Name
Abstract | ||
|---|---|---|
Many enterprise-grade network appliances host a TLS proxy to facilitate interception of TLS-protected traffic for various purposes, including malware scanning, phishing detection, and preventing data exfiltration. When deployed, the TLS proxy acts as the security validating client for external TLS web servers, on behalf of the original requesting client; on the other hand, the proxy acts as the web server to the client. Consequently, TLS proxies must maintain a reliable level of security, at least, at the same level as modern web browsers and properly configured TLS servers. Failure to do so increases the attack surface of all the proxied clients served the network appliance. We develop a framework for testing TLS inspecting appliances, combining and extending tests from existing work on client-end and network-based interception. Utilizing this framework, we analyze six representative network appliances, and uncover several security issues regarding TLS version and certificate parameters mapping, CA trusted stores, private keys, and certificate validation tests. For instance, we found that two appliances perform no certificate validation at all, exposing their end-clients to trivial Man-in-the-Middle attacks. The remaining appliances that perform certificate validation, still do not follow current best practices, and thus making them vulnerable against certain attacks. We also found that all the tested appliances deceive the requesting clients, by offering TLS parameters that are different from the proxy-to-server TLS parameters, such as the TLS versions, hashing algorithms, and RSA key sizes. We hope that this work bring focus on the risks and vulnerabilities of using TLS proxies that are being widely deployed in many enterprise and government environments, potentially affecting all their users and systems.
|
Year | DOI | Venue |
|---|---|---|
2018 | 10.1145/3196494.3196528 | AsiaCCS |
Keywords | Field | DocType |
TLS, Proxy, Interception, Network Appliances, Certificates, Validation, MITM | Man-in-the-middle attack,Attack surface,Computer science,Computer security,Server,Hash function,Malware,Certificate,Computer appliance,Web server | Conference |
ISBN | Citations | PageRank |
978-1-4503-5576-6 | 4 | 0.44 |
References | Authors | |
13 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Louis Waked | 1 | 4 | 0.44 |
| Mohammad Mannan | 2 | 4 | 1.12 |
| Amr M. Youssef | 3 | 4 | 0.44 |