Protecting Browsers from Network Intermediaries.pdf (1.68 MB)
0/0

Protecting Browsers from Network Intermediaries

Download (1.68 MB)
thesis
posted on 01.09.2014 by Lin-Shung Huang

Network intermediaries relay traffic between web servers and clients, and are often deployed on the Internet to provide improved performance or security. Unfortunately, network intermediaries can actually do more harm than good. In this thesis, we articulate the dangers of network intermediaries, which motivates the need for pervasive encryption. We further seek to understand the reasons why encryption isn't more widely deployed and fix them. The existence of network intermediaries makes web security particularly challenging, considering that network intermediaries may operate (1) erroneously, or (2) maliciously. We verified that 7% of Internet users are behind proxies that allow either IP hijacking attacks or cache poisoning attacks, and that 0.2% of encrypted connections on a large global website were intercepted without authorization. While the need for encryption is clear, many websites have not deployed Transport Layer Security (TLS) due to performance concerns. We identified three opportunities to reduce the performance overhead of TLS without sacrificing security: (1) prefetching and prevalidating certificates, (2) using short-lived certificates and (3) configuring elliptic curve cryptography for forward secrecy.

History

Date

01/09/2014

Degree Type

Dissertation

Department

Electrical and Computer Engineering

Degree Name

Doctor of Philosophy (PhD)

Advisor(s)

Collin Jackson,Patrick Tague

Exports

Exports