and then there
play

And Then There Richard Li University of Utah Were More: Christos - PowerPoint PPT Presentation

Nov 21, 2023 •296 likes •727 views

David Naylor Carnegie Mellon And Then There Richard Li University of Utah Were More: Christos Gkantsidis Microsoft Research Secure Communication for More Than Two Parties Thomas Karagiannis Microsoft Research Peter Steenkiste Carnegie

  1. David Naylor Carnegie Mellon And Then There Richard Li University of Utah Were More: Christos Gkantsidis Microsoft Research Secure Communication for More Than Two Parties Thomas Karagiannis Microsoft Research Peter Steenkiste Carnegie Mellon

  3. In most networks, # middleboxes ≈ # routers Web Cache Virus Scanner Compression Proxy Parental Filter Intrusion Detection System Load Balancer [Making Middleboxes Someone Else’s Problem. SIGCOMM ’12 ]

  4. In most networks, # middleboxes ≈ # routers Encryption blinds middleboxes.

  5. # middleboxes ≈ # routers Encryption blinds middleboxes. Goal: Encryption + Middleboxes

  6. Goal: Encryption + Middleboxes 1 2 Design Space mbTLS For secure, A deployable multi-entity protocol for communication outsourced protocols middleboxes.

  7. There’s a big design space for secure, multi-entity communication protocols

  8. There’s a big design space for secure, multi-entity communication protocols 1 2 3 Extend TLS New Security Other Security Properties Properties Properties

  9. 1 Extend TLS Security Properties Data Secrecy 1 Data Authentication 2 Entity 3 Authentication

  10. 1 Extend TLS Security Properties Definition of “Party” vs Granularity of Data Access Definition of “Identity” Headers Headers vs vs Body

  11. 1 2 3 Extend TLS New Security Other Security Properties Properties Properties Granularity of Data Access Headers Headers vs Body Definition of “Party” vs Definition of “Identity” vs

  12. 2 New Security Properties Path Integrity 1 3 2 Data Change Secrecy Authorization

  13. 1 2 New Security 3 Extend TLS Other Security Properties Properties Properties Granularity of Data Access Path Integrity Headers Headers 1 3 vs 2 Body Definition of “Party” Data Change Secrecy vs Definition of “Identity” Authorization vs

  14. 3 Other Properties Computation Legacy Endpoints vs v1.2 Arbitrary Limited In-Band Discovery

  15. 1 2 3 Extend TLS New Security Other Security Properties Properties Properties Granularity of Data Access Path Integrity Legacy Endpoints Headers Headers 1 3 vs v1.2 2 Body Definition of “Party” Data Change Secrecy In-Band Discovery vs Definition of “Identity” Authorization Computation vs vs Arbitrary Limited

  16. There’s a big design space for secure, multi-entity communication protocols 1 2 3 Extend TLS New Security Other Security Properties Properties Properties

  17. There’s a big design space for secure, multi-entity communication protocols There is no one-size-fits-all solution.

  18. There’s a big design space for secure, multi-entity communication protocols There is no one-size-fits-all solution. Supporting one property often precludes another.

  19. Supporting one property often precludes another. TLS interception with custom root certificates Supports Prevents two legacy endpoints endpoint authentication (owner or code) vs v1.2

  20. Supporting one property often precludes another. Multi-Context TLS (mcTLS) [SIGCOMM ’15] Supports Prevents fine-grained data access legacy support Headers Headers vs v1.2 Body

  21. Supporting one property often precludes another. BlindBox [SIGCOMM ’15] Supports Prevents functional crypto arbitrary computation (minimal data access) Headers Headers vs vs Body Arbitrary Limited

  22. There’s a big design space for secure, multi-entity communication protocols There is no one-size-fits-all solution. Supporting one property often precludes another.

  23. There’s a big design space for secure, multi-entity communication protocols There is no one-size-fits-all solution. Supporting one property often precludes another.

  24. Goal: Encryption + Middleboxes 1 2 Design Space mbTLS For secure, A deployable multi-entity protocol for communication outsourced protocols middleboxes.

  25. mbTLS targets two common- case, real-world needs Immediate deployability 1 Interoperate with one legacy endpoint Protection for outsourced middleboxes 2 Protect session data from middlebox infrastructure (in addition to traditional network attackers)

  26. mbTLS targets two common- case, real-world needs 2 Outsourced Middlebox Server-Side Proxy Upgraded Server Residential ISP 1 Legacy Endpoint Legacy Clients

  27. mbTLS targets two common- case, real-world needs 1 Legacy Endpoint 2 Outsourced Middlebox Client-Side Proxy Upgraded Client Cloud Compute Provider Legacy Servers

  28. mbTLS targets two common- case, real-world needs Immediate deployability 1 Interoperate with one legacy endpoint Protection for outsourced middleboxes 2 Protect session data from middlebox infrastructure (in addition to traditional network attackers)

  29. Protection for outsourced middleboxes 2 Protect session data from middlebox infrastructure (in addition to traditional network attackers) Middlebox Software R/W access Client Middlebox Infrastructure Server R/W access No access R/W access Everyone Else No access

  30. mbTLS targets two common- case, real-world needs Immediate deployability 1 Interoperate with one legacy endpoint Protection for outsourced middleboxes 2 Protect session data from middlebox infrastructure (in addition to traditional network attackers)

  31. A first approach: pass primary session key over secondary TLS session Primary TLS Connection Secondary TLS Connection Supports legacy endpoints ✔ Data and keys visible in RAM ✗

  32. An aside: Intel SGX Secure Execution Environment 1 Program code, data, and stack encrypted. Remote Attestation 2 Prove to remote party that is working. 1

  33. A first approach: pass primary session key over secondary TLS session Primary TLS Connection Secondary TLS Connection Supports legacy endpoints ✔ Data and keys visible in RAM ✗

  34. mbTLS protects session data and keys using SGX Primary TLS SGX Enclave Connection TLS Handshake + Attestation Supports legacy endpoints ✔ Data and keys encrypted in RAM ✔

  35. On-path middleboxes can be discovered “on-the-fly” ClientHello + MiddleboxSupportExtension ServerHello [ ] MiddleboxAnnouncement MbtlsEncap + MboxHello

  36. Per-hop keys provide path integrity and data change secrecy Original session key “bridges” client- and server-side middleboxes.

  37. Evaluation What overheads does mbTLS 1 introduce? From SGX? From crypto? Is mbTLS immediately deployable ? 2 Will existing network devices drop mbTLS handshake messages?

  38. Enclave 2 No Enclave (Gbps) Throughput 10 8 6 4 0 Record Size (Bytes) 12K 8K 4K 2K 1K 512 SGX doesn’t have much impact on I/O+compute-intensive workloads

  39. Server Computation mbTLS (3 server mboxes) 0.0 mbTLS (1 server mbox) TLS (no mbox) Time (ms) mbTLS (2 server mboxes) Server 2.5 2.0 1.5 1.0 0.5 mbTLS adds some handshake CPU overhead on the server TLS mbTLS mbTLS mbTLS no mbox 1 mbox 2 mbox 3 mbox

  40. mbTLS’ handshake protocol changes are deployable today ?? Drop handshake? No handshakes were dropped. 11 university 56 hosting 6 enterprise networks networks networks 34 residential 35 19 colocation data center networks networks networks 2 mobile 1 77 public unlabeled networks network networks

  41. David Naylor Carnegie Mellon And Then There Richard Li University of Utah Were More: Christos Gkantsidis Microsoft Research Secure Communication for More Than Two Parties Thomas Karagiannis Microsoft Research Peter Steenkiste Carnegie Mellon

Recommend

More recommend