MultiTLS: using multiple and diverse ciphers for stronger secure channels

Abstract

Computer communication is at the foundation of how the modern world works, connecting people and machines over public infrastructure. For this reason, communication is exposed to attacks, either by passive listening, or by active interference in the communication. Security protocols like TLS (Transport Layer Security) play a crucial role in ensuring the confidentiality, integrity, and authenticity of the communication. However, like in all technologies, there may be flaws in the design, implementation, or cryptography of TLS that compromise the security of the communication channel. Remediation of such vulnerabilities takes time, leaving valuable services exposed to potential attacks. In this article, we present MultiTLS, a middleware based on cipher diversity and network tunneling that enables secure communication even when new vulnerabilities are discovered. MultiTLS creates a secure communication tunnel through the encapsulation of k TLS channels, where each one uses a different cipher suite. This approach allows the communication channel to remain protected, even when k−1 cipher suites become vulnerable, because of the remaining cipher suite. The diversity of cipher suites tolerates cryptography faults. We evaluated the implementation of MultiTLS and concluded that it is easy to use and to maintain up-to-date, since it does not require code changes to any of its dependencies. We also evaluated its performance in practical use cases and proved that it is viable an useful for various personal and corporate contexts using Internet communications.