Home - Blog - Publications - CV - Scribblings - Photo Album - Humor

Metadata Protection Considerations for TLS Present and Future

Bryan Ford

TLS 1.3 Ready or Not (TRON) Workshop
February 21, 2016


TLS 1.3 takes important steps to improve both performance and security, so far offers little protection against traffic analysis or fingerprinting using unencrypted metadata or other side-channels such as transmission lengths and timings. This paper explores metadata protection mechanisms for TLS, including already-included provisions (e.g., record padding), provisions not yet included but potentially feasible in TLS 1.3 (e.g., optional or encrypted headers), and provisions that are likely too ambitious to achieve in TLS 1.3 but may be worth considering for a future “TLS 2.0” (e.g., fully encrypted and authenticated negotiation/handshaking). In addition, we briefly explore how these metadata protection provisions might apply to the datagram-oriented DTLS, or to a version of TLS supporting out-of-order delivery atop TCP.

Paper: PDF

Talk slides: PDF

Bryan Ford Updated Thursday, 22-Mar-2018 13:20:04 EDT