In this year’s AsiaCCS conference, which is regarded as one of the prestigious conferences in the area of cybersecurity, UOW researchers presented a result that effectively resolves the previous issues of TLS inspection, and received the Best Paper award.
Transport Layer Security (TLS) is probably the most popular secure communication protocol over the Internet. Whether we are aware of it or not, we use it almost every day. – When you open a web browser on your laptop or smartphone, it will connect you to a remote website through TLS. TLS is a secure protocol meaning it will encrypt and authenticate two-way communications between your device and the remote website. Your confidential information will never be revealed.
The problem, however, is that hackers are also using TLS to hide their malicious activities. For this reason, many companies and government organisations adopt a method called “TLS inspection”. So far, the way to realise the TLS inspection has been cumbersome: It always needs a so-called “TLS proxy” to perform decryption and re-encryption, which is associated with complicated TLS certificate handling and downgraded performance.
Their idea is to have an inspector control the randomness in the cryptographic schemes in the TLS protocol to investigate TLS traffic in a highly efficient way without relying on the previous TLS proxy approach. One of the significant advantages of the proposed method is that it makes “post-incident” inspection possible. (In other words, it allows the inspector to perform forensic investigation after an attack has already happened.) It is envisaged that this new method will eventually bring a safe networking environment, especially for corporate Internet users.