Skip to main content

InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

Publication ,  Conference
Lin, S; Xin, R; Goel, A; Yang, X
Published in: Proceedings of the ACM Conference on Computer and Communications Security
November 7, 2022

In today's web ecosystem, a website that uses a Content Delivery Network (CDN) shares its Transport Layer Security (TLS) private key or session key with the CDN. In this paper, we present the design and implementation of InviCloak, a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN. InviCloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure to distribute a new public key associated with a website's domain name. A web client and a website can use the new key pair to build an encryption channel inside TLS. InviCloak accommodates the current web ecosystem. A website can deploy InviCloak unilaterally without a client's involvement to prevent a passive attacker inside a CDN from eavesdropping on their communications. If a client also installs InviCloak's browser extension, the client and the website can achieve end-to-end confidential and untampered communications in the presence of an active attacker inside a CDN. Our evaluation shows that InviCloak increases the median page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution.

Duke Scholars

Altmetric Attention Stats
Dimensions Citation Stats

Published In

Proceedings of the ACM Conference on Computer and Communications Security

DOI

ISSN

1543-7221

Publication Date

November 7, 2022

Start / End Page

1947 / 1961
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Lin, S., Xin, R., Goel, A., & Yang, X. (2022). InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 1947–1961). https://doi.org/10.1145/3548606.3559336
Lin, S., R. Xin, A. Goel, and X. Yang. “InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution.” In Proceedings of the ACM Conference on Computer and Communications Security, 1947–61, 2022. https://doi.org/10.1145/3548606.3559336.
Lin S, Xin R, Goel A, Yang X. InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution. In: Proceedings of the ACM Conference on Computer and Communications Security. 2022. p. 1947–61.
Lin, S., et al. “InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution.” Proceedings of the ACM Conference on Computer and Communications Security, 2022, pp. 1947–61. Scopus, doi:10.1145/3548606.3559336.
Lin S, Xin R, Goel A, Yang X. InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution. Proceedings of the ACM Conference on Computer and Communications Security. 2022. p. 1947–1961.

Published In

Proceedings of the ACM Conference on Computer and Communications Security

DOI

ISSN

1543-7221

Publication Date

November 7, 2022

Start / End Page

1947 / 1961