iHTTP: Efficient Authentication of Non-confidential HTTP Traffic

“…Although previous systems research has touched on ways to secure web content directly, there has yet to be a systematic architectural exploration of this approach. SSL Splitting [41], SINE [27], HTTPI [15], HTTPi [73], and iHTTP [28] introduce a variety of cryptographic mechanisms for e ciently providing content integrity in the face of hostile networks and malicious intermediaries, but all focus on the familiar model of proving that content came from a particular server. Spork [53] goes further, using remote attestation to allow the client to verify that the server was operating properly when it generated the content.…”

“…For example, a web page may need to include some specific advertisement scripts from an advertisement website, while excluding all the other scripts from the same website. Existing attempts to address this problem introduce a variety of cryptographic mechanisms for e ciently providing content integrity in the face of hostile networks and malicious intermediaries [15,27,28,73], but all focus on the familiar model of proving that content came from a particular server. With a trust schema, on the other hand, a site that includes advertising or other content from third parties can provide a separate trust anchor and hierarchy of permitted keys for each third party.…”

Content-based security for the web

“…Although previous systems research has touched on ways to secure web content directly, there has yet to be a systematic architectural exploration of this approach. SSL Splitting [41], SINE [27], HTTPI [15], HTTPi [73], and iHTTP [28] introduce a variety of cryptographic mechanisms for e ciently providing content integrity in the face of hostile networks and malicious intermediaries, but all focus on the familiar model of proving that content came from a particular server. Spork [53] goes further, using remote attestation to allow the client to verify that the server was operating properly when it generated the content.…”

“…For example, a web page may need to include some specific advertisement scripts from an advertisement website, while excluding all the other scripts from the same website. Existing attempts to address this problem introduce a variety of cryptographic mechanisms for e ciently providing content integrity in the face of hostile networks and malicious intermediaries [15,27,28,73], but all focus on the familiar model of proving that content came from a particular server. With a trust schema, on the other hand, a site that includes advertising or other content from third parties can provide a separate trust anchor and hierarchy of permitted keys for each third party.…”

Content-based security for the web

“…In particular, WebTrust enables the client to detect any modified data packet upon arrival without downloading the entire document. Our solution adapts recent cryptographic primitives and profits from the lessons learned in previous approaches that focus on subsets of the aforementioned problems to realize our comprehensive integrity and authenticity framework [32,2,12,23,37,14]. WebTrust further supports efficient data updates and enables the usage of Web caches (the latter only, if confidentiality is not needed).…”

WebTrust – A Comprehensive Authenticity and Integrity Framework for HTTP