Document Open Access Logo

Proxying Is Enough: Security of Proxying in TLS Oracles and AEAD Context Unforgeability

Authors Zhongtang Luo , Yanxue Jia , Yaobin Shen , Aniket Kate

PDF

File

Thumbnail PDF
PDF
LIPIcs.AFT.2025.4.pdf
  • Filesize: 1.42 MB
  • 24 pages

Document Identifiers

Related Versions

Subject Classification

ACM Subject Classification
  • Security and privacy → Block and stream ciphers
  • Security and privacy → Security protocols
Keywords
  • Oracle
  • TLS
  • AEAD
  • Key Commitment

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads
    0
    Metadata Views

Abstract

TLS allows a client to securely obtain data from a server, but does not allow the client to offer the data provenance to an external node. TLS oracle protocols are used to solve the problem. Specifically, the verifier node, as an external node, is convinced that the data is indeed coming from a pre-defined TLS server, while remaining unable to access the client’s credentials (e.g., password). Previous TLS oracle protocols such as DECO (CCS 2020) enforced the communication pattern of server-client-verifier and utilized a novel three-party handshake process during TLS to ensure data integrity against potential tempering by the client. However, this approach introduces a significant performance penalty on the client and the verifier. Most recently, some works have proposed to reduce the overhead by putting the verifier (as a proxy) between the server and the client such that the correct TLS transcript is available to the verifier. Nevertheless, these works still rely on heavy two-party secure computations or zero-knowledge proofs. In this work, we push the proxy model to the extreme, where the verifier only needs to forward messages without performing any other heavy computational operations when only the credentials should be protected and the data retrieved from the server could be open to the verifier. Surprisingly, we prove that the thorough proxy model is enough to guarantee security in some common scenarios, allowing a saving of 60-90% in running time under common scenarios.
We first formalize the proxy-based Oracle protocol and functionality that allows the verifier to directly proxy client-server TLS communication, without entering a three-party handshake or interfering with the connection in any way. We then show that for common TLS-based higher-level protocols such as HTTPS, data integrity to the verifier proxy is ensured by the variable padding built into the HTTP protocol semantics. On the other hand, if a TLS-based protocol comes without variable padding, we demonstrate that data integrity cannot be guaranteed. In this context, we then study the case where the TLS response is pre-determined and cannot be tampered with during the connection. We propose the concept of context unforgeability and show that data integrity can also be guaranteed as long as the underlying Authenticated Encryption with Associated Data (AEAD) satisfies context unforgeability. We further show that ChaCha20-Poly1305 satisfies the concept while AES-GCM does not.

Cite As Get BibTex

Zhongtang Luo, Yanxue Jia, Yaobin Shen, and Aniket Kate. Proxying Is Enough: Security of Proxying in TLS Oracles and AEAD Context Unforgeability. In 7th Conference on Advances in Financial Technologies (AFT 2025). Leibniz International Proceedings in Informatics (LIPIcs), Volume 354, pp. 4:1-4:24, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2025) https://doi.org/10.4230/LIPIcs.AFT.2025.4

Author Details

Zhongtang Luo
  • Purdue University, United States
Yanxue Jia
  • Purdue University, United States
Yaobin Shen
  • Xiamen University, China
Aniket Kate
  • Purdue University, United States
  • Supra Research, United States

Funding

This work is supported partially by the National Science Foundation under grant CNS-1846316 and a gift from Supra Labs.
  • Shen, Yaobin: Yaobin Shen is supported by the National Key Research and Development Program of China (2024YFB4504800), and the National Natural Science Foundation of China (62402404).

Acknowledgements

We would like to thank Madhavan Malolan and Kirill Kutsenok from the Reclaim Protocol for helpful discussions and suggestions.

References

  1. Ange Albertini, Thai Duong, Shay Gueron, Stefan Kölbl, Atul Luykx, and Sophie Schmieg. How to abuse and fix authenticated encryption without key commitment. In Kevin R. B. Butler and Kurt Thomas, editors, USENIX Security 2022, pages 3291-3308. USENIX Association, August 2022. URL: https://www.usenix.org/conference/usenixsecurity22/presentation/albertini.
  2. Mihir Bellare and Viet Tung Hoang. Efficient schemes for committing authenticated encryption. In Orr Dunkelman and Stefan Dziembowski, editors, EUROCRYPT 2022, Part II, volume 13276 of LNCS, pages 845-875. Springer, Heidelberg, May / June 2022. URL: https://doi.org/10.1007/978-3-031-07085-3_29.
  3. Karthikeyan Bhargavan, Ioana Boureanu, Antoine Delignat-Lavaud, Pierre-Alain Fouque, and Cristina Onete. A formal treatment of accountable proxying over TLS. In 2018 IEEE Symposium on Security and Privacy, pages 799-816. IEEE Computer Society Press, May 2018. URL: https://doi.org/10.1109/SP.2018.00021.
  4. Lorenz Breidenbach, Christian Cachin, Benedict Chan, Alex Coventry, Steve Ellis, Ari Juels, Farinaz Koushanfar, Andrew Miller, Brendan Magauran, Daniel Moroz, et al. Chainlink 2.0: Next steps in the evolution of decentralized oracle networks, 2021. URL: https://chain.link/.
  5. Vitalik Buterin. Ethereum white paper: A next-generation smart contract and decentralized application platform. https://finpedia.vn/wp-content/uploads/2022/02/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf. Accessed: March 28, 2024.
  6. Sofía Celi, Alex Davidson, Hamed Haddadi, Gonçalo Pestana, and Joe Rowell. Distefano: Decentralized infrastructure for sharing trusted encrypted facts and nothing more. Cryptology ePrint Archive, Paper 2023/1063, 2023. URL: https://eprint.iacr.org/2023/1063.
  7. Chainlink Foundation. What is the blockchain oracle problem? https://blog.chain.link/what-is-the-blockchain-oracle-problem/. Accessed: March 28, 2024.
  8. John Chan and Phillip Rogaway. On committing authenticated-encryption. In Vijayalakshmi Atluri, Roberto Di Pietro, Christian Damsgaard Jensen, and Weizhi Meng, editors, ESORICS 2022, Part II, volume 13555 of LNCS, pages 275-294. Springer, Heidelberg, September 2022. URL: https://doi.org/10.1007/978-3-031-17146-8_14.
  9. Kwan Yin Chan, Handong Cui, and Tsz Hon Yuen. DIDO: data provenance from restricted TLS 1.3 websites. In Information Security Practice and Experience, pages 154-169. Springer Nature, 2023. URL: https://doi.org/10.1007/978-981-99-7032-2_10.
  10. Yevgeniy Dodis, Paul Grubbs, Thomas Ristenpart, and Joanne Woodage. Fast message franking: From invisible salamanders to encryptment. In Hovav Shacham and Alexandra Boldyreva, editors, CRYPTO 2018, Part I, volume 10991 of LNCS, pages 155-186. Springer, Heidelberg, August 2018. URL: https://doi.org/10.1007/978-3-319-96884-1_6.
  11. Morris Dworkin. Recommendation for block cipher modes of operation: Galois/counter mode (GCM) and GMAC. Technical Report NIST Special Publication (SP) 800-38D, National Institute of Standards and Technology, Gaithersburg, MD, 2007. URL: https://doi.org/10.6028/NIST.SP.800-38D.
  12. Jens Ernstberger, Jan Lauinger, Yinnan Wu, Arthur Gervais, and Sebastian Steinhorst. ORIGO: Proving provenance of sensitive data with constant communication. Cryptology ePrint Archive, Paper 2024/447, 2024. URL: https://eprint.iacr.org/2024/447.
  13. Lorenzo Grassi, Dmitry Khovratovich, Christian Rechberger, Arnab Roy, and Markus Schofnegger. Poseidon: A new hash function for zero-knowledge proof systems. In Michael Bailey and Rachel Greenstadt, editors, USENIX Security 2021, pages 519-535. USENIX Association, August 2021. URL: https://www.usenix.org/conference/usenixsecurity21/presentation/grassi.
  14. Paul Grubbs, Arasu Arun, Ye Zhang, Joseph Bonneau, and Michael Walfish. Zero-knowledge middleboxes. In Kevin R. B. Butler and Kurt Thomas, editors, USENIX Security 2022, pages 4255-4272. USENIX Association, August 2022. URL: https://www.usenix.org/conference/usenixsecurity22/presentation/grubbs.
  15. Paul Grubbs, Jiahui Lu, and Thomas Ristenpart. Message franking via committing authenticated encryption. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part III, volume 10403 of LNCS, pages 66-97. Springer, Heidelberg, August 2017. URL: https://doi.org/10.1007/978-3-319-63697-9_3.
  16. Jan Lauinger, Jens Ernstberger, Andreas Finkenzeller, and Sebastian Steinhorst. Janus: Fast privacy-preserving data provenance for TLS 1.3. Cryptology ePrint Archive, Report 2023/1377, 2023. URL: https://eprint.iacr.org/2023/1377.
  17. David McGrew. An Interface and Algorithms for Authenticated Encryption. RFC 5116, January 2008. URL: https://doi.org/10.17487/RFC5116.
  18. Sanketh Menda, Julia Len, Paul Grubbs, and Thomas Ristenpart. Context discovery and commitment attacks - how to break CCM, EAX, SIV, and more. In Carmit Hazay and Martijn Stam, editors, EUROCRYPT 2023, Part IV, volume 14007 of LNCS, pages 379-407. Springer, Heidelberg, April 2023. URL: https://doi.org/10.1007/978-3-031-30634-1_13.
  19. David Naylor, Kyle Schomp, Matteo Varvello, Ilias Leontiadis, Jeremy Blackburn, Diego R. López, Konstantina Papagiannaki, Pablo Rodriguez Rodriguez, and Peter Steenkiste. Multi-context TLS (mcTLS): Enabling secure in-network functionality in TLS. In ACM SIGCOMM 2015, volume 45, pages 199-212. ACM Press, August 2015. URL: https://doi.org/10.1145/2829988.2787482.
  20. Henrik Nielsen, Jeffrey Mogul, Larry M Masinter, Roy T. Fielding, Jim Gettys, Paul J. Leach, and Tim Berners-Lee. Hypertext Transfer Protocol - HTTP/1.1. RFC 2616, June 1999. URL: https://doi.org/10.17487/RFC2616.
  21. Yoav Nir and Adam Langley. ChaCha20 and Poly1305 for IETF Protocols. RFC 7539, May 2015. URL: https://doi.org/10.17487/RFC7539.
  22. Reclaim Protocol. Reclaim protocol: Claiming and managing self-sovereign credentials, 2023. URL: https://www.reclaimprotocol.org/.
  23. Q-Success. Usage statistics of default protocol https for websites. https://w3techs.com/technologies/details/ce-httpsdefault. Accessed: April 10, 2024.
  24. Eric Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, August 2018. URL: https://doi.org/10.17487/RFC8446.
  25. Eric Rescorla and Tim Dierks. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, August 2008. URL: https://doi.org/10.17487/RFC5246.
  26. Hubert Ritzdorf, Karl Wüst, Arthur Gervais, Guillaume Felley, and Srdjan Capkun. TLS-N: Non-repudiation over TLS enablign ubiquitous content signing. In NDSS 2018. The Internet Society, February 2018. URL: https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_09-4_Ritzdorf_paper.pdf.
  27. Sijun Tan, Weikeng Chen, Ryan Deng, and Raluca Ada Popa. MPCAuth: Multi-factor authentication for distributed-trust systems. In 2023 IEEE Symposium on Security and Privacy, pages 829-847. IEEE Computer Society Press, May 2023. URL: https://doi.org/10.1109/SP46215.2023.10179481.
  28. Liang Wang, Gilad Asharov, Rafael Pass, Thomas Ristenpart, and abhi shelat. Blind certificate authorities. In 2019 IEEE Symposium on Security and Privacy, pages 1015-1032. IEEE Computer Society Press, May 2019. URL: https://doi.org/10.1109/SP.2019.00007.
  29. David Warburton. The 2021 TLS telemetry report. https://www.f5.com/labs/articles/threat-intelligence/the-2021-tls-telemetry-report. Accessed: April 10, 2024.
  30. The OpenSSL Wiki. Tls1.3, 2023. URL: https://wiki.openssl.org/index.php/TLS1.3.
  31. Xiang Xie, Kang Yang, Xiao Wang, and Yu Yu. Lightweight authentication of web data via garble-then-prove. Cryptology ePrint Archive, Report 2023/964, 2023. URL: https://eprint.iacr.org/2023/964.
  32. Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, and Elaine Shi. Town crier: An authenticated data feed for smart contracts. In Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi, editors, ACM CCS 2016, pages 270-282. ACM Press, October 2016. URL: https://doi.org/10.1145/2976749.2978326.
  33. Fan Zhang, Deepak Maram, Harjasleen Malvai, Steven Goldfeder, and Ari Juels. DECO: Liberating web data using decentralized oracles for TLS. In Jay Ligatti, Xinming Ou, Jonathan Katz, and Giovanni Vigna, editors, ACM CCS 2020, pages 1919-1938. ACM Press, November 2020. URL: https://doi.org/10.1145/3372297.3417239.
Any Issues?
X

Feedback on the Current Page

CAPTCHA

Thanks for your feedback!

Feedback submitted to Dagstuhl Publishing

Could not send message

Please try again later or send an E-mail
© 2023-2025 Schloss Dagstuhl – LZI GmbH About DROPS Imprint Privacy Contact