Séminaire ICI : Cristina Onete
Titre du séminaire et oratrice
Proxying over TLS: Breaking and Fixing CloudFlare's Keyless SSL.
Cristina Onete, Université de Rennes 1
Date et lieu
ENSEA, salle 384.
Vendredi 17 mars 2017, 10h30.
One of the fundamental goals of cryptography is enabling parties to communicate securely over an insecure channel. This functionality is required in our everyday use of the Internet, for secure Internet browsing, secure emailing, messaging, and even Voice over IP conversations.
In order to construct a secure channel between two parties (usually a client and a server), the participants execute an authenticated key exchange protocol (AKE), which enables them, starting from some initial long-term data, to establish fresh, session-specific keys. This first step is also called a handshake. In a second step, the session keys are use to authenticate and encrypt the data exchanged by the two parties, thus essentially constructing that secure channel.
TLS/SSL is one of the most widely used protocols today, ensuring secure-channel establishment over the Internet. Though a subject of debate for many years, the TLS 1.2 protocol was proved secure under a series of assumptions. However, in real-world applications, TLS is not used in the way it was designed, namely, between the client and the server directly. Instead, cloud-based content delivery network architectures (CDN) have introduced a three-party handshake, such that the client obliviously connects to a cloud provider, which caches and delivers the server's content. In this talk we show that one type of CDN, namely CloudFlare's Keyless SSL, proxies TLS in a way that breaks the protocol's security in various ways. We will also show how to fix their Keyless protocol design, with the surprising result that our novel Keyless TLS 1.3 (i.e. using the newly designed TLS 1.3 version) is in fact much more efficient than the fixed Keyless TLS 1.2, whilst attaining the same properties.
Cristina Onete is a post-doctoral researcher at the Université de Rennes 1, working as part of the ANR-funded SafeTLS project in the Embedded Security and Cryptography (EMSEC) research team. Her work focuses on provable security, in particular with a focus on authentication, AKE, and distance-bounding protocols. She joined the EMSEC research team in September 2015 and was before a member of the CIDRE team (at the IRISA Rennes), working with Sébastien Gambs on topics of provable privacy.