• Corpus ID: 239009894

HTTPA: HTTPS Attestable Protocol

  title={HTTPA: HTTPS Attestable Protocol},
  author={Gordon King and Hans Shih-Han Wang},
Hypertext Transfer Protocol Secure (HTTPS) protocol has become an integral part of modern Internet technology. Currently, it is the primary protocol for commercialized web applications. It can provide a fast, secure connection with a certain level of privacy and integrity, and it has become a basic assumption on most web services on the Internet. However, HTTPS alone cannot provide security assurances on request data in computing, so the computing environment remains uncertain of risks and… 
1 Citations

Figures from this paper

HTTPA/2: a Trusted End-to-End Protocol for Web Services

This work proposes HTTPA/2 as an upgraded version of HTTP-Attestable (HTTPA) by augmenting existing HTTP to enable end-to-end trusted communication between endpoints at layer 7 (L7), which allows for L7 message protection without relying on TLS.



Integrating Remote Attestation with Transport Layer Security

This work seamlessly combine Intel SGX remote attestation with the establishment of a standard Transport Layer Security (TLS) connection, and has prototype implementations for three widely used open-source TLS libraries: OpenSSL, wolfSSL and mbedTLS.

Mission accomplished?: HTTPS security after diginotar

It is found that while deployment of new security features has picked up in general, only SCSV and CT have gained enough momentum to improve the overall security of HTTPS.

SPX: Preserving End-to-End Security for Edge Computing

SPX uses Intel SGX to bind the communication channel with remote attestation and to provide a solution that not only defends against potential attacks but also results in low performance overheads, and neither mandates any changes on the end-user side nor breaks interoperability with existing protocols.

Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements on the standardization state and status of this protocol.

The Transport Layer Security (TLS) Protocol Version 1.2

This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol, which provides communications security over the Internet by allowing client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.

Upgrading to TLS Within HTTP/1.1

The Upgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection allows unsecured and secured HTTP traffic to share the same well known port.

Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing

This document provides an overview of HTTP architecture and its associated terminology, defines the "http" and "https" Uniform Resource Identifier (URI) schemes, defining the HTTP/1.1 message syntax and parsing requirements, and describes related security concerns for implementations.

Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

This document defines the semantics of HTTP/1.1 messages, as expressed by request methods, request header fields, response status codes, and response headers, along with the payload of messages (metadata and body content) and mechanisms for content negotiation.

HTTP Over TLS. RFC 2818

    Bypassing HTTP strict transport security

    • Black Hat Europe
    • 2014