Recently, many organizations have been installing middleboxes in their networks in large numbers to provide various services to their customers. Although middleboxes have the advantage of not being dependent on specific hardware and being able to provide a variety of services, they can become a new attack target for hackers. Therefore, many researchers have proposed security-enchanced TLS protocols, but their results have some limitations. In this paper, we proposed a middlebox-delegated TLS (mdTLS) protocol that not only achieves the same security level but also requires relatively less computation compared to recent research results. mdTLS is a TLS protocol designed based on the proxy signature scheme, which requires about 39% less computation than middlebox-aware TLS (maTLS), which is the best in security and performance among existing research results. In order to substantiate the enhanced security of mdTLS, we conducted a formal verification using the Tamarin. Our verification demonstrates that mdTLS not only satisfies the security properties set forth by maTLS but also complies with the essential security properties required for proxy signature scheme.

翻译：最近，许多组织在其网络中大量部署中间盒，以向客户提供各种服务。尽管中间盒具有不依赖特定硬件且能提供多样服务的优势，但它们可能成为黑客的新攻击目标。因此，许多研究人员提出了增强安全性的TLS协议，但这些成果存在某些局限性。本文提出了一种中间盒委托TLS（mdTLS）协议，该协议在达到相同安全级别的同时，相比近期研究成果所需的计算量更少。mdTLS是基于代理签名方案设计的TLS协议，其计算量比现有研究中安全性和性能最佳的中间盒感知TLS（maTLS）约低39%。为证实mdTLS的安全性增强，我们使用Tamarin进行了形式化验证。验证结果表明，mdTLS不仅满足maTLS设定的安全属性，还符合代理签名方案所需的基本安全属性。