LURK-T: Limited Use of Remote Keys With Added Trust in TLS 1.3

TL;DR

LURK-T introduces a secure, flexible framework for sharing TLS keys with enhanced trust, decoupling cryptographic operations from servers using TEEs, and maintaining efficiency and security in CDN scenarios.

Contribution

It proposes a novel decoupling of TLS 1.3 server functions into a secure Crypto Service and Engine, enabling application-agnostic, attested, and protected cryptographic operations.

Findings

Efficient TLS handshake with no noticeable overhead for large files

Secure cryptographic operations verified with formal proofs

Flexible deployment options for CDN and server architectures

Abstract

In many web applications, such as Content Delivery Networks (CDNs), TLS credentials are shared, e.g., between the website's TLS origin server and the CDN's edge servers, which can be distributed around the globe. To enhance the security and trust for TLS 1.3 in such scenarios, we propose LURK-T, a provably secure framework which allows for limited use of remote keys with added trust in TLS 1.3. We efficiently decouple the server side of TLS 1.3 into a LURK-T Crypto Service (CS) and a LURK-T Engine (E). CS executes all cryptographic operations in a Trusted Execution Environment (TEE), upon E's requests. CS and E together provide the whole TLS-server functionality. A major benefit of our construction is that it is application agnostic; the LURK-T Crypto Service could be collocated with the LURK-T Engine, or it could run on different machines. Thus, our design allows for in situ attestation and protection of the cryptographic side of the TLS server, as well as for all setups of CDNs over TLS. To support such a generic decoupling, we provide a full Application Programming Interface (API) for LURK-T. To this end, we implement our LURK-T Crypto Service using Intel SGX and integrate it with OpenSSL. We also test LURK-T's efficiency and show that, from a TLS-client's perspective, HTTPS servers using LURK-T instead a traditional TLS-server have no noticeable overhead when serving files greater than 1MB. In addition, we provide cryptographic proofs and formal security verification using ProVerif.