• Corpus ID: 239009894

HTTPA: HTTPS Attestable Protocol

@article{King2021HTTPAHA,
  title={HTTPA: HTTPS Attestable Protocol},
  author={Gordon King and Hans Shih-Han Wang},
  journal={ArXiv},
  year={2021},
  volume={abs/2110.07954}
}
Hypertext Transfer Protocol Secure (HTTPS) protocol has become an integral part of modern Internet technology. Currently, it is the primary protocol for commercialized web applications. It can provide a fast, secure connection with a certain level of privacy and integrity, and it has become a basic assumption on most web services on the Internet. However, HTTPS alone cannot provide security assurances on request data in computing, so the computing environment remains uncertain of risks and… 
1 Citations

Figures from this paper

HTTPA/2: a Trusted End-to-End Protocol for Web Services

TLDR
This work presents a major revision of the HTTPA protocol (HTTPA/2), which can potentially be used to optimize the end-to-end performance of Internet or cloud backend traffic, thus saving energy and reducing the operational costs of Cloud Service Providers (CSPs).

References

SHOWING 1-10 OF 10 REFERENCES

The Transport Layer Security (TLS) Protocol Version 1.2

TLDR
This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol, which provides communications security over the Internet by allowing client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.

SPX: Preserving End-to-End Security for Edge Computing

TLDR
SPX uses Intel SGX to bind the communication channel with remote attestation and to provide a solution that not only defends against potential attacks but also results in low performance overheads, and neither mandates any changes on the end-user side nor breaks interoperability with existing protocols.

Integrating Remote Attestation with Transport Layer Security

TLDR
This work seamlessly combine Intel SGX remote attestation with the establishment of a standard Transport Layer Security (TLS) connection, and has prototype implementations for three widely used open-source TLS libraries: OpenSSL, wolfSSL and mbedTLS.

Mission accomplished?: HTTPS security after diginotar

TLDR
It is found that while deployment of new security features has picked up in general, only SCSV and CT have gained enough momentum to improve the overall security of HTTPS.

Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing

TLDR
This document provides an overview of HTTP architecture and its associated terminology, defines the "http" and "https" Uniform Resource Identifier (URI) schemes, defining the HTTP/1.1 message syntax and parsing requirements, and describes related security concerns for implementations.

Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

TLDR
This document defines the semantics of HTTP/1.1 messages, as expressed by request methods, request header fields, response status codes, and response headers, along with the payload of messages (metadata and body content) and mechanisms for content negotiation.

Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)

TLDR
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements on the standardization state and status of this protocol.

Upgrading to TLS Within HTTP/1.1

TLDR
The Upgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection allows unsecured and secured HTTP traffic to share the same well known port.

HTTP Over TLS. RFC 2818

    Bypassing HTTP strict transport security

    • Black Hat Europe
    • 2014