Communicating securely over the Internet requires authenticating the identity of a website to establish trust. Currently the web uses TLS to validate digital certificates signed by certificate authorities.
This validation system is currently being compromised by the use of TLS proxies, which can act as a man-in-the-middle (MitM) for TLS connections. A TLS proxy can issue a substitute certificate for any site the user visits, so that the user establishes an encrypted connection to the proxy rather than the desired web site. The proxy can then decrypt and monitor or modify all user traffic, before passing it along via a second encrypted channel to the desired web site.
The use of TLS proxies to intercept encrypted traffic is controversial since the same mechanism can be used for both benevolent purposes, such as protecting against malware, and for malicious purposes, such as identity theft or warrantless government surveillance.
To understand the prevalence and uses of these proxies, we have built a TLS proxy measurement tool and deployed it via a Google AdWords campaign. We are in the process of publishing our findings from this study.
We are also working on proxy measurement for mobile devices and mechanisms to thwart proxies that wish to remain undetected. We are interested in mechanisms to require proxies to identify themselves and request user opt-in.
A. Afanasyev, J. Halderman, K. Seamons, D. Zappala, L. Zhang, Y. Yu, S. Ruoti. Content-based Security for the Web, Proceedings of the 2016 Workshop on New Security Paradigms. ACM, 2016.
S. Ruoti, M. O’Neill, D. Zappala, K. Seamons. User Attitudes Toward the Inspection of Encrypted Traffic, 12th Annual Symposium on Usable Privacy and Security (SOUPS 2016). USENIX, 2016. [Presentation]
M. O’Neill, S. Ruoti, K. Seamons, D. Zappala. TLS Proxies: Friend or Foe? 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS 2014), Scottsdale, Arizona, November 2014. [Poster]
M. O’Neill, S. Ruoti, K. Seamons, D. Zappala. TLS Proxies: Friend or Foe? arXiv preprint 1407.7146, July 2014.