direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

End-to-End Entity-body Confidentiality and Integrity for HTTP

Description:

Secure the Web! Current confidentiality and integrity solutions show drawbacks in Cloud Computing scenarios, such as HTTP/TLS where many HTTP intermediaries have access to the plaintext of an HTTP message, even if they only need the header data. Some examples are Amazon Elastic Load Balancing or the HAProxy used in Redhat OpenShift. We propose the Trusted Cloud Transfer Protocol (TCTP) to enable entity-body confidentiality and integrity for HTTP. TCTP utilizes TLS at the application layer for end-to-end security between user agents and origin servers. The protocol is designed in such a way, that each TCTP-secured message is itself a valid HTTP/1.1 message, so that no intermediary has to be modified to support TCTP. This makes the immediate adoption in existing production environments possible. As we rely on the mature TLS protocol, we hope to minimize the risk of TCTP introducing new security issues into solutions using it. This project is your chance to be one of the first to implement TCTP software, i.e., extensions for user agents or application server frameworks, and help us securing the web.

Tasks:

  • Analyze state-of-the-art technologies, such as TLS, HTTP and TCTP
  • Broaden your knowledge of browser extension APIs and application server frameworks
  • Design, implement and evaluate TCTP software

Requirements:

  • Proficiency in object oriented programming languages, such as Java, C++, C# or Ruby
  • Knowledge of web technologies, esp. HTTP
  • Basic comprehension of computer security, esp. TLS
  • Any implementation know-how regarding either browser extensions (e.g., Firefox, Chrome, Internet Explorer) or application server frameworks (e.g., Ruby on Rails, Spring MVC, Grails)

Supervisors:

,

Zusatzinformationen / Extras

Quick Access:

Schnellnavigation zur Seite über Nummerneingabe

TU Berlin - Service-centric Networking - TEL 19
Ernst-Reuter-Platz 7
10587 Berlin, Germany
Phone: +49 30 8353 58811
Fax: +49 30 8353 58409