Presentation is loading. Please wait.

Presentation is loading. Please wait.

SFS-HTTP: Securing the Web with Self-Certifying URLs

Published byCatherine Russell Modified over 6 years ago

Similar presentations

Presentation on theme: "SFS-HTTP: Securing the Web with Self-Certifying URLs"— Presentation transcript:

1 SFS-HTTP: Securing the Web with Self-Certifying URLs
Eric Banks & Michael Kaminsky Topics in Networking 2 December 1999

2 Current State of Web Security
CA Connection request Client Server Certificate Encrypted connection

3 Goal: Extensible Host Authentication
Client Server Public keys

4 Self-certifying Pathnames and URLs
/sfs/host:HostID/path (SFS) (SFS-HTTP) Example:

5 Overall Picture Client Client Server Server Daemon Daemon (Browser)
Encrypted Daemon Daemon (Browser) (e.g.. Apache) Network Connection User Agent

6 Communicate via Sun RPC over an encrypted transport
Client Server Encrypted Daemon Daemon Network Connection Communicate via Sun RPC over an encrypted transport RPC transport uses: arc4 stream cipher for encryption SHA1-based MAC for integrity Server sends copy of its public key to the client Client verifies public key with HostID

7 Both processes are on same machine
Server Server Daemon (e.g.. Apache) Both processes are on same machine Server daemon makes requests to local web server Works asynchronously (multiple requests sent in parallel)

8 Client Client Daemon (Browser) Both processes are on same machine Client daemon acts as a web proxy Client daemon parses request and checks for HostID HostID given: establish encrypted connection No HostID: ask User Agent for HostID HostID returned: establish encrypted connection No HostID: unencrypted connection

9 Server Authentication #1: Direct Authentication
Client Client “GET Daemon

10 Server Authentication #2: Agent Authentication
Client Client “GET Daemon host? HostID User Agent

11 No Authentication: Unencrypted Connection
Client Client “GET Direct connection Daemon to web server host? ??? User Agent

12 User Authentication None Password (over an encrypted connection)

13 Contributions It Works! Can be done….
Don’t need to modify existing software Arbitrary user-defined security model for the Web Persistent connections

14 Performance Normal: SFS-HTTP Unencrypted: SFS-HTTP Encrypted:

15 Future Work One proxy per machine
Automatically add HostIDs to User Agent Scalability (public key crypto is expensive) Access control in server daemon

Download ppt "SFS-HTTP: Securing the Web with Self-Certifying URLs"

Similar presentations

Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.

Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.
SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.

SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
2/9/2004 Web and HTTP February 9, 2004. 2/9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.

2/9/2004 Web and HTTP February 9, /9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.

Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Rensselaer Polytechnic Institute Shivkumar Kalvanaraman, Biplab Sikdar 1 The Web: the http protocol http: hypertext transfer protocol Web’s application.

Rensselaer Polytechnic Institute Shivkumar Kalvanaraman, Biplab Sikdar 1 The Web: the http protocol http: hypertext transfer protocol Web’s application.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
POSTER TEMPLATE BY: Whitewater HTTP Vulnerabilities Nick Berry, Joe Joyce, & Kevin Vaccaro. Syntax & Routing Attempt to capture.

POSTER TEMPLATE BY: Whitewater HTTP Vulnerabilities Nick Berry, Joe Joyce, & Kevin Vaccaro. Syntax & Routing Attempt to capture.
1 FAQ’S ABOUT WAP Presented By Abhilash Pillai CSCI 5939-Independent Study.

1 FAQ’S ABOUT WAP Presented By Abhilash Pillai CSCI 5939-Independent Study.

Similar presentations

Ads by Google