skip to main content
10.1145/3011883.3011890acmotherconferencesArticle/Chapter ViewAbstractPublication PagesnspwConference Proceedingsconference-collections
research-article
Public Access

Content-based security for the web

Published: 26 September 2016 Publication History

Abstract

The World Wide Web has become the most common platform for building applications and delivering content. Yet despite years of research, the web continues to face severe security challenges related to data integrity and confidentiality. Rather than continuing the exploit-and-patch cycle, we propose addressing these challenges at an architectural level, by supplementing the web's existing connection-based and server-based security models with a new approach: content-based security. With this approach, content is directly signed and encrypted at rest, enabling it to be delivered via any path and then validated by the browser. We explore how this new architectural approach can be applied to the web and analyze its security benefits. We then discuss a broad research agenda to realize this vision and the challenges that must be overcome.

References

[1]
D. Adrian, K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green, J. A. Halderman, N. Heninger, D. Springall, E. Thomé, L. Valenta, B. VanderSloot, E. Wustrow, S. Zanella-Béguelin, and P. Zimmermann. Imperfect forward secrecy: How Diffie-Hellman fails in practice. In 22nd ACM Conference on Computer and Communications Security (CCS), Oct. 2015.
[2]
Akamai. Akamai website. https://www.akamai.com/. Accessed: September 23, 2015.
[3]
D. Akhawe, F. Braun, F. Marier, and J. Weinberger. Subresource integrity. http://www.w3.org/TR/2015/WD-SRI-20150916/, Sept. 2015. Accessed: September 23, 2015.
[4]
J. Angwin, J. Larson, C. Savage, J. Risen, H. Moltke, and L. Poitras. NSA spying relies on AT&T's 'extreme willingness to help'. https://www.propublica.org/article/nsa-spying-relies-on-atts-extreme-willingness-to-help, 2015. Accessed: September 18, 2015.
[5]
Anthem. Statement regarding cyber attack against Anthem. https://www.anthem.com/health-insurance/about-us/pressreleasedetails/WI/2015/1813/statement-regarding-cyber-attack-against-anthem, 2015. Accessed: September 23, 2015.
[6]
N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J. A. Halderman, V. Dukhovni, E. Käsper, S. Cohney, S. Engels, C. Paar, and Y. Shavitt. DROWN: Breaking TLS with SSLv2. In 25th USENIX Security Symposium, Aug. 2016.
[7]
C. Babcock. 'Let's Encrypt' will try to secure the Internet. Information Week, 2015.
[8]
M. Backes, R. Gerling, S. Gerling, S. Nürnberger, D. Schröder, and M. Simkin. WebTrust---a comprehensive authenticity and integrity framework for HTTP. In 12th International Conference on Applied Cryptography and Network Security (ACNS), volume 8479, pages 401--418, 2014.
[9]
R. Barnes. DANE: Taking TLS authentication to the next level using DNSSEC. IETF Journal, 2011.
[10]
R. Barnes. Use cases and requirements for JSON object signing and encryption (JOSE). RFC 7165, 2014.
[11]
A. Barth. The web origin concept. RFC 6454, Dec. 2011.
[12]
B. Beurdouche, K. Bhargavan, A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, and J. K. Zinzindohoue. A messy state of the union: Taming the composite state machines of TLS. In 36th IEEE Symposium on Security and Privacy, pages 535--552, 2015.
[13]
J. Burke, A. Horn, and A. Marianantoni. Authenticated lighting control using named data networking. Technical Report NDN-0011, NDN, October 2012.
[14]
B. Carpenter and S. Brim. Middleboxes: Taxonomy and issues. RFC 3234, Feb. 2002.
[15]
T. Choi and M. G. Gouda. HTTPI: An HTTP with integrity. In 20th International Conference on Computer Communications and Networks (ICCCN), 2011.
[16]
S. Christey and R. A. Martin. Vulnerability type distributions in CVE. https://cwe.mitre.org/documents/vuln-trends/index.html, 2007. Accessed: September 23, 2015.
[17]
Cisco. Cisco visual networking index: Forecast and methodology, 2014--2019. White Paper http://www.cisco.com/c/en/us/solutions/collateral/service-provider/ip-ngn-ip-next-generation-network/white_paper_c11-481360.html, 2015. Accessed: September 23, 2015.
[18]
CloudFlare. CloudFlare one-click SSL. https://www.cloudflare.com/ssl. Accessed: September 23, 2015.
[19]
CloudFlare. CloudFlare website. https://www.cloudflare.com/. Accessed: September 23, 2015.
[20]
D. Crockford. Adsafe. http://www.adsafe.org/.
[21]
W. De Groef, D. Devriese, N. Nikiforakis, and F. Piessens. Flowfox: a web browser with flexible and precise information flow control. In 19th ACM Conference on Computer and Communications Security (CCS), pages 748--759. ACM, 2012.
[22]
J. B. Dennis and E. C. Van Horn. Programming semantics for multiprogrammed computations. Communications of the ACM, 9(3):143--155, 1966.
[23]
Z. Durumeric, J. Kasten, M. Bailey, and J. A. Halderman. Analysis of the HTTPS certificate ecosystem. In 13th ACM Internet Measurement Conference (IMC), 2013.
[24]
Z. Durumeric, F. Li, J. Kasten, J. Amann, J. Beekman, M. Payer, N. Weaver, D. Adrian, V. Paxson, M. Bailey, and J. A. Halderman. The matter of Heartbleed. In 14th ACM Internet Measurement Conference (IMC), 2015.
[25]
P. Eckersley and J. Burns. The (decentralized) SSL observatory. Invited talk at 20th USENIX Security Symposium, 2011.
[26]
C. Evans and C. Palmer. Certificate pinning extension for HSTS. http://tools.ietf.org/html/draft-evans-palmer-hsts-pinning-00. Accessed: March 22, 2013.
[27]
C. Gaspard, S. Goldberg, W. Itani, E. Bertino, and C. Nita-Rotaru. SINE: Cache-friendly integrity for the web. In 5th IEEE Workshop on Secure Network Protocols (NPSec), pages 7--12, 2009.
[28]
J. Gionta, P. Ning, and X. Zhang. iHTTP: Efficient authentication of non-confidential HTTP traffic. In 10th International Conference on Applied Cryptography and Network Security, pages 381--399, 2012.
[29]
D. Grandon. Ashley Madison, a dating website, says hackers may have data on millions. http://www.nytimes.com/2015/07/21/technology/hacker-attack-reported-on-ashley-madison-a-dating-service.html, 2015. Accessed: September 23, 2015.
[30]
W. He, D. Akhawe, S. Jain, E. Shi, and D. Song. ShadowCrypt: Encrypted web applications for everyone. In 21st ACM Conference on Computer and Communications Security (CCS), pages 1028--1039, 2014.
[31]
I. Hickson. HTML5 web messaging. http://www.w3.org/TR/2015/REC-webmessaging-20150519/. Accessed September 23, 2015.
[32]
P. Hoffman and J. Schlyter. The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA. RFC 6698, 2012.
[33]
L. Ingram and M. Walfish. TreeHouse: JavaScript sandboxes to help web developers help themselves. In 2012 USENIX Annual Technical Conference. USENIX Association, 2012.
[34]
C. Jackson and A. Barth. Beware of finer-grained origins. In Web 2.0 Security and Privacy (W2SP), 2008.
[35]
V. Jacobson. A new way to look at networking. https://www.youtube.com/watch?v=oCZMoY3q2uM, 2006.
[36]
V. Jacobson, D. K. Smetters, J. D. Thornton, M. F. Plass, N. H. Briggs, and R. L. Braynard. Networking named content. In 5th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), 2009.
[37]
G. Keizer. Hackers spied on 300,000 Iranians using fake Google certificate. Accessed: 27 October, 2015.
[38]
G. Keizer. Apple's OS X 'Rootpipe' patch flops, fails to fix flaw. http://www.computerworld.com/article/2912619/mac-os-x/apples-os-x-rootpipe-patch-flops-fails-to-fix-flaw.html, 2015. Accessed: September 23, 2015.
[39]
Keybase. https://keybase.io/. Accessed: September 23, 2015.
[40]
LastPass. LastPass security notice. https://blog.lastpass.com/2015/06/lastpass-security-notice.html/, 2015. Accessed: September 23, 2015.
[41]
C. Lesniewski-Laas and M. F. Kaashoek. SSL splitting: Securely serving data from untrusted caches. Computer Networks, 48(5):763--779, 2005.
[42]
Let's Encrypt. https://letsencrypt.org/. Accessed: September 23, 2015.
[43]
J. Liang, J. Jiang, H. Duan, K. Li, T. Wan, and J. Wu. When HTTPS meets CDN: A case of authentication in delegated service. In 35th IEEE Symposium on Security and Privacy, pages 67--82, 2014.
[44]
LinkedIn. An update on LinkedIn member passwords compromised. http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/, 2012. Accessed: September 23, 2015.
[45]
S. Maffeis, J. C. Mitchell, and A. Taly. Object capabilities and isolation of untrusted web applications. In 31st IEEE Symposium on Security and Privacy, pages 125--140. IEEE, 2010.
[46]
J. Manyika and C. Roxburgh. The great transformer: The impact of the internet on economic growth and prosperity. McKinsey Global Institute report, 2011. http://www.mckinsey.com/industries/high-tech/our-insights/the-great-transformer.
[47]
B. Marczak, N. Weaver, J. Dalek, R. Ensafi, D. Fifield, S. McKune, A. Rey, J. Scott-Railton, R. Deibert, and V. Paxson. An analysis of China's "Great Cannon". In 5th USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2015.
[48]
M. Marlinspike. SSL and the future of authenticity. Black Hat USA, 2011.
[49]
M. Marlinspike and T. Perrin. Trust assertions for certificate keys. Internet Draft, 2012. https://tools.ietf.org/html/draft-perrin-tls-tack-00.
[50]
L. Meyerovich and B. Livshits. ConScript: Specifying and enforcing fine-grained security policies for JavaScript in the browser. In 31st IEEE Symposium on Security and Privacy, pages 481--496, 2010.
[51]
M. S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. Caja: Safe active content in sanitized JavaScript. http://google-caja.googlecode.com/files/caja-spec-2008-01-15.pdf, Jan. 2008.
[52]
I. Moiseenko. Fetching content in named data networking with embedded manifests. Technical Report NDN-0025, NDN, September 2014.
[53]
T. Moyer, K. Butler, J. Schiffman, P. McDaniel, and T. Jaeger. Scalable web content attestation. IEEE Transactions on Computers, 61(5):686--699, 2012.
[54]
Mozilla. Same-origin policy. https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy. Accessed September 23, 2015.
[55]
Mozilla. SubtleCrypto. https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto. Accessed: September 23, 2015.
[56]
NDN Team. Named Data Networking (NDN) Project. Technical Report NDN-0001, Named Data Networking Project, Oct. 2010. http://named-data.net/wp-content/uploads/TR001ndn-proj.pdf.
[57]
Netflix. Netflix Open Connect. https://openconnect.netflix.com/. Accessed: September 23, 2015.
[58]
OWASP. OWASP top 10 project. https://www.owasp.org/index.php/Top_10_2013-Top_10, 2013. Accessed: September 23, 2015.
[59]
Ponemon Institute. 2015 cost of data breach study: Global analysis, May 2015. http://www-03.ibm.com/security/data-breach/.
[60]
L. Popa, A. Ghodsi, and I. Stoica. HTTP as the narrow waist of the future Internet. In 9th ACM SIGCOMM Workshop on Hot Topics in Networks. ACM, 2010.
[61]
E. Rescorla. HTTP over TLS. RFC 2818, May 2000.
[62]
E. Rescorla and A. Schiffman. The secure hypertext transfer protocol. RFC 2660, Nov. 1999.
[63]
S. Ruoti, J. Andersen, S. Heidbrink, M. O'Neill, E. Vaziripour, J. Wu, D. Zappala, and K. Seamons. "We're on the same page": A usability study of secure email using pairs of novice users. In 34th ACM Conference on Human Factors and Computing Systems (CHI), San Jose, CA, 2016. ACM.
[64]
S. Ruoti, J. Andersen, T. Hendershot, D. Zappala, and K. Seamons. Private Webmail 2.0: Simple and easy-to-use secure email. In 29th ACM User Interface Software and Technology Symposium (UIST), Tokyo, Japan, 2016. ACM.
[65]
S. Ruoti, J. Andersen, T. Monson, D. Zappala, and K. Seamons. Messageguard: A browser-based platform for usable, content-based encryption research. arXiv preprint arXiv:1510.08943, 2016.
[66]
S. Ruoti, N. Kim, B. Burgon, T. Van Der Horst, and K. Seamons. Confused Johnny: when automatic encryption leads to confusion and mistakes. In 9th Symposium on Usable Privacy and Security (SOUPS), 2013.
[67]
M. D. Ryan. Enhanced certificate transparency and end-to-end encrypted mail. In 2014 ISOC Network and Distributed System Security Symposium (NDSS). Internet Society, 2014.
[68]
W. Shang, A. Afanasyev, and L. Zhang. The design and implementation of the NDN protocol stack for RIOT-OS. Technical Report NDN-0043, NDN, July 2016.
[69]
W. Shang, Y. Yu, R. Droms, and L. Zhang. Challenges in IoT networking via TCP/IP architecture. Technical Report NDN-0038, NDN, February 2016.
[70]
W. Shang, Y. Yu, T. Liang, B. Zhang, and L. Zhang. NDN-ACE: Access control for constrained environments over named data networking. Technical Report NDN-0036, NDN, December 2015.
[71]
S. Sheng, L. Broderick, C. A. Koranda, and J. J. Hyland. Why johnny still can't encrypt: evaluating the usability of email encryption software. In 2nd Symposium On Usable Privacy and Security (SOUPS), 2006.
[72]
J. Silver-Greenberg, M. Goldstein, and N. Perlroth. JPMorgan Chase hacking affects 76 million households. The New York Times, 2014. http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/. Accessed: September 23, 2015.
[73]
K. Singh, H. J. Wang, A. Moshchuk, C. Jackson, and W. Lee. Practical end-to-end web content integrity. In 21st International World Wide Web Conference (WWW), pages 659--668, 2012.
[74]
R. Sleevi and M. Watson. Web cryptography API. http://www.w3.org/TR/2014/CR-WebCryptoAPI-20141211/, 2014. Accessed: September 23, 2015.
[75]
C. Soghoian and S. Stamm. Certified lies: Detecting and defeating government interception attacks against SSL. In Financial Cryptography and Data Security, pages 250--259. Springer, 2012.
[76]
Symantec. Symantec Internet security threat report. http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_exec_summary_internet_security_threat_report_xiii_04-2008.en-us.pdf, 2008. Accessed: September 23, 2015.
[77]
M. Ter Louw, K. T. Ganesh, and V. Venkatakrishnan. AdJail: Practical enforcement of confidentiality and integrity policies on web advertisements. In 19th USENIX Security Symposium, pages 371--388, 2010.
[78]
C. Terhune. UCLA Health System data breach affects 4.5 million patients. Los Angeles Times, 2015. http://www.latimes.com/business/la-fi-ucla-medical-data-20150717-story.html. Accessed: September 23, 2015.
[79]
S. Van Acker, P. De Ryck, L. Desmet, F. Piessens, and W. Joosen. WebJail: Least-privilege integration of third-party components in web mashups. In 27th Annual Computer Security Applications Conference (ACSAC), pages 307--316, 2011.
[80]
E. Vaziripour, M. O'Neill, J. Wu, S. Heidbrink, K. Seamons, and D. Zappala. Social authentication for end-to-end encryption. In 2nd Workshop on "Who Are You?! Adventures in Authentication" (WAY) at the Symposium on Usable Privacy and Security, 2016.
[81]
L. Wang, I. Moiseenko, and L. Zhang. NDNlive and NDNtube: Live and prerecorded video streaming over NDN, April 2015.
[82]
D. Wendlandt, D. G. Andersen, and A. Perrig. Perspectives: Improving SSH-style host authentication with multi-path probing. In USENIX Annual Technical Conference, pages 321--334, 2008.
[83]
M. West and D. Veditz. Content security policy. https://w3c.github.io/webappsec/specs/content-security-policy/, 2015. Accessed: September 23, 2015.
[84]
A. Whitten and J. D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In 8th USENIX Security Symposium, 1999.
[85]
Y. Yu, A. Afanasyev, D. Clark, V. Jacobson, L. Zhang, et al. Schematizing trust in named data networking. In 2nd International Conference on Information-Centric Networking, pages 177--186. ACM, 2015.
[86]
Y. Yu, A. Afanasyev, and L. Zhang. NDN DeLorean: An authentication system for data archives in named data networking. Technical Report NDN-0040, NDN, May 2016.
[87]
L. Zhang, A. Afanasyev, J. Burke, V. Jacobson, k. claffy, P. Crowley, C. Papadopoulos, L. Wang, and B. Zhang. Named Data Networking. ACM SIGCOMM Computer Communication Review (CCR), 44(3):66--73, July 2014.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
NSPW '16: Proceedings of the 2016 New Security Paradigms Workshop
September 2016
113 pages
ISBN:9781450348133
DOI:10.1145/3011883
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

  • ACSA: Applied Computing Security Assoc
  • The National Science Foundation
  • DELL
  • CISCO

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 September 2016

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. content-based security
  2. end-to-end encryption
  3. web security

Qualifiers

  • Research-article

Funding Sources

Conference

NSPW '16
Sponsor:
  • ACSA
NSPW '16: New Security Paradigms Workshop 2016
September 26 - 29, 2016
Colorado, Granby, USA

Acceptance Rates

Overall Acceptance Rate 98 of 265 submissions, 37%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)278
  • Downloads (Last 6 weeks)6
Reflects downloads up to 01 Jan 2025

Other Metrics

Citations

Cited By

View all

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media