research-article

The Cost of the "S" in HTTPS

Authors:

Alessandro Finamore,

Ilias Leontiadis,

Yan Grunenberger,

Maurizio Munafò,

Konstantina Papagiannaki,

Peter SteenkisteAuthors Info & Claims

CoNEXT '14: Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies

Pages 133 - 140

https://doi.org/10.1145/2674005.2674991

Published: 02 December 2014 Publication History

Abstract

Increased user concern over security and privacy on the Internet has led to widespread adoption of HTTPS, the secure version of HTTP. HTTPS authenticates the communicating end points and provides confidentiality for the ensuing communication. However, as with any security solution, it does not come for free. HTTPS may introduce overhead in terms of infrastructure costs, communication latency, data usage, and energy consumption. Moreover, given the opaqueness of the encrypted communication, any in-network value added services requiring visibility into application layer content, such as caches and virus scanners, become ineffective.

This paper attempts to shed some light on these costs. First, taking advantage of datasets collected from large ISPs, we examine the accelerating adoption of HTTPS over the last three years. Second, we quantify the direct and indirect costs of this evolution. Our results show that, indeed, security does not come for free. This work thus aims to stimulate discussion on technologies that can mitigate the costs of HTTPS while still protecting the user's privacy.

References

[1]

The Transport Layer Security (TLS) Protocol | RFC 5246.

[2]

G. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How Much Does It Really Cost? In INFOCOM 1999.

[3]

C. Castelluccia. Improving Secure Server Performance by Rebalancing SSL/TLS Handshakes. In USENIX Security Symposium, 2005.

[4]

C. Coarfa, P. Druschel, and D. S. Wallach. Performance Analysis of TLS Web Servers. ACM Trans. Comput. Syst., 24(1):39--69, Feb. 2006.

Digital Library

[5]

Y. El-khatib, G. Tyson, and M. Welzl. Can SPDY Really Make the Web Faster? In IFIP Networking 2014.

[6]

J. Erman, V. Gopalakrishnan, R. Jana, and K. K. Ramakrishnan. Towards a SPDY'Ier Mobile Web? In CoNEXT '13.

Digital Library

[7]

A. Finamore, M. Mellia, M. Meo, M. M. Munafo, and D. Rossi. Experiences of Internet Traffic Monitoring with Tstat. IEEE Network, 25(3), 2011.

[8]

P. Guy. Not as SPDY as You Thought. http://goo.gl/RQkTwx, June 2012.

[9]

HTTPBis Working Group. Explicit Trusted Proxy in HTTP/2.0. http://goo.gl/BUxQ22, February 2014.

[10]

IETF HTTPbis Working Group. Http/2. http://http2.github.io/.

[11]

S. Ihm and V. S. Pai. Towards Understanding Modern Web Traffic. In IMC 2011.

Digital Library

[12]

K. Jang, S. Han, S. Han, S. Moon, and K. Park. SSLShader: Cheap SSL Acceleration with Commodity Processors. In NSDI 2011.

Digital Library

[13]

S. Renfro. Secure browsing by default. http://goo.gl/B7U3jv, July 2013.

[14]

The Chromium Projects. Spdy. http://www.chromium.org/spdy.

[15]

X. S. Wang, A. Balasubramanian, A. Krishnamurthy, and D. Wetherall. Demystifying Page Load Performance with WProf. In NSDI 2013.

Digital Library

Cited By

Fitzgibbon GOttaviani C(2024)Constrained Device Performance Benchmarking with the Implementation of Post-Quantum CryptographyCryptography10.3390/cryptography80200218:2(21)Online publication date: 23-May-2024
https://doi.org/10.3390/cryptography8020021
Sengupta JKosek MFries JFerlin-Reiter SBajpai V(2024)On Cross-Layer Interactions of QUIC, Encrypted DNS and HTTP/3: Design, Evaluation, and DatasetIEEE Transactions on Network and Service Management10.1109/TNSM.2024.338378721:3(2992-3007)Online publication date: Jun-2024
https://doi.org/10.1109/TNSM.2024.3383787
Shi SZhang CZhang ZZhang HZeng XLi WWang JZhang XShen YLi JGuan H(2024)vCrypto: a Unified Para-Virtualization Framework for Heterogeneous Cryptographic ResourcesIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621287(781-790)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621287
Show More Cited By

Index Terms

The Cost of the "S" in HTTPS
1. Networks
  1. Network protocols

Recommendations

Analysis of the HTTPS certificate ecosystem
IMC '13: Proceedings of the 2013 conference on Internet measurement conference

We report the results of a large-scale measurement study of the HTTPS certificate ecosystem---the public-key infrastructure that underlies nearly all secure web communications. Using data collected by performing 110 Internet-wide scans over 14 months, ...
A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations

HTTPS refers to an application-specific implementation that runs HyperText Transfer Protocol (HTTP) on top of Secure Socket Layer (SSL) or Transport Layer Security (TLS). HTTPS is used to provide encrypted communication and secure identification of web ...
Verified Secure Implementations for the HTTPS Ecosystem: Invited Talk
PLAS '16: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security

The HTTPS ecosystem, including the SSL/TLS protocol, the X.509 public-key infrastructure, and their cryptographic libraries, is the standardized foundation of Internet Security. Despite 20 years of progress and extensions, however, its practical ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CoNEXT '14: Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies

December 2014

438 pages

ISBN:9781450332798

DOI:10.1145/2674005

General Chairs:
Aruna Seneviratne
NICTA/UNSW, Australia
,
Christophe Diot
Technicolor, France
,
Jim Kurose
Umass, USA
,
Program Chairs:
Augustin Chaintreau
Columbia University, USA
,
Luigi Rizzo
University of Pisa, Italy

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 December 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CoNEXT '14

Sponsor:

SIGCOMM

CoNEXT '14: Conference on emerging Networking Experiments and Technologies

December 2 - 5, 2014

Sydney, Australia

Acceptance Rates

CoNEXT '14 Paper Acceptance Rate 27 of 133 submissions, 20%;

Overall Acceptance Rate 198 of 789 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

139
Total Citations
View Citations
2,062
Total Downloads

Downloads (Last 12 months)166
Downloads (Last 6 weeks)24

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Fitzgibbon GOttaviani C(2024)Constrained Device Performance Benchmarking with the Implementation of Post-Quantum CryptographyCryptography10.3390/cryptography80200218:2(21)Online publication date: 23-May-2024
https://doi.org/10.3390/cryptography8020021
Sengupta JKosek MFries JFerlin-Reiter SBajpai V(2024)On Cross-Layer Interactions of QUIC, Encrypted DNS and HTTP/3: Design, Evaluation, and DatasetIEEE Transactions on Network and Service Management10.1109/TNSM.2024.338378721:3(2992-3007)Online publication date: Jun-2024
https://doi.org/10.1109/TNSM.2024.3383787
Shi SZhang CZhang ZZhang HZeng XLi WWang JZhang XShen YLi JGuan H(2024)vCrypto: a Unified Para-Virtualization Framework for Heterogeneous Cryptographic ResourcesIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621287(781-790)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621287
Matias MFerreira EMateus-Coelho NRibeiro OFerreira L(2024)Evaluating Effectiveness and Security in Microservices ArchitectureProcedia Computer Science10.1016/j.procs.2024.05.148237:C(626-636)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1016/j.procs.2024.05.148
Mi YRotem RDaykan YO’Reilly BTabirca S(2024)PHPlace: A New Perspective on Managing Pelvic Organ Prolapse Through Mobile ApplicationsWireless Mobile Communication and Healthcare10.1007/978-3-031-60665-6_29(386-399)Online publication date: 28-Jun-2024
https://doi.org/10.1007/978-3-031-60665-6_29
Wang WLee HHuang YBertino ELi N(2024)Towards Efficient Privacy-Preserving Deep Packet InspectionComputer Security – ESORICS 202310.1007/978-3-031-51476-0_9(166-192)Online publication date: 11-Jan-2024
https://doi.org/10.1007/978-3-031-51476-0_9
Klymenko MStriuk A(2023)Design and implementation of an edge computing-based GPS tracking systemJournal of Edge Computing10.55056/jec.634Online publication date: 19-Nov-2023
https://doi.org/10.55056/jec.634
Mike NKrén EKecskeméti T(2023)Farkasbiztos téglaház? A KKV-k információbiztonsága MagyarországonVezetéstudomány / Budapest Management Review10.14267/VEZTUD.2023.09.0454:9(44-57)Online publication date: 15-Sep-2023
https://doi.org/10.14267/VEZTUD.2023.09.04
de Carné de Carnavalet Xvan Oorschot P(2023)A Survey and Analysis of TLS Interception Mechanisms and Motivations: Exploring how end-to-end TLS is made “end-to-me” for web trafficACM Computing Surveys10.1145/358052255:13s(1-40)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1145/3580522
Trevisan MSoro FMellia MDrago IMorla R(2023)Attacking DoH and ECH: Does Server Name Encryption Protect Users’ Privacy?ACM Transactions on Internet Technology10.1145/357072623:1(1-22)Online publication date: 23-Feb-2023
https://dl.acm.org/doi/10.1145/3570726
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents