DeepAI AI Chat
Log In Sign Up

InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

by   Shihan Lin, et al.

In today's web ecosystem, a website that uses a Content Delivery Network (CDN) shares its Transport Layer Security (TLS) private key or session key with the CDN. In this paper, we present the design and implementation of InviCloak, a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN. InviCloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure to distribute a new public key associated with a website's domain name. A web client and a website can use the new key pair to build an encryption channel inside TLS. InviCloak accommodates the current web ecosystem. A website can deploy InviCloak unilaterally without a client's involvement to prevent a passive attacker inside a CDN from eavesdropping on their communications. If a client also installs InviCloak's browser extension, the client and the website can achieve end-to-end confidential and untampered communications in the presence of an active attacker inside a CDN. Our evaluation shows that InviCloak increases the median page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution.


page 1

page 2

page 3

page 4


Accountable Javascript Code Delivery

The Internet is a major distribution platform for applications, but ther...

Short-Lived Forward-Secure Delegation for TLS

On today's Internet, combining the end-to-end security of TLS with Conte...

Optimizing Precision for Open-World Website Fingerprinting

Traffic analysis attacks to identify which web page a client is browsing...

Browselite: A Private Data Saving Solution for the Web

The median webpage has increased in size by more than 80 years. This ext...

Tails Tor and other tools for Safeguarding Online Activities

There are not many known ways to break Tor anonymity, and they require a...

Enhanced Performance for the encrypted Web through TLS Resumption across Hostnames

TLS can resume previous connections via abbreviated resumption handshake...

Let Your Camera See for You: A Novel Two-Factor Authentication Method against Real-Time Phishing Attacks

Today, two-factor authentication (2FA) is a widely implemented mechanism...