HTTPA/2: a Trusted End-to-End Protocol for Web Services

  title={HTTPA/2: a Trusted End-to-End Protocol for Web Services},
  author={Gordon King and Hans Shih-Han Wang},
With the advent of cloud computing and the Internet, the commercialized website becomes capable of providing more web services, such as software as a service (SaaS) or function as a service (FaaS), for great user experiences. Undoubtedly, web services have been thriving in popularity that will continue growing to serve modern human life. As expected, there came the ineluctable need for preserving privacy, enhancing security, and building trust. However, HTTPS alone cannot provide a remote… 

Figures from this paper



HMAC-based Extract-and-Expand Key Derivation Function (HKDF)

This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key

An Interface and Algorithms for Authenticated Encryption

This document defines algorithms for Authenticated Encryption with Associated Data (AEAD), and defines a uniform interface and a registry for such algorithms. The interface and registry can be used

Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing

This document provides an overview of HTTP architecture and its associated terminology, defines the "http" and "https" Uniform Resource Identifier (URI) schemes, defining the HTTP/1.1 message syntax and parsing requirements, and describes related security concerns for implementations.

The Transport Layer Security (TLS) Protocol Version 1.3

This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent

An Exploratory Study of Attestation Mechanisms for Trusted Execution Environments

This paper reviews existing remote attestation principles and compares the functionalities of current trusted execution environments as Intel SGX, Arm TrustZone and AMD SEV, as well as emerging RISC-V solutions.

HTTPA: HTTPS Attestable Protocol

An HTTP protocol extension, called HTTPS Attestable (HTTPA), is proposed by including a remote attestation process onto the HTTPS protocol to address the privacy and security concerns on the web and the access of trust over the Internet.

Flexible Mechanisms for Remote Attestation

It is argued that adding the ability to negotiate the appropriate kind of attestation allows for remote attestations that better adapt to a dynamically changing environment and suggests a language-based solution to taming the complexity of specifying and negotiating attestation procedures.

Remote Attestation: A Literature Review

The state-of-the-art for remote attestation is described and evaluated, which covers singular attestation of devices as well as newer research in the area of formally verified RA protocols, swarm attestation and control-flow attestation.

Trusted Execution Environments: Properties, Applications, and Challenges

Vulnerabilities in the kernel itself, side-channel attacks, or even physical attacks can be used to undermine process isolation, leading to a continuous arms race between attacks and defenses.

Object Security for Constrained RESTful Environments (OSCORE)

OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP, using CBOR Object Signing and Encryption (COSE).