IMPLEMENTING MULTIPLE CHANNELS OVER SSL Yong Song, Victor C.M. Leung, Konstantin Beznosov Department of Electrical and Computer Engineering,University of British Columbia, Vancouver,Canada Email:{yongs,vleung,beznosov}@ece.ubc.ca Keywords: Communication security, Mobile security, Multiple channels, SSL Abstract: Multiple-Channel SSL (MC-SSL) is our model and protocol for the security of client-server communication. In contrast to SSL, MC-SSL can securely provide applications with multiple channels, and each of them can have a specific cipher suite and a various number of application proxies; meanwhile, the channel negotiation and operation in MC-SSL are still based on SSL, which needs a small change in order to support multiple cipher suites. In this paper, we first introduce the multiple-channel model of MC-SSL, and then focus on the design and implementation of multiple channels over SSL, especially multi-hop proxy channels and secondary channels. 1 INTRODUCTION To address several limitations of TLS/SSL (Dierks, 1999) (referred as SSL in this paper), we have proposed multiple-channel SSL (MC-SSL) (Song, 2004). Based on vanilla SSL, MC-SSL has several advantages over it. First, MC-SSL supports a various number of application proxies (or gateways) between a client and a server. Second, MC-SSL supports multiple cipher suites in a single connection so that client and server can negotiate multiple cipher suites for different data or contents. Third, new factors such as security policies, device capabilities, and security attributes of data are taken into account in the security model of MC-SSL. As a result, the multiple-channel nature of MC-SSL enables MC-SSL to flexibly meet diverse security requirements from different terminals, servers, applications, and users. In particular, MC-SSL can help resource-constrained devices such as PDAs and cellular phones because they may need application proxies for proxy services such as content transformation or virus scanning, and also they can save battery power and CPU time by using multiple cipher suites. MC-SSL supports two types of channels between a client and a server: end-to-end and proxy channels. The proxy channel protocol is described (Song, 2004). This paper reports on the next step in this work, design and implementation of multiple cipher suites as well as an extension of single-hop proxy channels to multi-hop proxy channels. The prototype implementation demonstrates that the design of MC-SSL protocol is feasible. The rest of this paper is organized as follows. Section 2 analyses the functional limitations of SSL that motivated this work. Section 3 describes MC- SSL. Section 4 discusses related work. Section 5 focuses on the design and implementation of MC- SSL protocol. Section 6 concludes the paper. 2 PROBLEM MOTIVATION SSL is a de facto security protocol at transport layer, but it has some functional limitations. First, while SSL can provide a secure point-to-point connection, it does not securely support application proxies. If a proxy P is involved between a client C and a server S, C would normally set up an SSL connection with P, and then P would act as the delegate of C and set up another SSL connection with S. The purpose of proxies could be virus scanning, content transformation, or compression. An example of such an SSL chain proxy model is the WAP gateway architecture, in which the connection between C and P is over WTLS, a variant of TLS protocol. The SSL chain proxy model is shown in the lower part of Figure 1, in which there is a various number of proxies from P 1 to P n . Since any proxy in the chain can read and modify sensitive data at will, this model assume unconditional trust in all proxies at least from one side of the connection. This can be satisfied only if