Abstract
With the ever-increasing concern in network security and privacy, a major portion of Internet traffic is encrypted now. Recent research shows that more than 70% of Internet content is transmitted using HyperText Transfer Protocol Secure (HTTPS). However, HTTPS encryption eliminates the advantages of many intermediate services like the caching proxy, which can significantly degrade the performance of web content delivery. We argue that these restrictions lead to the need for other mechanisms to access sites quickly and safely. In this paper, we introduce QoS3, which is a protocol that can overcome such limitations by allowing clients to explicitly and securely re-introduce in-network caching proxies using fine-grained trust delegation without compromising the integrity of the HTTPS content and modifying the format of Transport Layer Security (TLS). In QoS3, we classify web page contents into two types: (1) public contents that are common for all users, which can be stored in the caching proxies, and (2) private contents that are specific for each user. Correspondingly, QoS3 establishes two separate TLS connections between the client and the web server for them. Specifically, for private contents, QoS3 just leverages the original HTTPS protocol to deliver them, without involving any middlebox. For public contents, QoS3 allows clients to delegate trust to specific caching proxy along the path, thereby allowing the clients to use the cached contents in the caching proxy via a delegated HTTPS connection. Meanwhile, to prevent Man-in-the-Middle (MitM) attacks on public contents, QoS3 validates the public contents by employing Document object Model (DoM) object-level checksums, which are delivered through the original HTTPS connection. We implement a prototype of QoS3 and evaluate its performance in our testbed. Experimental results show that QoS3 provides acceleration on page load time ranging between 30% and 64% over traditional HTTPS with negligible overhead. Moreover, QoS3 is deployable since it requires just minor software modifications to the server, client, and the middlebox.
Highlights
To protect users’ privacy and information security, many services on the Internet such as Twitter, Facebook, and Google offer access only through HyperText Transfer Protocol Secure (HTTPS) that provides data encryption
In QoS3 design, we aim to make the QoS3 compatible with current infrastructure with minimal changes to the existing software/protocol. e QoS3 features should follow and satisfy the level of the security offered by the original Transport Layer Security (TLS) and at the same time allow the middlebox to have access to the public content in a specific HTTPS connection without enabling it to add any modifications to the public content. e client should be able to authenticate the middlebox and know that the middlebox is in the link between endpoints
We find that QoS3 plugin in the client side creates the two HTTPS connections with the two different contexts successfully without any errors. e .html files are received via the direct HTTPS connection and the objects tagged as public are served over the delegated HTTPS connection. e proxy server is successfully trusted by the client, and it can cache the public objects. e server can serve the web page successfully, and the checksums are sent to the client via the direct connection successfully
Summary
To protect users’ privacy and information security, many services on the Internet such as Twitter, Facebook, and Google offer access only through HTTPS that provides data encryption. In the HTTPS protocol, the TLS becomes the mainstream end-to-end encryption standard for web content transmission since it provides (1) data integrity and authenticity, (2) data privacy and confidentiality, and (3) server/client authentication. Ey provide advantages to the Internet Service Providers (ISPs) by improving the network utilization, which can be increased by 33% [3, 4]. The sessions on the Internet are enhanced by useful modules along the path between the endpoints, which provide innetwork optimization services such as caching, parental filtering, intrusion detection, and optimizations to the web content such as data compression and transcoding. These benefits will be lost when employing TLS. The client authenticates the server by using the Public Key Infrastructure (PKI) and sometimes the server authenticates the client using the same mechanism. e PKI is used for key exchange in order to create a secure connection between the endpoints
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
