Inspecting TLS Anytime Anywhere: A New Approach to TLS Interception

Date: 22/5/20, from 14.00 to 15.00 AEST

Recording: watch the presentation here

Slides: Presentation baek ia2tls final

Title: Inspecting TLS Anytime Anywhere: A New Approach to TLS Interception

Guest speaker: Professor Joonsang Baek, University of Wollongong

Joonsang Baek received his PhD degree in computer science from Monash University, Australia, in 2004. He received the MS in computer engineering from Korea Advanced Institute of Science and Technology-IT Convergence Campus (KIAST- ICC), Korea, and the BS in mathematics from Pohang University of Science and Technology (POSTECH), Korea, in 2000 and 1998, respectively. Joonsang is currently a senior lecturer at School of Computing and Information Technology, University of Wollongong (UOW), Australia. Before joining UOW, he was an assistant professor in the Department of Electrical and Computer Engineering at Khalifa University, UAE. He also worked as a research scientist at the Institute for Infocomm Research (I2R), Singapore before he joined the academia. His current research interests are in the field of cybersecurity, focusing on the application of cryptographic primitives to real-world applications. Joonsang has published his work in many journals and conference proceedings including the Journal of Cryptology, Asiacrypt, and AsiaCCS. He has also served as chairs, editorial board and program committee members for numerous renowned conferences and journals in the field of security and cryptography.

Abstract:

Transport Layer Security (TLS) is one of the most widely used security protocols for the modern internet. However, TLS does not differentiate regular users from threat actors, who want to evade detection through the privacy provided by TLS. For this reason, organizations have been increasingly interested in middlebox technology whereby encrypted TLS traffic can be filtered and inspected. So far, the majority of middleboxes utilizes the man-in-the-middle (MITM) attack. In this approach, a middlebox acts as a proxy to decrypt and inspect the traffic between the user and the server. However, this approach has the problem of forcing the user to accept the proxy’s certificate. It also has a performance issue as the proxy needs to decrypt and re-encrypt the traffic. In this talk, I will talk about our new solution, which we call “IA2-TLS (Inspecting TLS Anytime Anywhere)”. This approach is based on the idea of securely binding the middlebox’s “inspection key” with the random nonces used in the TLS protocol. Since IA2-TLS does not employ the MITM attack, it does not have the problem of the proxy certificate management and performance degradation. Inspection through IA2-TLS is not confined to a specific location and can be provided at any areas along the path of the network. Moreover, the inspection can be performed in real time or non-real time, depending on the user’s preference or network circumstances. This work will be presented at AsiaCCS 2020.