HTTPA/2: a Trusted End-to-End Protocol for Web Services

We received positive feedback and inquiries on the previous work of HTTPA [10] (HTTPA/1). As a result, we present the major revision of HTTPA protocol (HTTPA/2) to protect sensitive data in HTTPA transactions from cyber attacks. Comparatively, the previous work [10] is mainly focused on how to include Remote Attestation (RA) and secret provisioning to HTTP protocol in assumption of using Transport Layer Security (TLS) across Internet. In contrast, HTTPA/2 does not need TLS protocol, such as TLS 1.3 [19], for secure communication over Internet. The design of HTTPA/2 follows SIGMA model [12] to establish an L7 trusted communication, a secure communication between trusted (attested) endpoints at L7. Different from connection-based protocol, HTTPA/2 is transaction-based in which TEEs is considered as resources to be requested via Internet. In addition to protecting sensitive data for TEE-based Services (TServices), HTTPA/2 can potentially optimize the end-to-end performance of Internet or cloud backend traffics, thus saving energy and reducing the operational costs of Cloud Service Providers (CSPs). We envision that HTTPA/2 to further enable confidential web services and trustworthy AI applications in the future.