A survey and analysis of TLS interception mechanisms and motivations

TL;DR

This paper surveys and analyzes various TLS interception mechanisms, exploring their use cases, motivations, security implications, and stakeholder incentives, providing a comprehensive overview of how TLS is bypassed and extended in practice.

Contribution

It offers a systematic review of 30 TLS interception schemes, evaluates their security and deployability, and discusses stakeholder incentives, filling a gap in understanding TLS interception techniques.

Findings

Many schemes compromise end-to-end security

Stakeholder incentives influence scheme adoption

Compatibility varies across different interception methods

Abstract

TLS is an end-to-end protocol designed to provide confidentiality and integrity guarantees that improve end-user security and privacy. While TLS helps defend against pervasive surveillance of intercepted unencrypted traffic, it also hinders several common beneficial operations typically performed by middleboxes on the network traffic. Consequently, various methods have been proposed that "bypass" the confidentiality goals of TLS by playing with keys and certificates essentially in a man-in-the-middle solution, as well as new proposals that extend the protocol to accommodate third parties, delegation schemes to trusted middleboxes, and fine-grained control and verification mechanisms. We first review the use cases expecting plain HTTP traffic and discuss the extent to which TLS hinders these operations. We retain 19 scenarios where access to unencrypted traffic is still relevant and evaluate the incentives of the stakeholders involved. Second, we survey 30 schemes by which TLS no longer delivers end-to-end security, and by which the notion of an "end" changes, including caching middleboxes such as Content Delivery Networks. Finally, we compare each scheme based on deployability and security characteristics, and evaluate their compatibility with the stakeholders' incentives. Our analysis leads to a number of key findings, observations, and research questions that we believe will be of interest to practitioners, policy makers and researchers.