research-article

To Intercept or Not to Intercept: Analyzing TLS Interception in Network Appliances

Authors:

Mohammad Mannan,

Amr YoussefAuthors Info & Claims

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

Pages 399 - 412

https://doi.org/10.1145/3196494.3196528

Published: 29 May 2018 Publication History

Abstract

Many enterprise-grade network appliances host a TLS proxy to facilitate interception of TLS-protected traffic for various purposes, including malware scanning, phishing detection, and preventing data exfiltration. When deployed, the TLS proxy acts as the security validating client for external TLS web servers, on behalf of the original requesting client; on the other hand, the proxy acts as the web server to the client. Consequently, TLS proxies must maintain a reliable level of security, at least, at the same level as modern web browsers and properly configured TLS servers. Failure to do so increases the attack surface of all the proxied clients served the network appliance. We develop a framework for testing TLS inspecting appliances, combining and extending tests from existing work on client-end and network-based interception. Utilizing this framework, we analyze six representative network appliances, and uncover several security issues regarding TLS version and certificate parameters mapping, CA trusted stores, private keys, and certificate validation tests. For instance, we found that two appliances perform no certificate validation at all, exposing their end-clients to trivial Man-in-the-Middle attacks. The remaining appliances that perform certificate validation, still do not follow current best practices, and thus making them vulnerable against certain attacks. We also found that all the tested appliances deceive the requesting clients, by offering TLS parameters that are different from the proxy-to-server TLS parameters, such as the TLS versions, hashing algorithms, and RSA key sizes. We hope that this work bring focus on the risks and vulnerabilities of using TLS proxies that are being widely deployed in many enterprise and government environments, potentially affecting all their users and systems.

References

[1]

BEAST attack 1/n-1 split patch. Available at https://goo.gl/8MYeqz.

[2]

Cisco WSA AsyncOS documentation. Available at https://goo.gl/hkHRbK.

[3]

Diginotar ca breach. Available at https://goo.gl/p9ainQ, Sep 2011.

[4]

Distrusting new CNNIC certificates. Available at https://goo.gl/yPidqC, Apr 2015.

[5]

Distrusting new WoSign and StartCom certificates. Available at https://goo.gl/ zGmf5b, Oct 2016.

[6]

Effects of HTTPS and SSL inspection on the client. Available athttps://goo.gl/ q1MVw4, Aug 2017.

[7]

Extended validation OID. Available at https://goo.gl/AmmnXE, Oct 2013.

[8]

GRC certificate validation revoked test, note=Available at https://goo.gl/A83vCC.

[9]

Heartleech - GitHub. Available at https://goo.gl/JeKcpt.

[10]

Howsmyssl - GitHub. Available at https://goo.gl/48gyGd.

[11]

Lenovo's superfish security. Available at https://goo.gl/w2R2y5, Feb 2015.

[12]

Microsoft TMG 2010 updates. Available at https://goo.gl/WcykM6.

[13]

Microsoft TMG supported OS version. Available at https://goo.gl/SU9LQ8.

[14]

Microsoft trusted root certificate program. Available at https://goo.gl/5BT7d8.

[15]

Mimikatz - GitHub. Available at https://goo.gl/dUWCmH.

[16]

Revoking ANSSI CA. Available at https://goo.gl/rCjwtY, Dec 2013.

[17]

The risks of SSL inspection. Available athttps://goo.gl/S3mL5v, Mar 2015.

[18]

SSL client test. Available at https://goo.gl/3RdQ1J.

[19]

The TÜRKTRUST SSL certificate fiasco. Available at https://goo.gl/8gxCdc, Jan 2013.

[20]

UFS - Linux Kernel archives. Available at https://goo.gl/yZ3Fty.

[21]

Untangle SSL inspector documentation. Available at https://goo.gl/NZghGy.

[22]

US-CERT alert on HTTPS interception. Available at https://goo.gl/9oqZ4w.

[23]

Volatility. Available at https://goo.gl/LSnbwF.

[24]

Windows cryptography API (CNG). Available at https://goo.gl/UrARyq.

[25]

ZMap - GitHub. Available at https://goo.gl/1g2UtU.

[26]

D. Adrian, K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green, J. A. Halderman, N. Heninger, D. Springall, E. Thomé, L. Valenta, et al. Imperfect forward secrecy: How diffie-hellman fails in practice. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 5--17, Denver, CO, USA, 2015.

Digital Library

[27]

B. Beurdouche, K. Bhargavan, A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, and J. K. Zinzindohoue. A messy state of the union: Taming the composite state machines of tls. In 2015 IEEE Symposium on Security and Privacy, pages 535--552, Fairmont, CA, USA, 2015.

Digital Library

[28]

K. Bhargavan and G. Leurent. On the practical (in-) security of 64-bit block ciphers: Collision attacks on HTTP over TLS and OpenVPN. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 456--467, Vienna, Austria, 2016.

Digital Library

[29]

E. Biham, O. Dunkelman, N. Keller, and A. Shamir. New attacks on IDEA with at least 6 rounds. Journal of Cryptology, 28(2):209--239, 2015.

Digital Library

[30]

C. Brubaker, S. Jana, B. Ray, S. Khurshid, and V. Shmatikov. Using Frankencerts for automated adversarial testing of certificate validation in SSL/TLS implementations. In 2014 IEEE Symposium on Security and Privacy, pages 114--129, Fairmont, CA, USA, 2014.

Digital Library

[31]

S. Y. Chau, O. Chowdhury, E. Hoque, H. Ge, A. Kate, C. Nita-Rotaru, and N. Li. SymCerts: Practical symbolic execution for exposing noncompliance in x.509 certificate validation implementations. In 2017 IEEE Symposium on Security and Privacy, pages 61--68, Fairmont, CA, USA, 2017.

[32]

X. de Carné de Carnavalet and M. Mannan. Killed by proxy: Analyzing client-end tls interception software. In Network and Distributed System Security Symposium, San Diego, CA, USA, 2016.

[33]

T. Duong and J. Rizzo. Here come the ⊕ ninjas. Technical Report. Available at https://goo.gl/DujxQg, May 2011.

[34]

T. Duong and J. Rizzo. The CRIME attack. Presentation at Ekoparty Security Conference, 2012.

[35]

Z. Durumeric, Z. Ma, D. Springall, R. Barnes, N. Sullivan, E. Bursztein, M. Bailey, J. A. Halderman, and V. Paxson. The security impact of HTTPS interception. In Network and Distributed Systems Symposium, San Diego, CA, USA, 2017.

[36]

S. Fahl, M. Harbach, T. Muders, L. Baumgärtner, B. Freisleben, and M. Smith. Why eve and mallory love android: An analysis of Android SSL (in) security. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 50--61, Raleigh, NC, USA, 2012.

Digital Library

[37]

M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. The most dangerous code in the world: validating ssl certificates in non-browser software. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 38--49, Raleigh, NC, USA, 2012.

Digital Library

[38]

B. He, V. Rastogi, Y. Cao, Y. Chen, V. Venkatakrishnan, R. Yang, and Z. Zhang. Vetting SSL usage in applications with SSLint. In 2015 IEEE Symposium on Security and Privacy, pages 519--534, Fairmont, CA, USA, 2015.

Digital Library

[39]

R. Housley, W. Ford, W. Polk, and D. Solo. RFC 5280: Internet x.509 public key infrastructure certificate and crl profile, May 2008.

[40]

L. S. Huang, A. Rice, E. Ellingsen, and C. Jackson. Analyzing forged SSL certificates in the wild. In 2014 IEEE Symposium on Security and Privacy, pages 83--97, Fairmont, CA, USA, 2014.

Digital Library

[41]

J. Jarmoc. SSL/TLS interception proxies and transitive trust. Black Hat Europe, Mar 2012.

[42]

M. O'Neill, S. Ruoti, K. Seamons, and D. Zappala. TLS proxies: Friend or foe? In Proceedings of the 2016 ACM on Internet Measurement Conference, pages 551--557, Santa Monica, CA, USA, 2016.

Digital Library

[43]

E. Rescorla, M. Ray, S. Dispensa, and N. Oskov. RFC 5746: Transport layer security (tls) renegotiation indication extension, Feb 2010.

[44]

S. Ruoti, M. O'Neill, D. Zappala, and K. E. Seamons. User attitudes toward the inspection of encrypted traffic. In Proceedings of the Eleventh Symposium On Usable Privacy and Security, pages 131--146, Denver, CO, USA, 2016.

[45]

S. Sivakorn, G. Argyros, K. Pei, A. D. Keromytis, and S. Jana. HVLearn: Automated black-box analysis of hostname verification in SSL/TLS implementations. In 2017 IEEE Symposium on Security and Privacy, pages 521--538, Fairmont, CA, USA, 2017.

[46]

L. Valenta, S. Cohney, A. Liao, J. Fried, S. Bodduluri, and N. Heninger. Factoring as a service. In International Conference on Financial Cryptography and Data Security, pages 321--338, Christ Church, Barbados, 2016.

[47]

P. Van De Zande. The day DES died. SANS Institute, Jul 2001.

[48]

M. Vanhoef and F. Piessens. All your biases belong to us: Breaking RC4 in WPATKIP and TLS. In USENIX Security Symposium, pages 97--112, Washington D.C., USA, 2015.

Digital Library

[49]

X. Wang and H. Yu. How to break MD5 and other hash functions. In 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 19--35, Sofia, Bulgaria, 2005.

Digital Library

Cited By

Yoon JDo SKim DChung TPark KBagchi SZhang Y(2024)mmTLSProceedings of the 2024 USENIX Conference on Usenix Annual Technical Conference10.5555/3691992.3692031(631-647)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691992.3692031
Zhou JFu WHu WSun ZHe TZhang Z(2024)Challenges and Advances in Analyzing TLS 1.3-Encrypted Traffic: A Comprehensive SurveyElectronics10.3390/electronics1320400013:20(4000)Online publication date: 11-Oct-2024
https://doi.org/10.3390/electronics13204000
Luo MFeng BLu LKirda ERen K(2024)On the Complexity of the Web’s PKI: Evaluating Certificate Validation of Mobile BrowsersIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325586921:1(419-433)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3255869
Show More Cited By

Index Terms

To Intercept or Not to Intercept: Analyzing TLS Interception in Network Appliances
1. Networks
  1. Network components
    1. Middle boxes / network appliances
2. Security and privacy
  1. Network security

Recommendations

The Sorry State of TLS Security in Enterprise Interception Appliances
Field Notes

Network traffic inspection, including TLS traffic, in enterprise environments is widely practiced. Reasons for doing so are primarily related to improving enterprise security (e.g., phishing and malicious traffic detection) and meeting legal ...
TLS Proxies: Friend or Foe?
IMC '16: Proceedings of the 2016 Internet Measurement Conference

We measure the prevalence and uses of TLS proxies using a Flash tool deployed with a Google AdWords campaign. We generate 2.9 million certificate tests and find that 1 in 250 TLS connections are TLS-proxied. The majority of these proxies appear to be ...
The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

The SSL and TLS infrastructure used in important protocols like HTTPs and IMAPs is built on an X.509 public-key infrastructure (PKI). X.509 certificates are thus used to authenticate services like online banking, shopping, e-mail, etc. However, it ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

May 2018

866 pages

ISBN:9781450355766

DOI:10.1145/3196494

General Chairs:
Jong Kim
Pohang University of Science and Technology, South Korea
,
Gail-Joon Ahn
Arizona State University, USA &Samsung Electronics, South Korea
,
Seungjoo Kim
Korea University, South Korea
,
Program Chairs:
Yongdae Kim
KAIST, South Korea
,
Javier Lopez
University of Malaga, Spain
,
Taesoo Kim
Georgia Tech, USA

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 May 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSERC - Natural Sciences and Engineering Research Council of Canada

Conference

ASIA CCS '18

Sponsor:

SIGSAC

ASIA CCS '18: ACM Asia Conference on Computer and Communications Security

June 4, 2018

Incheon, Republic of Korea

Acceptance Rates

ASIACCS '18 Paper Acceptance Rate 52 of 310 submissions, 17%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
392
Total Downloads

Downloads (Last 12 months)43
Downloads (Last 6 weeks)8

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yoon JDo SKim DChung TPark KBagchi SZhang Y(2024)mmTLSProceedings of the 2024 USENIX Conference on Usenix Annual Technical Conference10.5555/3691992.3692031(631-647)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691992.3692031
Zhou JFu WHu WSun ZHe TZhang Z(2024)Challenges and Advances in Analyzing TLS 1.3-Encrypted Traffic: A Comprehensive SurveyElectronics10.3390/electronics1320400013:20(4000)Online publication date: 11-Oct-2024
https://doi.org/10.3390/electronics13204000
Luo MFeng BLu LKirda ERen K(2024)On the Complexity of the Web’s PKI: Evaluating Certificate Validation of Mobile BrowsersIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325586921:1(419-433)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3255869
Debnath JJenkins CSun YChau SChowdhury O(2024)ARMOR: A Formally Verified Implementation of X.509 Certificate Chain Validation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00220(1462-1480)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00220
Wang WLee HHuang YBertino ELi N(2024)Towards Efficient Privacy-Preserving Deep Packet InspectionComputer Security – ESORICS 202310.1007/978-3-031-51476-0_9(166-192)Online publication date: 11-Jan-2024
https://doi.org/10.1007/978-3-031-51476-0_9
de Carné de Carnavalet Xvan Oorschot P(2023)A Survey and Analysis of TLS Interception Mechanisms and Motivations: Exploring how end-to-end TLS is made “end-to-me” for web trafficACM Computing Surveys10.1145/358052255:13s(1-40)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1145/3580522
ÇELEBİ MÖZBİLEN AYAVANOĞLU U(2022)Modern ağ trafiği analizi için derin paket incelemesi hakkında kapsamlı bir çalışma: sorunlar ve zorluklarÖmer Halisdemir Üniversitesi Mühendislik Bilimleri Dergisi10.28948/ngumuh.1184020Online publication date: 14-Nov-2022
https://doi.org/10.28948/ngumuh.1184020
ZHANG XCHENG QLI Y(2022)LaTLS: A Lattice‐Based TLS Proxy ProtocolChinese Journal of Electronics10.1049/cje.2018.00.35731:2(313-321)Online publication date: Mar-2022
https://doi.org/10.1049/cje.2018.00.357
Wilkens FHaas SAmann JFischer M(2022)Passive, Transparent, and Selective TLS Decryption for Network Security MonitoringICT Systems Security and Privacy Protection10.1007/978-3-031-06975-8_6(87-105)Online publication date: 3-Jun-2022
https://doi.org/10.1007/978-3-031-06975-8_6
Ma ZAustgen JMason JDurumeric ZBailey MLevin DMislove AAmann JLuckie M(2021)Tracing your rootsProceedings of the 21st ACM Internet Measurement Conference10.1145/3487552.3487813(179-194)Online publication date: 2-Nov-2021
https://dl.acm.org/doi/10.1145/3487552.3487813
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten