Group of Software Security In Progress

GoSSIP @ LoCCS.Shanghai Jiao Tong University

An Analysis of TLS Handshake Proxying

论文下载:http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7345293

Abstract

这篇文章主要研究了HTTPS网站使用CDN服务时采用的private key proxy服务,分析了它的性能和安全性。

TLS and Handshake Proxying

Fig

Fig

Fig

Performance

Fig

Fig

Fig

Security

  • Security goals:
    • Key-server-to-client
    • Edge-server-to-client authentication
    • Channel security
  • Security of the key server:Side channel
  • Security of the edge server:
    • Reduce the validity period of the credential and rotating quickly
    • Use trusted computing mechanisms like remote attestation
    • Limit access to the key server through IP filtering
    • Revoke access from certain machines based on monitoring