Supporting End-to-end Security across Proxies with Multiple-Channel SSL
نویسندگان
چکیده
Secure Socket Layer (SSL) has functional limitations that prevent end-to-end security in the presence of untrusted intermediary application proxies used by clients to communicate with servers. This paper introduces Multiple-Channel SSL (MC-SSL), an extension of SSL, and describes and analyzes the design of MC-SSL proxy channel protocol that enables the support for end-to-end security of client-server communications in the presence of application proxies. MC-SSL is able to securely negotiate multiple virtual channels with different security characteristics including application proxy and cipher suite.
منابع مشابه
Multiple-Channel Security Architecture and its Implementation over SSL
This paper presents multiple-channel SSL (MC-SSL), an architecture and protocol for protecting client-server communications. In contrast to SSL, which provides a single end-to-end secure channel, MC-SSL enables applications to employ multiple channels, each with its own cipher suite and data-flow direction. Our approach also allows for several partially trusted application proxies. The main adv...
متن کاملImplementing Multiple Channels over SSL
Multiple-Channel SSL (MC-SSL) is our model and protocol for the security of client-server communication. In contrast to SSL, MC-SSL can securely provide applications with multiple channels, and each of them can have a specific cipher suite and a various number of application proxies; meanwhile, the channel negotiation and operation in MC-SSL are still based on SSL, which needs a small change in...
متن کاملKilled by Proxy: Analyzing Client-end TLS Interce
To filter SSL/TLS-protected traffic, some antivirus and parental-control applications interpose a TLS proxy in the middle of the host’s communications. We set out to analyze such proxies as there are known problems in other (more matured) TLS processing engines, such as browsers and common TLS libraries. Compared to regular proxies, client-end TLS proxies impose several unique constraints, and ...
متن کاملSSLSARD: A Request Distribution Technique for Distributed SSL Reverse Proxies
—Although Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are the for transport layer security, their cryptographic operations tend to be highly CPU intensive. Web systems that support SSL/TLS often deploy several locally or globally distributed SSL reverse proxies in front of Web servers to offload SSL/TLS operations from Web servers and improve the execution perfo...
متن کاملPerformance and Security Aspects of Client-Side SSL/TLS Processing on Mobile Devices
The SSL/TLS protocol is the de-facto standard for secure Internet communications, and supported by virtually all modern e-mail clients and Web browsers. With more and more PDAs and cell phones providing wireless e-mail and Web access, there is an increasing demand for establishing secure SSL/TLS connections on devices that are relatively constrained in terms of computational resources. Therefor...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004