Secure and Efficient maTLS With Proxy Signature Scheme
Many companies providing mobile and web-based internet services deploy various middleboxes, including network and security appliances, to enhance network functionality and security. In particular, security appliances such as Web Application Firewalls and Intrusion Detection/Prevention Systems are fr...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11028591/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849706123542659072 |
|---|---|
| author | Taehyun Ahn Jiwon Kwak Seungjoo Kim |
| author_facet | Taehyun Ahn Jiwon Kwak Seungjoo Kim |
| author_sort | Taehyun Ahn |
| collection | DOAJ |
| description | Many companies providing mobile and web-based internet services deploy various middleboxes, including network and security appliances, to enhance network functionality and security. In particular, security appliances such as Web Application Firewalls and Intrusion Detection/Prevention Systems are frequently used to inspect transmitted data for security threats. However, the common practice of installing server certificates on middleboxes for encrypted traffic inspection introduces the risk of exposing secret keys. To address this, this paper proposes the middlebox-delegated TLS (mdTLS) protocol, a novel approach leveraging proxy signatures. mdTLS eliminates the need for direct server certificate installation on middleboxes, instead enabling each middlebox to perform network traffic auditing with its own unique certificate. This delegation of certificate authority, facilitated by proxy signature techniques, prevents certificate duplication and streamlines the certificate issuance process, thereby enhancing performance. Implementation results based on OpenSSL demonstrate that mdTLS reduces latency by approximately 25% in key and certificate generation within a general communication environment. Furthermore, similar performance gains are observed when mdTLS is applied to a Snort security appliance. The protocol’s security is formally verified using the Tamarin Prover, confirming its adherence to established TLS security properties and the additional security properties derived from the proxy signature scheme. |
| format | Article |
| id | doaj-art-cd63a1792e8f4c17877bb573d4a046e2 |
| institution | DOAJ |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-cd63a1792e8f4c17877bb573d4a046e22025-08-20T03:16:17ZengIEEEIEEE Access2169-35362025-01-011310445610447110.1109/ACCESS.2025.357790911028591Secure and Efficient maTLS With Proxy Signature SchemeTaehyun Ahn0https://orcid.org/0009-0007-2339-286XJiwon Kwak1https://orcid.org/0009-0008-1560-7442Seungjoo Kim2https://orcid.org/0000-0002-2157-0403School of Cybersecurity, Korea University, Seoul, South KoreaSchool of Cybersecurity, Korea University, Seoul, South KoreaSchool of Cybersecurity, Korea University, Seoul, South KoreaMany companies providing mobile and web-based internet services deploy various middleboxes, including network and security appliances, to enhance network functionality and security. In particular, security appliances such as Web Application Firewalls and Intrusion Detection/Prevention Systems are frequently used to inspect transmitted data for security threats. However, the common practice of installing server certificates on middleboxes for encrypted traffic inspection introduces the risk of exposing secret keys. To address this, this paper proposes the middlebox-delegated TLS (mdTLS) protocol, a novel approach leveraging proxy signatures. mdTLS eliminates the need for direct server certificate installation on middleboxes, instead enabling each middlebox to perform network traffic auditing with its own unique certificate. This delegation of certificate authority, facilitated by proxy signature techniques, prevents certificate duplication and streamlines the certificate issuance process, thereby enhancing performance. Implementation results based on OpenSSL demonstrate that mdTLS reduces latency by approximately 25% in key and certificate generation within a general communication environment. Furthermore, similar performance gains are observed when mdTLS is applied to a Snort security appliance. The protocol’s security is formally verified using the Tamarin Prover, confirming its adherence to established TLS security properties and the additional security properties derived from the proxy signature scheme.https://ieeexplore.ieee.org/document/11028591/Formal verificationmaTLSmdTLSmiddleboxnetwork securityand proxy signature |
| spellingShingle | Taehyun Ahn Jiwon Kwak Seungjoo Kim Secure and Efficient maTLS With Proxy Signature Scheme IEEE Access Formal verification maTLS mdTLS middlebox network security and proxy signature |
| title | Secure and Efficient maTLS With Proxy Signature Scheme |
| title_full | Secure and Efficient maTLS With Proxy Signature Scheme |
| title_fullStr | Secure and Efficient maTLS With Proxy Signature Scheme |
| title_full_unstemmed | Secure and Efficient maTLS With Proxy Signature Scheme |
| title_short | Secure and Efficient maTLS With Proxy Signature Scheme |
| title_sort | secure and efficient matls with proxy signature scheme |
| topic | Formal verification maTLS mdTLS middlebox network security and proxy signature |
| url | https://ieeexplore.ieee.org/document/11028591/ |
| work_keys_str_mv | AT taehyunahn secureandefficientmatlswithproxysignaturescheme AT jiwonkwak secureandefficientmatlswithproxysignaturescheme AT seungjookim secureandefficientmatlswithproxysignaturescheme |