Secure and Efficient maTLS With Proxy Signature Scheme

Secure and Efficient maTLS With Proxy Signature Scheme

Many companies providing mobile and web-based internet services deploy various middleboxes, including network and security appliances, to enhance network functionality and security. In particular, security appliances such as Web Application Firewalls and Intrusion Detection/Prevention Systems are fr...

Full description

Saved in:
Bibliographic Details
Main Authors: Taehyun Ahn, Jiwon Kwak, Seungjoo Kim
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Formal verification
maTLS
mdTLS
middlebox
network security
and proxy signature
Online Access:https://ieeexplore.ieee.org/document/11028591/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Many companies providing mobile and web-based internet services deploy various middleboxes, including network and security appliances, to enhance network functionality and security. In particular, security appliances such as Web Application Firewalls and Intrusion Detection/Prevention Systems are frequently used to inspect transmitted data for security threats. However, the common practice of installing server certificates on middleboxes for encrypted traffic inspection introduces the risk of exposing secret keys. To address this, this paper proposes the middlebox-delegated TLS (mdTLS) protocol, a novel approach leveraging proxy signatures. mdTLS eliminates the need for direct server certificate installation on middleboxes, instead enabling each middlebox to perform network traffic auditing with its own unique certificate. This delegation of certificate authority, facilitated by proxy signature techniques, prevents certificate duplication and streamlines the certificate issuance process, thereby enhancing performance. Implementation results based on OpenSSL demonstrate that mdTLS reduces latency by approximately 25% in key and certificate generation within a general communication environment. Furthermore, similar performance gains are observed when mdTLS is applied to a Snort security appliance. The protocol’s security is formally verified using the Tamarin Prover, confirming its adherence to established TLS security properties and the additional security properties derived from the proxy signature scheme.
ISSN:2169-3536

Similar Items