Short-Lived Forward-Secure Delegation for TLS

  • Lukas Alber (Redner/in)
  • More, S. J. (Beitragende/r)
  • Sebastian Ramacher (Beitragende/r)

Aktivität: Vortrag oder PräsentationVortrag bei Konferenz oder FachtagungScience to science

Beschreibung

On today's Internet, combining the end-to-end security of TLS with Content Delivery Networks (CDNs) while ensuring the authenticity of connections results in a challenging delegation problem. When CDN servers provide content, they have to authenticate themselves as the origin server to establish a valid end-to-end TLS connection with the client. In standard TLS, the latter requires access to the secret key of the server. To curb this problem, multiple workarounds exist to realize a delegation of the authentication.

In this paper, we present a solution that renders key sharing unnecessary and reduces the need for workarounds. By adapting identity-based signatures to this setting, our solution offers short-lived delegations. Additionally, by enabling forward-security, existing delegations remain valid even if the server's secret key leaks. We provide an implementation of the scheme and discuss integration into a TLS stack. In our evaluation, we show that an efficient implementation incurs less overhead than a typical network round trip. Thereby, we propose an alternative approach to current delegation practices on the web.
Zeitraum9 Nov. 2020
EreignistitelThe ACM Cloud Computing Security Workshop in conjunction with the ACM Conference on Computer and Communications Security: CCS 2020
VeranstaltungstypWorkshop
OrtVirtuell, USA / Vereinigte StaatenAuf Karte anzeigen
BekanntheitsgradInternational

Verbundene Inhalte