Title: A delegation token-based method to authenticate the third party in TLS

Authors: Lu Yan; Xiao Chen; Haojiang Deng; Xiaozhou Ye

Addresses: National Network New Media Engineering Research Center, No. 21 North 4th Ring Road, Haidian District, Beijing 100190, China; University of Chinese Academy of Sciences, No.19(A) Yuquan Road, Shijingshan District, Beijing 100049, China ' National Network New Media Engineering Research Center, No. 21 North 4th Ring Road, Haidian District, Beijing 100190, China ' National Network New Media Engineering Research Center, No. 21 North 4th Ring Road, Haidian District, Beijing 100190, China ' National Network New Media Engineering Research Center, No. 21 North 4th Ring Road, Haidian District, Beijing 100190, China

Abstract: Transport layer security is an important security protocol, which is used to protect end-to-end communication. However, limitation occurs when it is applied to content delivery networks, in which the proxy server rather than the origin server provides service to the client. Under such circumstances, the proxy server serves as a third party and the client is not able to authenticate. This paper discusses the authentication problem for the proxy server. Afterwards, a delegation token-based method is proposed to authenticate the proxy server, with multi-level proxy servers being taken into consideration. Furthermore, a client-based cache strategy is employed to improve the proposed method in terms of time consumption. Then the security of the method is also analysed. Experimental results demonstrate the effectiveness of our method. Moreover, with client-based cache strategy, the authentication process can be accomplished much more efficiently, with a 15.63% decrease in terms of connection time.

Keywords: transport layer security; TLS; content delivery network; CDN; authentication; proxy server; delegation token.

DOI: 10.1504/IJHPCN.2019.097507

International Journal of High Performance Computing and Networking, 2019 Vol.13 No.2, pp.164 - 174

Received: 03 Aug 2017
Accepted: 02 Dec 2017

Published online: 25 Jan 2019 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article