Carnegie Mellon University
Browse
- No file added yet -

Protecting Browsers from Network Intermediaries

Download (1.68 MB)
thesis
posted on 2014-09-01, 00:00 authored by Lin-Shung Huang

Network intermediaries relay traffic between web servers and clients, and are often deployed on the Internet to provide improved performance or security. Unfortunately, network intermediaries can actually do more harm than good. In this thesis, we articulate the dangers of network intermediaries, which motivates the need for pervasive encryption. We further seek to understand the reasons why encryption isn't more widely deployed and fix them. The existence of network intermediaries makes web security particularly challenging, considering that network intermediaries may operate (1) erroneously, or (2) maliciously. We verified that 7% of Internet users are behind proxies that allow either IP hijacking attacks or cache poisoning attacks, and that 0.2% of encrypted connections on a large global website were intercepted without authorization. While the need for encryption is clear, many websites have not deployed Transport Layer Security (TLS) due to performance concerns. We identified three opportunities to reduce the performance overhead of TLS without sacrificing security: (1) prefetching and prevalidating certificates, (2) using short-lived certificates and (3) configuring elliptic curve cryptography for forward secrecy.

History

Date

2014-09-01

Degree Type

  • Dissertation

Department

  • Electrical and Computer Engineering

Degree Name

  • Doctor of Philosophy (PhD)

Advisor(s)

Collin Jackson,Patrick Tague

Usage metrics

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC