Protecting Browsers from Network Intermediaries

Network intermediaries relay traffic between web servers and clients, and are often deployed on the Internet to provide improved performance or security. Unfortunately, network intermediaries can actually do more harm than good. In this thesis, we articulate the dangers of network intermediaries, wh...

Full description

Bibliographic Details
Main Author: Huang, Lin-Shung
Format: Others
Published: Research Showcase @ CMU 2014
Online Access:http://repository.cmu.edu/dissertations/430
http://repository.cmu.edu/cgi/viewcontent.cgi?article=1430&context=dissertations
id ndltd-cmu.edu-oai-repository.cmu.edu-dissertations-1430
record_format oai_dc
spelling ndltd-cmu.edu-oai-repository.cmu.edu-dissertations-14302015-01-23T03:29:22Z Protecting Browsers from Network Intermediaries Huang, Lin-Shung Network intermediaries relay traffic between web servers and clients, and are often deployed on the Internet to provide improved performance or security. Unfortunately, network intermediaries can actually do more harm than good. In this thesis, we articulate the dangers of network intermediaries, which motivates the need for pervasive encryption. We further seek to understand the reasons why encryption isn't more widely deployed and fix them. The existence of network intermediaries makes web security particularly challenging, considering that network intermediaries may operate (1) erroneously, or (2) maliciously. We verified that 7% of Internet users are behind proxies that allow either IP hijacking attacks or cache poisoning attacks, and that 0.2% of encrypted connections on a large global website were intercepted without authorization. While the need for encryption is clear, many websites have not deployed Transport Layer Security (TLS) due to performance concerns. We identified three opportunities to reduce the performance overhead of TLS without sacrificing security: (1) prefetching and prevalidating certificates, (2) using short-lived certificates and (3) configuring elliptic curve cryptography for forward secrecy. 2014-09-01T07:00:00Z text application/pdf http://repository.cmu.edu/dissertations/430 http://repository.cmu.edu/cgi/viewcontent.cgi?article=1430&context=dissertations Dissertations Research Showcase @ CMU
collection NDLTD
format Others
sources NDLTD
description Network intermediaries relay traffic between web servers and clients, and are often deployed on the Internet to provide improved performance or security. Unfortunately, network intermediaries can actually do more harm than good. In this thesis, we articulate the dangers of network intermediaries, which motivates the need for pervasive encryption. We further seek to understand the reasons why encryption isn't more widely deployed and fix them. The existence of network intermediaries makes web security particularly challenging, considering that network intermediaries may operate (1) erroneously, or (2) maliciously. We verified that 7% of Internet users are behind proxies that allow either IP hijacking attacks or cache poisoning attacks, and that 0.2% of encrypted connections on a large global website were intercepted without authorization. While the need for encryption is clear, many websites have not deployed Transport Layer Security (TLS) due to performance concerns. We identified three opportunities to reduce the performance overhead of TLS without sacrificing security: (1) prefetching and prevalidating certificates, (2) using short-lived certificates and (3) configuring elliptic curve cryptography for forward secrecy.
author Huang, Lin-Shung
spellingShingle Huang, Lin-Shung
Protecting Browsers from Network Intermediaries
author_facet Huang, Lin-Shung
author_sort Huang, Lin-Shung
title Protecting Browsers from Network Intermediaries
title_short Protecting Browsers from Network Intermediaries
title_full Protecting Browsers from Network Intermediaries
title_fullStr Protecting Browsers from Network Intermediaries
title_full_unstemmed Protecting Browsers from Network Intermediaries
title_sort protecting browsers from network intermediaries
publisher Research Showcase @ CMU
publishDate 2014
url http://repository.cmu.edu/dissertations/430
http://repository.cmu.edu/cgi/viewcontent.cgi?article=1430&context=dissertations
work_keys_str_mv AT huanglinshung protectingbrowsersfromnetworkintermediaries
_version_ 1716728453111218176