David Naylor

Multi-Context TLS (mcTLS): Enabling Secure In-Network Functionality in TLS

By: 
David Naylor, Kyle Schomp, Matteo Varvello, Ilias Leontiadis, Jeremy Blackburn, Diego R. L?pez, Konstantina Papagiannaki, Pablo Rodriguez Rodriguez, Peter Steenkiste
Appears in: 
CCR August 2015

A significant fraction of Internet traffic is now encrypted and HTTPS will likely be the default in HTTP/2. However, Transport Layer Security (TLS), the standard protocol for encryption in the Internet, assumes that all functionality resides at the endpoints, making it impossible to use in-network services that optimize network resource usage, improve user experience, and protect clients and servers from security threats. Re-introducing in-network functionality into TLS sessions today is done through hacks, often weakening overall security.

Balancing accountability and privacy in the network

By: 
David Naylor, Matthew K. Mukerjee, Peter Steenkiste
Appears in: 
CCR August 2014

Though most would agree that accountability and privacy are both valuable, today’s Internet provides little support for either. Previous efforts have explored ways to offer stronger guarantees for one of the two, typically at the expense of the other; indeed, at first glance accountability and privacy appear mutually exclusive. At the center of the tussle is the source address: in an accountable Internet, source addresses undeniably link packets and senders so hosts can be punished for bad behavior. In a privacy-preserving Internet, source addresses are hidden as much as possible.

Syndicate content