Extended TLS: Masking Server Host Identity on the Internet Using Encrypted TLS Handshake

Abstract

The Internet is a common platform for sharing information. It is required to preserve every user’s privacy and security of information on the Internet. While data security is primarily taken care of by the TLS protocol and broader adaptation of HTTPS, FTPS, and SMPTS protocol, some fields of TLS expose the type of activity a user is performing, thus violating user privacy. One such protocol information is Server Name Indication (SNI) in the TLS ClinetHello message that goes in plaintext. Anyone intercepting the message thus identifies the service host type. We present a method named Extended TLS (ETLS) to mask the server host identity by encrypting the SNI without requiring any change in the existing protocols. In ETLS, a connection is established over two handshakes - the first handshake establishes a secure channel without sharing SNI information, and the second handshake shares the encrypted SNI. ETLS requires no modification in the already proven TLS encryption mechanism and retains all security benefits of the existing secure channel establishment. We demonstrate the feasibility of ETLS over live Internet with scripts that implement our methodology. Using a customized client-server and a commercial traffic shaper, we also demonstrated that the host identity is not exposed under ETLS, thus demonstrating its privacy-preserving property.