Abstract
Increasingly more mobile browsers are developed to use proxies for traffic compression and censorship circumvention. While these browsers can offer such desirable features, their security implications are, however, not well understood, especially when tangled with TLS in the mix. Apart from vendor-specific proprietary designs, there are mainly 2 models of using proxies with browsers: TLS interception and HTTP tunneling. To understand the current practices employed by proxy-based mobile browsers, we analyze 34 Android browser apps that are representative of the ecosystem, and examine how their deployments are affecting communication security. Though the impacts of TLS interception on security was studied before in other contexts, proxy-based mobile browsers were not considered previously. In addition, the tunneling model requires the browser itself to enforce certain desired security policies (e.g., validating certificates and avoiding the use of weak cipher suites), and it is preferable to have such enforcement matching the security level of conventional desktop browsers. Our evaluation shows that many proxy-based mobile browsers downgrade the overall quality of TLS sessions, by for example allowing old versions of TLS (e.g., SSLv3.0 and TLSv1.0) and accepting weak cryptographic algorithms (e.g., 3DES and RC4) as well as unsatisfactory certificates (e.g., revoked or signed by untrusted CAs), thus exposing their users to potential security and privacy threats. We have reported our findings to the vendors of vulnerable proxy-based browsers and are waiting for their response.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Baseline requirements for the issuance and management of publicly-trusted certificates (2019). https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.6.pdf
Al Fardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: IEEE S&P (2013)
AlFardan, N., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.: On the security of RC4 in TLS. In: USENIX Security (2013)
Barker, E., Mouha, N.: Recommendation for triple data encryption algorithm (TDEA) block cipher. NIST special publication 800–67 Rev. 2 (2017)
Barker, E., Roginsk, A.: Transitioning the use of cryptographic algorithms and key lengths. NIST special publication 800–131A Rev. 2 (2019)
Bellare, M.: New proofs for NMAC and HMAC: security without collision-resistance. In: Annual International Cryptology Conference (2006)
Bhargavan, K., Leurent, G.: On the practical (in-) security of 64-bit block ciphers: collision attacks on http over TLS and openVPN. In: ACM CCS (2016)
Bhargavan, K., Leurent, G.: Transcript collision attacks: breaking authentication in TLS, IKE, and SSH. In: NDSS (2016)
Bright, P.: Apple, google, microsoft, and mozilla come together to end TLS 1.0 (2018). https://arstechnica.com/gadgets/2018/10/browser-vendors-unite-to-end-support-for-20-year-old-tls-1-0/
Calzavara, S., Focardi, R., Nemec, M., Rabitti, A., Squarcina, M.: Postcards from the post-http world: amplification of https vulnerabilities in the web ecosystem. In: IEEE S&P (2019)
de Carnavalet, X.D.C., Mannan, M.: Killed by proxy: analyzing client-end TLS interception software. In: NDSS (2016)
Debnath, J.: When TLS meets proxy on mobile (2020). https://sites.google.com/view/joyantadebnath/when-tls-meets-proxy-on-mobile
Duong, T., Rizzo, J.: Here come the \(\oplus \) ninjas. Technical report (2011)
Durumeric, Z., et al.: The security impact of https interception. In: NDSS (2017)
Ensafi, R., Fifield, D., Winter, P., Feamster, N., Weaver, N., Paxson, V.: Examining how the great firewall discovers hidden circumvention servers. In: ACM IMC (2015)
Garman, C., Paterson, K.G., Van der Merwe, T.: Attacks only get better: password recovery attacks against RC4 in TLS. In: USENIX Security (2015)
Huang, L.S., Rice, A., Ellingsen, E., Jackson, C.: Analyzing forged SSL certificates in the wild. In: IEEE S&P (2014)
Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Lucky 13 strikes back. In: ACM Symposium on Information, Computer and Communications Security (2015)
Jarmoc, J., Unit, D.: SSL/TLS interception proxies and transitive trust. Black Hat Europe (2012)
Lenstra, A., De Weger, B.: On the possibility of constructing meaningful hash collisions for public keys. In: Australasian Conference on Information Security and Privacy (2005)
Luo, M., Laperdrix, P., Honarmand, N., Nikiforakis, N.: Time does not heal all wounds: a longitudinal analysis of security-mechanism support in mobile browsers. In: NDSS (2019)
McDonald, A., et al.: 403 forbidden: a global view of CDN geoblocking. In: ACM IMC (2018)
Moriarty, K., Farrell, S.: Deprecating TLSV1.0 and TLSV1.1 (2019). https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-05
Niaki, A.A., et al.: IClab: a global, longitudinal internet censorship measurement platform. In: IEEE S&P (2019)
Payne, B.: PKI at scale using short-lived certificates. In: USENIX Enigma (2016)
PCI Security Standards Council: Migrating from SSL and early TLS. Technical report (2015)
Reaves, B., et al.: Mo (bile) money, mo (bile) problems: analysis of branchless banking applications. ACM Trans. Priv. Secur. 20(3), 1–31 (2017)
Ronen, E., Paterson, K.G., Shamir, A.: Pseudo constant time implementations of TLS are only pseudo secure. In: ACM CCS (2018)
Sotirov, A., et al.: MD5 considered harmful today, creating a rogue CA certificate. In: Annual Chaos Communication Congress (2008)
Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full sha-1. In: Annual International Cryptology Conference (2017)
Stevens, M., Karpman, P., Peyrin, T.: Freestart collision for full sha-1. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques (2016)
Stevens, M., Lenstra, A., Weger, B.: Chosen-prefix collisions for md5 and colliding x.509 certificates for different identities. In: Annual International Conference on Advances in Cryptology (2007)
Taylor, M.: Tls 1.0 and 1.1 removal update (2019). https://hacks.mozilla.org/2019/05/tls-1-0-and-1-1-removal-update/
Topalovic, E., Saeta, B., Huang, L.S., Jackson, C., Boneh, D.: Towards short-lived certificates. Web 2.0 Secur. Priv. (2012)
VanderSloot, B., McDonald, A., Scott, W., Halderman, J.A., Ensafi, R.: Quack: scalable remote measurement of application-layer censorship. In: USENIX Security (2018)
Vanhoef, M., Piessens, F.: All your biases belong to us: Breaking RC4 in wpa-tkip and TLS. In: USENIX Security (2015)
Waked, L., Mannan, M., Youssef, A.: To intercept or not to intercept: analyzing TLS interception in network appliances. In: ACM AsiaCCS (2018)
Wang, Q., Gong, X., Nguyen, G.T., Houmansadr, A., Borisov, N.: Censorspoofer: asymmetric communication using IP spoofing for censorship-resistant web browsing. In: ACM CCS (2012)
Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. IACR Cryptology ePrint Archive (2004)
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Annual International Cryptology Conference (2005)
Wilson, K.: Phasing out certificates with 1024-bit RSA keys (2014). https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/
Acknowledgement
We thank the anonymous reviewers for their comments. This work is supported by NSF grant CNS-1657124.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Debnath, J., Chau, S.Y., Chowdhury, O. (2020). When TLS Meets Proxy on Mobile. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds) Applied Cryptography and Network Security. ACNS 2020. Lecture Notes in Computer Science(), vol 12147. Springer, Cham. https://doi.org/10.1007/978-3-030-57878-7_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-57878-7_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57877-0
Online ISBN: 978-3-030-57878-7
eBook Packages: Computer ScienceComputer Science (R0)