Short-Lived Forward-Secure Delegation for TLS

TL;DR

This paper introduces a short-lived, forward-secure delegation scheme for TLS that eliminates key sharing, reduces overhead, and enhances security when CDN servers authenticate as origin servers.

Contribution

It adapts identity-based signatures to create a delegation method with forward-security and short-lived credentials, improving upon existing delegation techniques.

Findings

Efficient implementation with minimal overhead

Provides forward-security even if secret keys leak

Reduces reliance on key sharing and workarounds

Abstract

On today's Internet, combining the end-to-end security of TLS with Content Delivery Networks (CDNs) while ensuring the authenticity of connections results in a challenging delegation problem. When CDN servers provide content, they have to authenticate themselves as the origin server to establish a valid end-to-end TLS connection with the client. In standard TLS, the latter requires access to the secret key of the server. To curb this problem, multiple workarounds exist to realize a delegation of the authentication. In this paper, we present a solution that renders key sharing unnecessary and reduces the need for workarounds. By adapting identity-based signatures to this setting, our solution offers short-lived delegations. Additionally, by enabling forward-security, existing delegations remain valid even if the server's secret key leaks. We provide an implementation of the scheme and discuss integration into a TLS stack. In our evaluation, we show that an efficient implementation incurs less overhead than a typical network round trip. Thereby, we propose an alternative approach to current delegation practices on the web.