Protecting Browsers from Network Intermediaries
Network intermediaries relay traffic between web servers and clients, and are often deployed on the Internet to provide improved performance or security. Unfortunately, network intermediaries can actually do more harm than good. In this thesis, we articulate the dangers of network intermediaries, wh...
Main Author: | |
---|---|
Format: | Others |
Published: |
Research Showcase @ CMU
2014
|
Online Access: | http://repository.cmu.edu/dissertations/430 http://repository.cmu.edu/cgi/viewcontent.cgi?article=1430&context=dissertations |
id |
ndltd-cmu.edu-oai-repository.cmu.edu-dissertations-1430 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-cmu.edu-oai-repository.cmu.edu-dissertations-14302015-01-23T03:29:22Z Protecting Browsers from Network Intermediaries Huang, Lin-Shung Network intermediaries relay traffic between web servers and clients, and are often deployed on the Internet to provide improved performance or security. Unfortunately, network intermediaries can actually do more harm than good. In this thesis, we articulate the dangers of network intermediaries, which motivates the need for pervasive encryption. We further seek to understand the reasons why encryption isn't more widely deployed and fix them. The existence of network intermediaries makes web security particularly challenging, considering that network intermediaries may operate (1) erroneously, or (2) maliciously. We verified that 7% of Internet users are behind proxies that allow either IP hijacking attacks or cache poisoning attacks, and that 0.2% of encrypted connections on a large global website were intercepted without authorization. While the need for encryption is clear, many websites have not deployed Transport Layer Security (TLS) due to performance concerns. We identified three opportunities to reduce the performance overhead of TLS without sacrificing security: (1) prefetching and prevalidating certificates, (2) using short-lived certificates and (3) configuring elliptic curve cryptography for forward secrecy. 2014-09-01T07:00:00Z text application/pdf http://repository.cmu.edu/dissertations/430 http://repository.cmu.edu/cgi/viewcontent.cgi?article=1430&context=dissertations Dissertations Research Showcase @ CMU |
collection |
NDLTD |
format |
Others
|
sources |
NDLTD |
description |
Network intermediaries relay traffic between web servers and clients, and are often deployed on the Internet to provide improved performance or security. Unfortunately, network intermediaries can actually do more harm than good. In this thesis, we articulate the dangers of network intermediaries, which motivates the need for pervasive encryption. We further seek to understand the reasons why encryption isn't more widely deployed and fix them. The existence of network intermediaries makes web security particularly challenging, considering that network intermediaries may operate (1) erroneously, or (2) maliciously. We verified that 7% of Internet users are behind proxies that allow either IP hijacking attacks or cache poisoning attacks, and that 0.2% of encrypted connections on a large global website were intercepted without authorization. While the need for encryption is clear, many websites have not deployed Transport Layer Security (TLS) due to performance concerns. We identified three opportunities to reduce the performance overhead of TLS without sacrificing security: (1) prefetching and prevalidating certificates, (2) using short-lived certificates and (3) configuring elliptic curve cryptography for forward secrecy. |
author |
Huang, Lin-Shung |
spellingShingle |
Huang, Lin-Shung Protecting Browsers from Network Intermediaries |
author_facet |
Huang, Lin-Shung |
author_sort |
Huang, Lin-Shung |
title |
Protecting Browsers from Network Intermediaries |
title_short |
Protecting Browsers from Network Intermediaries |
title_full |
Protecting Browsers from Network Intermediaries |
title_fullStr |
Protecting Browsers from Network Intermediaries |
title_full_unstemmed |
Protecting Browsers from Network Intermediaries |
title_sort |
protecting browsers from network intermediaries |
publisher |
Research Showcase @ CMU |
publishDate |
2014 |
url |
http://repository.cmu.edu/dissertations/430 http://repository.cmu.edu/cgi/viewcontent.cgi?article=1430&context=dissertations |
work_keys_str_mv |
AT huanglinshung protectingbrowsersfromnetworkintermediaries |
_version_ |
1716728453111218176 |