Date of Award

9-2014

Embargo Period

1-22-2015

Degree Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Electrical and Computer Engineering

Advisor(s)

Collin Jackson

Second Advisor

Patrick Tague

Abstract

Network intermediaries relay traffic between web servers and clients, and are often deployed on the Internet to provide improved performance or security. Unfortunately, network intermediaries can actually do more harm than good. In this thesis, we articulate the dangers of network intermediaries, which motivates the need for pervasive encryption. We further seek to understand the reasons why encryption isn't more widely deployed and fix them. The existence of network intermediaries makes web security particularly challenging, considering that network intermediaries may operate (1) erroneously, or (2) maliciously. We verified that 7% of Internet users are behind proxies that allow either IP hijacking attacks or cache poisoning attacks, and that 0.2% of encrypted connections on a large global website were intercepted without authorization. While the need for encryption is clear, many websites have not deployed Transport Layer Security (TLS) due to performance concerns. We identified three opportunities to reduce the performance overhead of TLS without sacrificing security: (1) prefetching and prevalidating certificates, (2) using short-lived certificates and (3) configuring elliptic curve cryptography for forward secrecy.

Share

COinS