Login | Register

Towards usable and fine-grained security for HTTPS with middleboxes


Towards usable and fine-grained security for HTTPS with middleboxes

Khanna, Abhimanyu (2017) Towards usable and fine-grained security for HTTPS with middleboxes. Masters thesis, Concordia University.

[thumbnail of Khanna_MASc_F2017.pdf]
Text (application/pdf)
Khanna_MASc_F2017.pdf - Accepted Version
Available under License Spectrum Terms of Access.


Over the past few years, technology firms have inlined end-to-end encryption for their services and implored for increased in-network functionality. Most firms deploy TLS and middleboxes by performing man-in-the-middle (MITM) of network sessions. In practice, there are no official guidelines for performing MITM and often several tweaks are used resulting in less secure systems. TLS was designed for exactly two parties and introducing a third party by doing MITM breaks TLS and the security benefits it offers.
With increasing debate in finding a clean way to deploy middleboxes with TLS, our work surveys the literature and introduces a benchmark based on the Usability-Deployability-Security (UDS) framework for evaluating existing TLS middlebox interception proposals. Our benchmark encompasses and helps understand the current benefits, solutions and challenges in the existing solutions for incorporating TLS with middleboxes. We perform a comparative and qualitative evaluation for the schemes and summarize the results in a single table. We propose: Triraksha, an alternative to the currently deployed middlebox interception models. Triraksha provides a packet inspection service for end-to-end encrypted connections while maintaining fine-grained confidentiality for end points. We evaluate a prototype implementation of our scheme on local and remote servers and show that the overhead in terms of latency and throughput is minimal. Our scheme is easily deployable as only a few software additions are made at the middlebox and client end.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Khanna, Abhimanyu
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:28 April 2017
Thesis Supervisor(s):Mannan, Mohammad and Clark, Jeremy
Keywords:middlebox, HTTPS, proxy, deployability
ID Code:982500
Deposited On:09 Jun 2017 14:33
Last Modified:18 Jan 2018 17:55
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top