InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution
In today's web ecosystem, a website that uses a Content Delivery Network (CDN) shares its Transport Layer Security (TLS) private key or session key with the CDN. In this paper, we present the design and implementation of InviCloak, a system that protects the confidentiality and integrity of a u...
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2022-09 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Lin, Shihan Xin, Rui Goel, Aayush Yang, Xiaowei |
| description | In today's web ecosystem, a website that uses a Content Delivery Network (CDN) shares its Transport Layer Security (TLS) private key or session key with the CDN. In this paper, we present the design and implementation of InviCloak, a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN. InviCloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure to distribute a new public key associated with a website's domain name. A web client and a website can use the new key pair to build an encryption channel inside TLS. InviCloak accommodates the current web ecosystem. A website can deploy InviCloak unilaterally without a client's involvement to prevent a passive attacker inside a CDN from eavesdropping on their communications. If a client also installs InviCloak's browser extension, the client and the website can achieve end-to-end confidential and untampered communications in the presence of an active attacker inside a CDN. Our evaluation shows that InviCloak increases the median page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution. |
| doi_str_mv | 10.48550/arxiv.2209.01541 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2209_01541</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2711107670</sourcerecordid><originalsourceid>FETCH-LOGICAL-a520-ab81b1c28209030772f359ddc1d2a895eb997c6df5b6afdbf7f9c0d1533a2b0e3</originalsourceid><addsrcrecordid>eNotj81KAzEYRYMgWGofwJUB11O_JM1kxl0Zay0U7KKguyG_mNomNZMW-_aOrasDl8vlHoTuCIwnFefwKNOPP44phXoMhE_IFRpQxkhRTSi9QaOu2wAALQXlnA3QxyIcfbON8usJTwOeBVPkWPTA0_0-Rak_cY54lfxR6hOWfb6yycW0k0Fb7AN-two3MWQbMn72XU5eHbKP4RZdO7nt7OifQ7R-ma2b12L5Nl8002UhOYVCqoooomnV3wUGQlDHeG2MJobKquZW1bXQpXFcldIZ5YSrNRjCGZNUgWVDdH-ZPWu3--R3Mp3aP_32rN83Hi6NXuf7YLvcbuIhhf5TSwUhBEQpgP0Csk1cxg</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2711107670</pqid></control><display><type>article</type><title>InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Lin, Shihan ; Xin, Rui ; Goel, Aayush ; Yang, Xiaowei</creator><creatorcontrib>Lin, Shihan ; Xin, Rui ; Goel, Aayush ; Yang, Xiaowei</creatorcontrib><description>In today's web ecosystem, a website that uses a Content Delivery Network (CDN) shares its Transport Layer Security (TLS) private key or session key with the CDN. In this paper, we present the design and implementation of InviCloak, a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN. InviCloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure to distribute a new public key associated with a website's domain name. A web client and a website can use the new key pair to build an encryption channel inside TLS. InviCloak accommodates the current web ecosystem. A website can deploy InviCloak unilaterally without a client's involvement to prevent a passive attacker inside a CDN from eavesdropping on their communications. If a client also installs InviCloak's browser extension, the client and the website can achieve end-to-end confidential and untampered communications in the presence of an active attacker inside a CDN. Our evaluation shows that InviCloak increases the median page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2209.01541</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Computer Science - Cryptography and Security ; Computer Science - Networking and Internet Architecture ; Content delivery networks ; Cryptography ; Domain names ; Eavesdropping ; Encryption ; Privacy ; Websites</subject><ispartof>arXiv.org, 2022-09</ispartof><rights>2022. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,776,780,881,27902</link.rule.ids><backlink>$$Uhttps://doi.org/10.48550/arXiv.2209.01541$$DView paper in arXiv$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.1145/3548606.3559336$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink></links><search><creatorcontrib>Lin, Shihan</creatorcontrib><creatorcontrib>Xin, Rui</creatorcontrib><creatorcontrib>Goel, Aayush</creatorcontrib><creatorcontrib>Yang, Xiaowei</creatorcontrib><title>InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution</title><title>arXiv.org</title><description>In today's web ecosystem, a website that uses a Content Delivery Network (CDN) shares its Transport Layer Security (TLS) private key or session key with the CDN. In this paper, we present the design and implementation of InviCloak, a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN. InviCloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure to distribute a new public key associated with a website's domain name. A web client and a website can use the new key pair to build an encryption channel inside TLS. InviCloak accommodates the current web ecosystem. A website can deploy InviCloak unilaterally without a client's involvement to prevent a passive attacker inside a CDN from eavesdropping on their communications. If a client also installs InviCloak's browser extension, the client and the website can achieve end-to-end confidential and untampered communications in the presence of an active attacker inside a CDN. Our evaluation shows that InviCloak increases the median page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution.</description><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Networking and Internet Architecture</subject><subject>Content delivery networks</subject><subject>Cryptography</subject><subject>Domain names</subject><subject>Eavesdropping</subject><subject>Encryption</subject><subject>Privacy</subject><subject>Websites</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><sourceid>GOX</sourceid><recordid>eNotj81KAzEYRYMgWGofwJUB11O_JM1kxl0Zay0U7KKguyG_mNomNZMW-_aOrasDl8vlHoTuCIwnFefwKNOPP44phXoMhE_IFRpQxkhRTSi9QaOu2wAALQXlnA3QxyIcfbON8usJTwOeBVPkWPTA0_0-Rak_cY54lfxR6hOWfb6yycW0k0Fb7AN-two3MWQbMn72XU5eHbKP4RZdO7nt7OifQ7R-ma2b12L5Nl8002UhOYVCqoooomnV3wUGQlDHeG2MJobKquZW1bXQpXFcldIZ5YSrNRjCGZNUgWVDdH-ZPWu3--R3Mp3aP_32rN83Hi6NXuf7YLvcbuIhhf5TSwUhBEQpgP0Csk1cxg</recordid><startdate>20220918</startdate><enddate>20220918</enddate><creator>Lin, Shihan</creator><creator>Xin, Rui</creator><creator>Goel, Aayush</creator><creator>Yang, Xiaowei</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20220918</creationdate><title>InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution</title><author>Lin, Shihan ; Xin, Rui ; Goel, Aayush ; Yang, Xiaowei</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a520-ab81b1c28209030772f359ddc1d2a895eb997c6df5b6afdbf7f9c0d1533a2b0e3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Networking and Internet Architecture</topic><topic>Content delivery networks</topic><topic>Cryptography</topic><topic>Domain names</topic><topic>Eavesdropping</topic><topic>Encryption</topic><topic>Privacy</topic><topic>Websites</topic><toplevel>online_resources</toplevel><creatorcontrib>Lin, Shihan</creatorcontrib><creatorcontrib>Xin, Rui</creatorcontrib><creatorcontrib>Goel, Aayush</creatorcontrib><creatorcontrib>Yang, Xiaowei</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Lin, Shihan</au><au>Xin, Rui</au><au>Goel, Aayush</au><au>Yang, Xiaowei</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution</atitle><jtitle>arXiv.org</jtitle><date>2022-09-18</date><risdate>2022</risdate><eissn>2331-8422</eissn><abstract>In today's web ecosystem, a website that uses a Content Delivery Network (CDN) shares its Transport Layer Security (TLS) private key or session key with the CDN. In this paper, we present the design and implementation of InviCloak, a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN. InviCloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure to distribute a new public key associated with a website's domain name. A web client and a website can use the new key pair to build an encryption channel inside TLS. InviCloak accommodates the current web ecosystem. A website can deploy InviCloak unilaterally without a client's involvement to prevent a passive attacker inside a CDN from eavesdropping on their communications. If a client also installs InviCloak's browser extension, the client and the website can achieve end-to-end confidential and untampered communications in the presence of an active attacker inside a CDN. Our evaluation shows that InviCloak increases the median page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2209.01541</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2022-09 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_arxiv_primary_2209_01541 |
| source | arXiv.org; Free E- Journals |
| subjects | Computer Science - Cryptography and Security Computer Science - Networking and Internet Architecture Content delivery networks Cryptography Domain names Eavesdropping Encryption Privacy Websites |
| title | InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-02T15%3A42%3A02IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=InviCloak:%20An%20End-to-End%20Approach%20to%20Privacy%20and%20Performance%20in%20Web%20Content%20Distribution&rft.jtitle=arXiv.org&rft.au=Lin,%20Shihan&rft.date=2022-09-18&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2209.01541&rft_dat=%3Cproquest_arxiv%3E2711107670%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2711107670&rft_id=info:pmid/&rfr_iscdi=true |