License: Creative Commons Attribution 3.0 Unported license (CC BY 3.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.OPODIS.2017.28
URN: urn:nbn:de:0030-drops-86437
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2018/8643/
Joaquim, André ;
Pardal, Miguel L. ;
Correia, Miguel
Vulnerability-Tolerant Transport Layer Security
Abstract
SSL/TLS communication channels play a very important role in Internet security, including cloud computing and server infrastructures. There are often concerns about the strength of the encryption mechanisms used in TLS channels. Vulnerabilities can lead to some of the cipher suites once thought to be secure to become insecure and no longer recommended for use or in urgent need of a software update. However, the deprecation/update process is very slow and weeks or months can go by before most web servers and clients are protected, and some servers and clients may never be updated. In the meantime, the communications are at risk of being intercepted and tampered by attackers.
In this paper we propose an alternative to TLS to mitigate the problem of secure commu- nication channels being susceptible to attacks due to unexpected vulnerabilities in its mechan- isms. Our solution, called Vulnerability-Tolerant Transport Layer Security (vtTLS), is based on diversity and redundancy of cryptographic mechanisms and certificates to ensure a secure communication even when one or more mechanisms are vulnerable. Our solution relies on a combination of k cipher suites which ensure that even if k − 1 cipher suites are insecure or vul- nerable, the remaining cipher suite keeps the communication channel secure. The performance and cost of vtTLS were evaluated and compared with OpenSSL, one of the most widely used implementations of TLS.
BibTeX - Entry
@InProceedings{joaquim_et_al:LIPIcs:2018:8643,
author = {Andr{\'e} Joaquim and Miguel L. Pardal and Miguel Correia},
title = {{Vulnerability-Tolerant Transport Layer Security}},
booktitle = {21st International Conference on Principles of Distributed Systems (OPODIS 2017)},
pages = {28:1--28:16},
series = {Leibniz International Proceedings in Informatics (LIPIcs)},
ISBN = {978-3-95977-061-3},
ISSN = {1868-8969},
year = {2018},
volume = {95},
editor = {James Aspnes and Alysson Bessani and Pascal Felber and Jo{\~a}o Leit{\~a}o},
publisher = {Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
address = {Dagstuhl, Germany},
URL = {http://drops.dagstuhl.de/opus/volltexte/2018/8643},
URN = {urn:nbn:de:0030-drops-86437},
doi = {10.4230/LIPIcs.OPODIS.2017.28},
annote = {Keywords: Secure communication channels, Transport layer security, SSL/TLS, Diversity, Redundancy, Vulnerability tolerance}
}
Keywords: |
|
Secure communication channels, Transport layer security, SSL/TLS, Diversity, Redundancy, Vulnerability tolerance |
Collection: |
|
21st International Conference on Principles of Distributed Systems (OPODIS 2017) |
Issue Date: |
|
2018 |
Date of publication: |
|
28.03.2018 |