Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Network Encryption Networking Security

Network Middleware Still Can't Handle TLS Without Breaking Encryption (zdnet.com) 101

An academic study published last month shows that despite years worth of research into the woeful state of network traffic inspection equipment, vendors are still having issues in shipping appliances that don't irrevocably break TLS encryption for the end user. From a report: Encrypted traffic inspection devices (also known as middleware), either special hardware or sophisticated software, have been used in enterprise networks for more than two decades. System administrators deploy such appliances to create a man-in-the-middle TLS proxy that can look inside HTTPS encrypted traffic, to scan for malware or phishing links or to comply with law enforcement or national security requirements.

[...] In the last decade, security researchers have looked closely at the issue of TLS inspection appliances that break or downgrade encryption. There has been much research on the topic, from research teams from all over the world. But despite years worth of warnings and research, some vendors still fail at keeping the proper security level of a TLS connection when relaying traffic through their equipment/software. Academic research [PDF] published at the end of September by three researchers from Concordia University in Montreal, Canada, shows that network traffic inspection appliances still break TLS security, even today.

This discussion has been archived. No new comments can be posted.

Network Middleware Still Can't Handle TLS Without Breaking Encryption

Comments Filter:
  • by Anonymous Coward on Monday October 08, 2018 @01:11PM (#57446450)

    Having a MITM on purpose is breaking things by design.

    The end user needs to verify that the site they're talking to is the real one, by checking the certificate, but all they get is this stupid cert that was automatically generated by some stupid appliance. No way for the end user to ever know if they've gotten the right website or not.

    Good luck if the appliance itself actually checks for cert validity or not.

    In short, TLS is working as designed.

    • I actually built a MITM appliance to do name based whitelists. You have a better approach? Not doing whitelists isn't an option for what we're doing.

      • Re: (Score:2, Insightful)

        by andymadigan ( 792996 )
        Block requests to port 53 outgoing and run your own DNS recursive resolver that will only resolve domains on your whitelist. If your users can get around that then they can probably get around your MITM box, too. My way around a similar MITM was to tunnel SSH over the HTTP proxy.

        Bonus: It takes a lot less hardware to run a DNS resolver than a MITM proxy.
        • by junk ( 33527 )

          It's not about users, it's about defending against a breach. We transparently proxy all traffic, drop anything that isn't HTTP/HTTPS and only relay requests that match a whitelisted (sub)domain. Since we have so little egress traffic, i take a single system to do this and we keep a hot standby for failover. Relying on DNS doesn't offer you any protection here.

    • by fisted ( 2295862 )

      Good luck if the appliance itself actually checks for cert validity or not.

      Care to elaborate?

    • That's a nice ideal, but in a corporate environment you may have legal and regulatory constraints that prohibit you from actually providing end-to-end encryption from inside your network to outside or vice versa, and the kinds of devices we're talking about fit in between. If you're using someone else's computer, for example at work, then you should never assume that your browser is truly end-to-end encrypting a connection to your bank or GMail or whatever. It is common these days for large organisations to

  • by Anonymous Coward on Monday October 08, 2018 @01:15PM (#57446478)

    all that is that you're not supposed to be able to do this. Sounds like it's working as designed.

    • by Anonymous Coward

      You should read the article as it's a bit more nuanced than that. The general points is that even in instances where you want and allow that kind of inspection to take place (ie employer making sure no one's downloading a worm), the "middleware" is breaking things in that they accept certificates they have no business accepting today. No matter what your local security is set to (disallow any connection below TLS 1.2, for example), the middleware will connect to the remote network which is only accepting TL

  • by Anonymous Coward

    Tautologies are still taugologous? Who could have known???

  • by Nkwe ( 604125 ) on Monday October 08, 2018 @01:20PM (#57446522)

    Encrypted traffic inspection devices (also known as middleware)

    Really? I don't think I have ever heard of middleware [wikipedia.org] used in that context. I have always thought of middleware as a software layer that abstracts something between applications. It seems weird to refer to a hardware device as "middleware".

    • It's the same thing. The software layer just runs on it's own separate networking hardware in between the client and server.
      • by Nkwe ( 604125 )

        It's the same thing. The software layer just runs on it's own separate networking hardware in between the client and server.

        True, but in this case the "middleware" isn't really bridging two applications, it is monitoring the communications between them. I suppose you could call the man-in-the-middle attack software "middleware" between the end applications and the monitoring applications, but that feels like a stretch.

    • Back in the day middleware was software that translated one protocol or type of dataset into another. Basically it allowed two different systems to talk together...better. Sometimes it was two applications running on the same system, but in the enterprise world, it was often applications running on two different systems (so it often also integrated with queuing or other data transfer system).

      I did find the idea of calling a "device" something-"ware" kind of humorous. I really hope that doesn't catch on.
    • by fustakrakich ( 1673220 ) on Monday October 08, 2018 @02:12PM (#57446828) Journal

      They probably meant *meddleware*

    • by mysidia ( 191772 ) on Monday October 08, 2018 @02:30PM (#57446946)

      I think whoever wrote or proofread the ZDNet article Introduced mistakes, here.

      The phrases "TLS Middleware", "TLS middleware appliances," and "Middleware appliances" appear throughout the article Slashdot linked, BUT
      the paper [arxiv.org] does not use the word even once. They are called Middleboxes in the study.

    • by EvilSS ( 557649 )
      Man in the Middleware
  • IDIOTS (Score:5, Insightful)

    by Anonymous Coward on Monday October 08, 2018 @01:21PM (#57446526)

    Preventing man in the middle attacks is the fucking point of TLS. Of course you can't perform a man in the middle attack without breaking TLS you morons.

    • Preventing man in the middle attacks is the fucking point of TLS.

      The point of TLS is enforcing trust relationships.

      Of course you can't perform a man in the middle attack without breaking TLS you morons.

      Delegating termination of TLS to something you trust is not an attack. You are confusing middlebox implementation failure with design failure.

      This is no different than delegating your secretary to answer a secure call on your behalf and having them relay relevant information to you.

  • The OWNER of endpoints should always be able to see what is flowing over the encrypted channel. Man in the middle is ALWAYS bad. If there are designed in ways for the owner of endpoint devices to inspect their traffic, then man in the middle is irrelevant. But what we have now is different levels of bad depending on the class of device we're talking about. For enterprise devices, the corporate owner should technically already have the ability to enforce a proxy or to enforce software installation that allow

    • Comment removed based on user account deletion
    • by guruevi ( 827432 )

      Ah yes, the consumer bill of rights, and now you're advocating for a key-to-all-encryption to get access to the data you're "entitled" to. That is how these laws will be written after all and unintended consequences will mean that not only can you see the data, but so can the FBI and NSA and everyone else.

      Nobody should be able to MITM. If you need control over the end device, you need to obtain control over the end device, not everything else.

      • Umm.. that is exactly what I said. The ability of the owner of a device to snoop their own device traffic AT THE ENDPOINT needs to enshrined in law. Our devices are being weaponized against us.

        • by guruevi ( 827432 )

          You already have that capability. Simply read out the chips or upload a custom firmware. The problem is generally that it's not easy, but if you want to make it easy, then you're opening the door for others as well.

    • Without MITM, some organisations will have no option but to either
      A) break the law
      B) block all encrypted communication

  • Encryption in this case provides two benefits: 1) Privacy, knowing that you're only talking to the one site 2) Signing, knowing that the data you got was unaltered from the site

    What if they made it so the MITM HTTPS proxies only broke #1 and could just pass through the content. Then the client could at least know that the content was unaltered. Assuming the proxy is decently implemented and validates the site, the proxy could now become responsible for making sure that the connection is secure and the cli
    • The basic premise of these systems is that the person managing the endpoint has voluntarily configured it to trust a MITM device that will impersonate (through certificate forgery, essentially) the other endpoint. Given that certificate forgery, how do you know you can trust any signature either?

      Ultimately, if you don't manage the endpoint you're using, the game is already over.

      • by Bengie ( 1121981 )
        That's only in the case where you assume to have installed the CA from the proxy. If all you did was indicate that you "trust" the proxy, then the proxy could be trusted for only the matter of privacy, but still require the content be signed by the site.
    • There is no way to do what you're suggesting without creating new protocols.
      You could still use TLS to implement #1 as is done now. You'd need a second layer that doesn't use the CA installed to make #1 work to implement #2

  • ... else will these network gear vendors deliver equipment capable of inserting advertisements into your HTML stream?

  • by SLOGEN ( 165834 ) on Monday October 08, 2018 @02:57PM (#57447070) Homepage

    Nice angle on the story there /.

  • As I understand it, a lot of big corporations use these tools and have the employee PC's install certs so that it all works. The upshot is that not only is your traffic not hidden from your employer (something that was made clear to me every time I logged into my previous employer-owned PC) but that when the traffic goes onto the internet, it's not that securely protected because of these weak appliances. That may have an impact on the security of any SaaS products the corporation is using (Salesforce, etc.

  • If the minions of the undark web weren't so busy implementing stealth TLS MITM (so that the web server doesn't know there's a validated MITM on the client end), the invasive middleware could simply intercept the encryption part, without fudge-hammering end-to-end authentication and the client negotiation of security parameters concerning the public side of the link; if the server knew the client preferences for certain, it would simply drop traffic whose public security envelope was mangled by the MITM lay

Computer programmers do it byte by byte.

Working...