Hypertext Transfer Protocol Secure (HTTPS) protocol has become an integral part of modern Internet technology. Currently, it is the primary protocol for commercialized web applications. It can provide a fast, secure connection with a certain level of privacy and integrity, and it has become a basic assumption on most web services on the Internet. However, HTTPS alone cannot provide security assurances on request data in computing, so the computing environment remains uncertain of risks and vulnerabilities. A hardware-based trusted execution environment (TEE) such as Intel Software Guard Extension (Intel SGX) or Intel Trust Domain Extensions (Intel TDX) provides in-memory encryption to help protect runtime computation to reduce risks of illegal leaking or modifying private information. (Note that we use SGX as an example for illustration in the following texts.) The central concept of SGX enables computation inside an enclave, a protected environment that encrypts the codes and data pertaining to a security-sensitive computation. In addition, SGX provides security assurances via remote attestation to the web client to verify, including TCB identity, vendor identity, and verification identity. Here, we propose an HTTP protocol extension, called HTTPS Attestable (HTTPA), by including a remote attestation process onto the HTTPS protocol to address the privacy and security concerns on the web and the access of trust over the Internet. With HTTPA, we can provide security assurances for verification to establish trustworthiness with web services and ensure the integrity of request handling for web users. We expect that remote attestation will become a new trend adopted to reduce the security risks of web services. We propose the HTTPA protocol to unify the web attestation and accessing Internet services in a standard and efficient way.
翻译:超文本传输协议安全(HTTPS)协议已成为现代互联网技术的一个组成部分。目前,它已成为商业化网络应用程序的主要协议。它可以提供快速、安全的网络应用程序连接,提供某种程度的隐私和完整性的安全连接,并成为互联网上大多数网络服务的基本假设。然而,光是HTTPS无法提供所要求的计算机数据方面的安全保证,因此计算环境仍然不确定。英特尔软件保护扩展(Intel SGX)或英特尔信托扩展(Intel TDX)等基于硬件的可信赖的执行环境(TEE)提供模拟加密,帮助保护运行时间的计算,以减少非法泄露或修改私人信息的风险。(注意我们使用SGX作为以下文本中的示例。 )SGX的核心概念使得可以在飞地内进行计算,一个受保护的环境,将编码和数据加密安全敏感计算。此外,SDX通过远程认证向网络客户提供安全保障保证,以核实包括TB身份、供应商身份、网络运行趋势计算,并核查HPS的互联网安全访问程序。我们建议HTPS的网络安全访问程序向HTTT的网络安全保密安全保密认证提供保密服务。