-end channel model of the TLS undermines the efficacy of MBs.
Existing solutions, such as `split TLS' that intercepts TLS sessions, often introduce significant security risks by installing a custom root certificate or sharing a private key.
Many studies have confirmed the vulnerabilities of combining the TLS with MBs, which include certificate validation failures, unwanted content modification, and using obsolete ciphersuites.
To address the above issues, we introduce an MB-aware TLS protocol, dubbed maTLS, that allows MBs to participate in the TLS in a visible and accountable fashion.
Every participating MB now splits a session into two segments with its own security parameters in collaboration with the two endpoints.
However, the session is still secure as the maTLS protocol is designed to achieve the authentication of MBs, the audit of MBs' operations, and the verification of security parameters of segments.
We carry out testbed-based experiments to show that maTLS achieves the above security goals with marginal overhead.
We also prove the security model of maTLS by using Tamarin, a security verification tool.

View More Papers

The Crux of Voice (In)Security: A Brain Study of...

Ajaya Neupane (University of California Riverside), Nitesh Saxena (University of Alabama at Birmingham), Leanne Hirshfield (Syracuse University), Sarah Elaine Bratt (Syracuse University)

Read More

Private Continual Release of Real-Valued Data Streams

Victor Perrier (Data61, CSIRO and ISAE-SUPAERO), Hassan Jameel Asghar (Macquarie University and Data61, CSIRO), Dali Kaafar (Macquarie University and Data61, CSIRO)

Read More

CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free...

Jangseop Shin (Seoul National University and Inter-University Semiconductor Research Center), Donghyun Kwon (Seoul National University and Inter-University Semiconductor Research Center), Jiwon Seo (Seoul National University and Inter-University Semiconductor Research Center), Yeongpil Cho (Soongsil University), Yunheung Paek (Seoul National University and Inter-University Semiconductor Research Center)

Read More

BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals

Fenghao Xu (The Chinese University of Hong Kong), Wenrui Diao (Jinan University), Zhou Li (University of California, Irvine), Jiongyi Chen (The Chinese University of Hong Kong), Kehuan Zhang (The Chinese University of Hong Kong)

Read More