References & Citations
Computer Science > Cryptography and Security
Title: HTTPA/2: a Trusted End-to-End Protocol for Web Services
(Submitted on 2 May 2022 (this version), latest version 25 Sep 2022 (v5))
Abstract: We received positive feedback and inquiries on the previous work of HTTPA [10] (HTTPA/1). As a result, we present the major revision of HTTPA protocol (HTTPA/2) to protect sensitive data in HTTPA transactions from cyber attacks. Comparatively, the previous work [10] is mainly focused on how to include Remote Attestation (RA) and secret provisioning to HTTP protocol in assumption of using Transport Layer Security (TLS) across Internet. In contrast, HTTPA/2 does not need TLS protocol, such as TLS 1.3 [19], for secure communication over Internet. The design of HTTPA/2 follows SIGMA model [12] to establish an L7 trusted communication, a secure communication between trusted (attested) endpoints at L7. Different from connection-based protocol, HTTPA/2 is transaction-based in which TEEs is considered as resources to be requested via Internet. In addition to protecting sensitive data for TEE-based Services (TServices), HTTPA/2 can potentially optimize the end-to-end performance of Internet or cloud backend traffics, thus saving energy and reducing the operational costs of Cloud Service Providers (CSPs). We envision that HTTPA/2 to further enable confidential web services and trustworthy AI applications in the future.
Submission history
From: Hans Wang [view email][v1] Mon, 2 May 2022 17:37:54 GMT (289kb,D)
[v2] Fri, 20 May 2022 18:51:44 GMT (291kb,D)
[v3] Wed, 15 Jun 2022 15:44:21 GMT (291kb,D)
[v4] Fri, 17 Jun 2022 21:37:12 GMT (316kb,D)
[v5] Sun, 25 Sep 2022 20:27:35 GMT (304kb,D)
Link back to: arXiv, form interface, contact.