Name
Abstract | ||
|---|---|---|
Internet communication today typically involves intermediary middleboxes like caches, compression proxies, or virus scanners. Unfortunately, as encryption becomes more widespread, these middleboxes become blind and we lose their security, functionality, and performance benefits. Despite initial efforts in both industry and academia, we remain unsure how to integrate middleboxes into secure sessions---it is not even clear how to define "secure" in this multi-entity context.
In this paper, we first describe a design space for secure multi-entity communication protocols, highlighting tradeoffs between mutually incompatible properties. We then target real-world requirements unmet by existing protocols, like outsourcing middleboxes to untrusted infrastructure and supporting legacy clients. We propose a security definition and present Middlebox TLS (mbTLS), a protocol that provides it (in part by using Intel SGX to protect middleboxes from untrusted hardware). We show that mbTLS is deployable today and introduces little overhead, and we describe our experience building a simple mbTLS HTTP proxy.
|
Year | Venue | Field |
|---|---|---|
2017 | CoNEXT | Design space,Trusted Computing,Middlebox,Computer science,Computer network,Outsourcing,Encryption,Internet communication,Secure communication,Communications protocol |
DocType | ISBN | Citations |
Conference | 978-1-4503-5422-6 | 1 |
PageRank | References | Authors |
0.35 | 28 | 5 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| David Naylor | 1 | 207 | 9.96 |
| Richard Y. M. Li | 2 | 36 | 9.97 |
| Christos Gkantsidis | 3 | 1269 | 72.28 |
| Thomas Karagiannis | 4 | 3241 | 184.18 |
| Peter Steenkiste | 5 | 5104 | 518.46 |