Metadata Protection Considerations for TLS Present and Future
Bryan Ford
EPFL
TLS 1.3 Ready or Not (TRON) Workshop
February 21, 2016
Abstract:
TLS 1.3 takes important steps to improve both performance and security, so far
offers little protection against traffic analysis or fingerprinting using
unencrypted metadata or other side-channels such as transmission lengths and
timings. This paper explores metadata protection mechanisms for TLS, including
already-included provisions (e.g., record padding), provisions not yet included
but potentially feasible in TLS 1.3 (e.g., optional or encrypted headers), and
provisions that are likely too ambitious to achieve in TLS 1.3 but may be worth
considering for a future “TLS 2.0” (e.g., fully encrypted and
authenticated negotiation/handshaking). In addition, we briefly explore how
these metadata protection provisions might apply to the datagram-oriented DTLS,
or to a version of TLS supporting out-of-order delivery atop TCP.
Paper:
PDF
Talk slides:
PDF