We received positive feedback and inquiries on the previous work of HTTPA [10] (HTTPA/1). As a result, we present the major revision of HTTPA protocol (HTTPA/2) to protect sensitive data in HTTPA transactions from cyber attacks. Comparatively, the previous work [10] is mainly focused on how to include Remote Attestation (RA) and secret provisioning to HTTP protocol in assumption of using Transport Layer Security (TLS) across Internet. In contrast, HTTPA/2 does not need TLS protocol, such as TLS 1.3 [19], for secure communication over Internet. The design of HTTPA/2 follows SIGMA model [12] to establish an L7 trusted communication, a secure communication between trusted (attested) endpoints at L7. Different from connection-based protocol, HTTPA/2 is transaction-based in which TEEs is considered as resources to be requested via Internet. In addition to protecting sensitive data for TEE-based Services (TServices), HTTPA/2 can potentially optimize the end-to-end performance of Internet or cloud backend traffics, thus saving energy and reducing the operational costs of Cloud Service Providers (CSPs). We envision that HTTPA/2 to further enable confidential web services and trustworthy AI applications in the future.
翻译:我们收到了关于HTTPA以前工作的积极反馈和询问(HTTPA/1)(HTPA/1)(HTTPA/1)(HTPA/1)(HTPA/2)。因此,我们介绍了对HTTPA协议(HTPA)的主要修订(HTTPA/2),以保护HTTPA交易中的敏感数据,防止网络攻击。比较而言,以前的工作(10)主要侧重于如何将远程登记(RA)和HTTPP协议秘密条款纳入HTTPA协议,假设在互联网上使用运输层安全(TLS),而HTTPA/2协议不需要TLS 1.3 [19]等TLS协议,以便在因特网上进行安全通信。HTTPA/2的设计遵循SIGMA模式[12],以建立L7信任通信,在L7.可靠(测试过的)端点之间建立安全通信。 HTTPA/2基于交易,其中将TEE视为通过互联网使用运输层安全系统(TS)请求的资源。除了保护基于TEE服务的敏感数据外,HTTPPA可以优化互联网或云端后端交通的终端运行,从而进一步节省能源,并降低未来可信任的互联网服务。