Masking Host Identity on Internet: Encrypted TLS/SSL Handshake
This addresses privacy and traffic discrimination issues for internet users by incrementally enhancing TLS/SSL handshake security without requiring changes to existing infrastructure.
The paper tackles the problem of network middle-boxes classifying traffic via plaintext Server Name Indicator (SNI) in TLS/SSL handshakes, which can reveal host identity, by proposing a method to encrypt the SNI using a two-handshake approach that maintains security and compatibility, demonstrating feasibility over the live Internet and adherence to standards.
Network middle-boxes often classify the traffic flows on the Internet to perform traffic management or discriminate one traffic against the other. As the widespread adoption of HTTPS protocol has made it difficult to classify the traffic looking into the content field, one of the fields the middle-boxes look for is Server Name Indicator (SNI), which goes in plain text. SNI field contains information about the host and can, in turn, reveal the type of traffic. This paper presents a method to mask the server host identity by encrypting the SNI. We develop a simple method that completes the SSL/TLS connection establishment over two handshakes - the first handshake establishes a secure channel without sharing SNI information, and the second handshake shares the encrypted SNI. Our method makes it mandatory for fronting servers to always accept the handshake request without the SNI and respond with a valid SSL certificate. As there is no modification in already proven SSL/TLS encryption mechanism and processing of handshake messages, the new method enjoys all security benefits of existing secure channel establishment and needs no modification in existing routers/middle-boxes. Using customized client-server over the live Internet, we demonstrate the feasibility of our method. Moreover, the impact analysis shows that the method adheres to almost all SSL/TLS related Internet standards requirements.