{"title":"LURK-T:TLS 1.3 中增加信任的远程密钥的有限使用","authors":"Behnam Shobiri;Sajjad Pourali;Daniel Migault;Ioana Boureanu;Stere Preda;Mohammad Mannan;Amr Youssef","doi":"10.1109/TNSE.2024.3432836","DOIUrl":null,"url":null,"abstract":"In many web applications, such as Content Delivery Networks (CDNs), TLS credentials are shared, e.g., between the website's TLS origin server and the CDN's edge servers, which can be distributed around the globe. To enhance the security and trust for TLS 1.3 in such scenarios, we propose LURK-T, a provably secure framework which allows for limited use of remote keys with added trust in TLS 1.3. We efficiently decouple the server side of TLS 1.3 into a LURK-T Crypto Service (\n<inline-formula><tex-math>$\\mathit {CS}$</tex-math></inline-formula>\n) and a LURK-T Engine (\n<inline-formula><tex-math>$\\mathit {E}$</tex-math></inline-formula>\n). \n<inline-formula><tex-math>$\\mathit {CS}$</tex-math></inline-formula>\n executes all cryptographic operations in a Trusted Execution Environment (TEE), upon \n<inline-formula><tex-math>$\\mathit {E}$</tex-math></inline-formula>\n’s requests. \n<inline-formula><tex-math>$\\mathit {CS}$</tex-math></inline-formula>\n and \n<inline-formula><tex-math>$\\mathit {E}$</tex-math></inline-formula>\n together provide the whole TLS-server functionality. A major benefit of our construction is that it is application agnostic; the LURK-T Crypto Service could be collocated with the LURK-T Engine, or it could run on different machines. Thus, our design allows for in situ attestation and protection of the cryptographic side of the TLS server, as well as for all setups of CDNs over TLS. To support such a generic decoupling, we provide a full Application Programming Interface (API) for LURK-T. To this end, we implement our LURK-T Crypto Service using Intel SGX and integrate it with OpenSSL. We also test LURK-T's efficiency and show that, from a TLS-client's perspective, HTTPS servers using LURK-T instead a traditional TLS-server have no noticeable overhead when serving files greater than 1 MB. In addition, we provide cryptographic proofs and formal security verification using ProVerif.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"11 6","pages":"6313-6327"},"PeriodicalIF":6.7000,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"LURK-T: Limited Use of Remote Keys With Added Trust in TLS 1.3\",\"authors\":\"Behnam Shobiri;Sajjad Pourali;Daniel Migault;Ioana Boureanu;Stere Preda;Mohammad Mannan;Amr Youssef\",\"doi\":\"10.1109/TNSE.2024.3432836\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In many web applications, such as Content Delivery Networks (CDNs), TLS credentials are shared, e.g., between the website's TLS origin server and the CDN's edge servers, which can be distributed around the globe. To enhance the security and trust for TLS 1.3 in such scenarios, we propose LURK-T, a provably secure framework which allows for limited use of remote keys with added trust in TLS 1.3. We efficiently decouple the server side of TLS 1.3 into a LURK-T Crypto Service (\\n<inline-formula><tex-math>$\\\\mathit {CS}$</tex-math></inline-formula>\\n) and a LURK-T Engine (\\n<inline-formula><tex-math>$\\\\mathit {E}$</tex-math></inline-formula>\\n). \\n<inline-formula><tex-math>$\\\\mathit {CS}$</tex-math></inline-formula>\\n executes all cryptographic operations in a Trusted Execution Environment (TEE), upon \\n<inline-formula><tex-math>$\\\\mathit {E}$</tex-math></inline-formula>\\n’s requests. \\n<inline-formula><tex-math>$\\\\mathit {CS}$</tex-math></inline-formula>\\n and \\n<inline-formula><tex-math>$\\\\mathit {E}$</tex-math></inline-formula>\\n together provide the whole TLS-server functionality. A major benefit of our construction is that it is application agnostic; the LURK-T Crypto Service could be collocated with the LURK-T Engine, or it could run on different machines. Thus, our design allows for in situ attestation and protection of the cryptographic side of the TLS server, as well as for all setups of CDNs over TLS. To support such a generic decoupling, we provide a full Application Programming Interface (API) for LURK-T. To this end, we implement our LURK-T Crypto Service using Intel SGX and integrate it with OpenSSL. We also test LURK-T's efficiency and show that, from a TLS-client's perspective, HTTPS servers using LURK-T instead a traditional TLS-server have no noticeable overhead when serving files greater than 1 MB. In addition, we provide cryptographic proofs and formal security verification using ProVerif.\",\"PeriodicalId\":54229,\"journal\":{\"name\":\"IEEE Transactions on Network Science and Engineering\",\"volume\":\"11 6\",\"pages\":\"6313-6327\"},\"PeriodicalIF\":6.7000,\"publicationDate\":\"2024-07-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Network Science and Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10607961/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, MULTIDISCIPLINARY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network Science and Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10607961/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}
LURK-T: Limited Use of Remote Keys With Added Trust in TLS 1.3
In many web applications, such as Content Delivery Networks (CDNs), TLS credentials are shared, e.g., between the website's TLS origin server and the CDN's edge servers, which can be distributed around the globe. To enhance the security and trust for TLS 1.3 in such scenarios, we propose LURK-T, a provably secure framework which allows for limited use of remote keys with added trust in TLS 1.3. We efficiently decouple the server side of TLS 1.3 into a LURK-T Crypto Service (
$\mathit {CS}$
) and a LURK-T Engine (
$\mathit {E}$
).
$\mathit {CS}$
executes all cryptographic operations in a Trusted Execution Environment (TEE), upon
$\mathit {E}$
’s requests.
$\mathit {CS}$
and
$\mathit {E}$
together provide the whole TLS-server functionality. A major benefit of our construction is that it is application agnostic; the LURK-T Crypto Service could be collocated with the LURK-T Engine, or it could run on different machines. Thus, our design allows for in situ attestation and protection of the cryptographic side of the TLS server, as well as for all setups of CDNs over TLS. To support such a generic decoupling, we provide a full Application Programming Interface (API) for LURK-T. To this end, we implement our LURK-T Crypto Service using Intel SGX and integrate it with OpenSSL. We also test LURK-T's efficiency and show that, from a TLS-client's perspective, HTTPS servers using LURK-T instead a traditional TLS-server have no noticeable overhead when serving files greater than 1 MB. In addition, we provide cryptographic proofs and formal security verification using ProVerif.
期刊介绍:
The proposed journal, called the IEEE Transactions on Network Science and Engineering (TNSE), is committed to timely publishing of peer-reviewed technical articles that deal with the theory and applications of network science and the interconnections among the elements in a system that form a network. In particular, the IEEE Transactions on Network Science and Engineering publishes articles on understanding, prediction, and control of structures and behaviors of networks at the fundamental level. The types of networks covered include physical or engineered networks, information networks, biological networks, semantic networks, economic networks, social networks, and ecological networks. Aimed at discovering common principles that govern network structures, network functionalities and behaviors of networks, the journal seeks articles on understanding, prediction, and control of structures and behaviors of networks. Another trans-disciplinary focus of the IEEE Transactions on Network Science and Engineering is the interactions between and co-evolution of different genres of networks.