TLS Proxies

Communicating securely over the Internet requires authenticating the identity of a website to establish trust. Currently the web uses TLS to validate digital certificates signed by certificate authorities.

This validation system is currently being compromised by the use of TLS proxies, which can act as a man-in-the-middle (MitM) for TLS connections. A TLS proxy can issue a substitute certificate for any site the user visits, so that the user establishes an encrypted connection to the proxy rather than the desired web site. The proxy can then decrypt and monitor or modify all user traffic, before passing it along via a second encrypted channel to the desired web site.

The use of TLS proxies to intercept encrypted traffic is controversial since the same mechanism can be used for both benevolent purposes, such as protecting against malware, and for malicious purposes, such as identity theft or warrantless government surveillance.

To understand the prevalence and uses of these proxies, we have built a TLS proxy measurement tool and deployed it via a Google AdWords campaign.

We have also conducted surveys to understand user attitudes and preferences toward the inspection of encrypted traffic.

TLS proxy measurement

Papers

  • Mark O'Neill, Scott Ruoti, Kent Seamons, and Daniel Zappala. TLS Proxies: Friend or Foe? In ACM Internet Measurement Conference, 2016. Paper ACM Data
  • Scott Ruoti, Mark O'Neill, Kent Seamons, and Daniel Zappala. User Attitudes Toward the Inspection of Encrypted Traffic. In Usenix Symposium on Usable Privacy and Security, 2016. Paper Usenix Data
  • Mark O'Neill. The State of Man-in-the-Middle TLS Proxies: Prevalence and User Attitudes. M.S. Thesis, Brigham Young University, 2016. Thesis