1 research outputs found
InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution
In today's web ecosystem, a website that uses a Content Delivery Network
(CDN) shares its Transport Layer Security (TLS) private key or session key with
the CDN. In this paper, we present the design and implementation of InviCloak,
a system that protects the confidentiality and integrity of a user and a
website's private communications without changing TLS or upgrading a CDN.
InviCloak builds a lightweight but secure and practical key distribution
mechanism using the existing DNS infrastructure to distribute a new public key
associated with a website's domain name. A web client and a website can use the
new key pair to build an encryption channel inside TLS. InviCloak accommodates
the current web ecosystem. A website can deploy InviCloak unilaterally without
a client's involvement to prevent a passive attacker inside a CDN from
eavesdropping on their communications. If a client also installs InviCloak's
browser extension, the client and the website can achieve end-to-end
confidential and untampered communications in the presence of an active
attacker inside a CDN. Our evaluation shows that InviCloak increases the median
page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is
smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution