InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

09/04/2022
by   Shihan Lin, et al.
0

In today's web ecosystem, a website that uses a Content Delivery Network (CDN) shares its Transport Layer Security (TLS) private key or session key with the CDN. In this paper, we present the design and implementation of InviCloak, a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN. InviCloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure to distribute a new public key associated with a website's domain name. A web client and a website can use the new key pair to build an encryption channel inside TLS. InviCloak accommodates the current web ecosystem. A website can deploy InviCloak unilaterally without a client's involvement to prevent a passive attacker inside a CDN from eavesdropping on their communications. If a client also installs InviCloak's browser extension, the client and the website can achieve end-to-end confidential and untampered communications in the presence of an active attacker inside a CDN. Our evaluation shows that InviCloak increases the median page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/20/2022

Accountable Javascript Code Delivery

The Internet is a major distribution platform for applications, but ther...
research
09/14/2023

Keep your Identity Small: Privacy-preserving Client-side Fingerprinting

Device fingerprinting is a widely used technique that allows a third par...
research
09/04/2020

Short-Lived Forward-Secure Delegation for TLS

On today's Internet, combining the end-to-end security of TLS with Conte...
research
06/30/2023

MCQUIC – A Multicast Extension for QUIC

Mass live content, such as world cups, the Superbowl or the Olympics, at...
research
10/24/2017

Tails Tor and other tools for Safeguarding Online Activities

There are not many known ways to break Tor anonymity, and they require a...
research
02/07/2019

Enhanced Performance for the encrypted Web through TLS Resumption across Hostnames

TLS can resume previous connections via abbreviated resumption handshake...
research
05/15/2020

Precise XSS detection and mitigation with Client-side Templates

We present XSnare, a fully client-side XSS solution, implemented as a Fi...

Please sign up or login with your details

Forgot password? Click here to reset