Conference paper

CREHMA: Cache-aware REST-ful HTTP Message Authentication


Authors listNguyen, Hoai Viet; Lo Iacono, Luigi

Appeared inCODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

Editor listRoussev, Vassil

Publication year2020

Pages49-60

eISBN978-1-4503-7107-0

DOI Linkhttps://doi.org/10.1145/3374664.3375750

Conference10th ACM Conference on Data and Application Security and Privacy (CODASPY '20)


Abstract

Scalability and security are two important elements of contemporary distributed software systems. The Web vividly shows that while complying with the constraints defined by the architectural style REST, the layered design of software with intermediate systems enables to scale at large. Intermediaries such as caches, however, interfere with the security guarantees of the industry standard for protecting data in transit on the Web, TLS, as in these circumstances the TLS channel already terminates at the intermediate system's server. For more in-depth defense strategies, service providers require message-oriented security means in addition to TLS. These are hardly available and only in the form of HTTP signature schemes that do not take caches into account either. In this paper we introduce CREHMA, a REST-ful HTTP message signature scheme that guarantees the integrity and authenticity of Web assets from end-to-end while simultaneous allowing service providers to enjoy the benefits of Web caches. Decisively, CREHMA achieves these guarantees without having to trust on the integrity of the cache and without requiring making changes to existing Web caching systems. In extensive experiments we evaluated CREHMA and found that it only introduces marginal impacts on metrics such as latency and data expansion while providing integrity protection from end to end. CREHMA thus extends the possibilities of service providers to achieve an appropriate balance between scalability and security.




Citation Styles

Harvard Citation styleNguyen, H. and Lo Iacono, L. (2020) CREHMA: Cache-aware REST-ful HTTP Message Authentication, in Roussev, V. (ed.) CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy. New York, NY: Association for Computing Machinery. pp. 49-60. https://doi.org/10.1145/3374664.3375750

APA Citation styleNguyen, H., & Lo Iacono, L. (2020). CREHMA: Cache-aware REST-ful HTTP Message Authentication. In Roussev, V. (Ed.), CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy. (pp. 49-60). Association for Computing Machinery. https://doi.org/10.1145/3374664.3375750


Last updated on 2025-05-08 at 13:36