Practical End-to-End Web Content Integrity

The widespread growth of open wireless hot spots has made it very easy for network attackers to carry out man-in-the-middle attacks and impersonate web sites. End-to-end security between a user’s web browser and web sites is ever more needed to allow meaningful enforcement of the same-origin policy on the web browser platform. Although HTTPS can be used to prevent such attacks, its universal adoption by web sites is hindered by its performance cost and its inability to be cached at intermediate servers (such as CDN servers and cache proxies) while maintaining end-to-end security. With significant and increasing amount of web content being cacheable, HTTPS is not the complete answer to an end-to-end secure web.

In this paper, we observe that only end-to-end authentication and integrity are required for the browser platform to meaningfully enforce the same-origin policy. Without end-to-end confidentiality, content can be cached. In light of this observation, we propose a new protocol, HTTPi, which offers only end-to-end authentication and integrity. HTTPi works seamlessly with and benefits from the existing web caching infrastructure. It performs content signing while preserving progressive content loading supported by browsers. Because content signing can be done offline, HTTPi incurs negligible overhead over HTTP. We advocate that sites use HTTPS for requests that require end-to-end confidentiality, and HTTPi for all other requests. Our prototype and evaluation experience show that HTTPi is practical for adoption.