Related papers: InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

URL: http://arxiv.org/abs/2209.01541v4
Date: Thu, 06 Mar 2025 00:06:47 GMT
Title: InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution
Authors: Shihan Lin, Rui Xin, Aayush Goel, Xiaowei Yang,
Abstract summary: InviCloak is a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN.<n>InviCloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure.
Score: 7.8017281332931665
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: In today's web ecosystem, a website that uses a Content Delivery Network (CDN) shares its Transport Layer Security (TLS) private key or session key with the CDN. In this paper, we present the design and implementation of InviCloak, a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN. InviCloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure to distribute a new public key associated with a website's domain name. A web client and a website can use the new key pair to build an encryption channel inside TLS. InviCloak accommodates the current web ecosystem. A website can deploy InviCloak unilaterally without a client's involvement to prevent a passive attacker inside a CDN from eavesdropping on their communications. If a client also installs InviCloak's browser extension, the client and the website can achieve end-to-end confidential and untampered communications in the presence of an active attacker inside a CDN. Our evaluation shows that InviCloak increases the median page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution.

Related papers

Toward Mixture-of-Experts Enabled Trustworthy Semantic Communication for 6G Networks [82.3753728955968]
We introduce a novel Mixture-of-Experts (MoE)-based SemCom system. This system comprises a gating network and multiple experts, each specializing in different security challenges. The gating network adaptively selects suitable experts to counter heterogeneous attacks based on user-defined security requirements. A case study in vehicular networks demonstrates the efficacy of the MoE-based SemCom system.
arXiv Detail & Related papers (2024-09-24T03:17:51Z)
Never Gonna Give You Up: Exploring Deprecated NULL Ciphers in Commercial VoWiFi Deployments [0.0]
Many operators use Voice over Wi-Fi (VoWiFi) allowing customers to dial into their core network over the public Internet. To protect against malicious actors on the WiFi or Internet domain, the traffic is sent over a series of IPsec tunnels. We want to analyze security configurations within commercial VoWiFi deployments, both on the client and server side.
arXiv Detail & Related papers (2024-06-18T07:32:38Z)
Implementation of New Security Features in CMSWEB Kubernetes Cluster at CERN [1.6804702845109005]
We discuss new security features introduced to the CMSWEB ("k8s") cluster. The new features include the implementation of network policies, deployment of Open Policy Agent (OPA), enforcement of OPA policies, and the integration of Vault.
arXiv Detail & Related papers (2024-05-24T08:22:22Z)
Non-Fungible Programs: Private Full-Stack Applications for Web3 [0.3683202928838613]
This paper introduces the Non-Fungible Program (NFP) model for developing self-contained applications. NFP applications are distributed blockchain, powered by Web technology, and backed by private databases in smart contracts. Access to code, as well as backend services, is controlled and guaranteed by smart contracts according to the NFT ownership model.
arXiv Detail & Related papers (2024-04-24T03:46:18Z)
Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks [55.340315838742015]
Negligence on the security of infotainment data communication in IoV networks can unintentionally open an easy access point for social engineering attacks. In particular, we first classify data communication in the IoV network, examine the security focus of each data communication, and then develop a differentiated security architecture to provide security protection on a file-to-file basis.
arXiv Detail & Related papers (2024-03-29T12:01:31Z)
HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z)
SemProtector: A Unified Framework for Semantic Protection in Deep Learning-based Semantic Communication Systems [51.97204522852634]
We present a unified framework that aims to secure an online semantic communications system with three semantic protection modules. Specifically, these protection modules are able to encrypt semantics to be transmitted by an encryption method, mitigate privacy risks from wireless channels by a perturbation mechanism, and calibrate distorted semantics at the destination. Our framework enables an existing online SC system to dynamically assemble the above three pluggable modules to meet customized semantic protection requirements.
arXiv Detail & Related papers (2023-09-04T06:34:43Z)
FedDefender: Client-Side Attack-Tolerant Federated Learning [60.576073964874]
Federated learning enables learning from decentralized data sources without compromising privacy. It is vulnerable to model poisoning attacks, where malicious clients interfere with the training process. We propose a new defense mechanism that focuses on the client-side, called FedDefender, to help benign clients train robust local models.
arXiv Detail & Related papers (2023-07-18T08:00:41Z)
Distributed Symmetric Key Establishment: A scalable, quantum-proof key distribution system [0.8192907805418583]
We propose and implement a protocol for a scalable, cost-effective, information-theoretically secure key distribution and management system. The system, called Distributed Symmetric Key Establishment (DSKE), relies on pre-shared random numbers between DSKE clients and a group of Security Hubs.
arXiv Detail & Related papers (2022-05-02T01:46:11Z)
Adaptive Webpage Fingerprinting from TLS Traces [13.009834690757614]
In webpage fingerprinting, an adversary infers the specific webpage loaded by a victim user by analysing the patterns in the encrypted TLS traffic exchanged between the user's browser and the website's servers. This work studies modern webpage fingerprinting adversaries against the TLS protocol. We introduce a TLS-specific model that: 1) scales to an unprecedented number of target webpages, 2) can accurately classify thousands of classes it never encountered during training, and 3) has low operational costs even in scenarios of frequent page updates.
arXiv Detail & Related papers (2020-10-19T15:13:07Z)
Towards Bidirectional Protection in Federated Learning [70.36925233356335]
F2ED-LEARNING offers bidirectional defense against malicious centralized server and Byzantine malicious clients. F2ED-LEARNING securely aggregates each shard's update and launches FilterL2 on updates from different shards. evaluation shows that F2ED-LEARNING consistently achieves optimal or close-to-optimal performance.
arXiv Detail & Related papers (2020-10-02T19:37:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.