TU Berlin

Service-centric NetworkingEnd-to-End Entity-body Confidentiality and Integrity for HTTP (Kopie 1)

Page Content

to Navigation

End-to-End Entity-body Confidentiality and Integrity for HTTP

Description:

Secure the Web! Current confidentiality and integrity solutions show drawbacks in Cloud Computing scenarios, such as HTTP/TLS where many HTTP intermediaries have access to the plaintext of an HTTP message, even if they only need the header data. Some examples are Amazon Elastic Load Balancing or the HAProxy used in Redhat OpenShift. We propose the Trusted Cloud Transfer Protocol (TCTP) to enable entity-body confidentiality and integrity for HTTP. TCTP utilizes TLS at the application layer for end-to-end security between user agents and origin servers. The protocol is designed in such a way, that each TCTP-secured message is itself a valid HTTP/1.1 message, so that no intermediary has to be modified to support TCTP. This makes the immediate adoption in existing production environments possible. As we rely on the mature TLS protocol, we hope to minimize the risk of TCTP introducing new security issues into solutions using it. This project is your chance to be one of the first to implement TCTP software, i.e., extensions for user agents or application server frameworks, and help us securing the web.

Tasks:

  • Analyze state-of-the-art technologies, such as TLS, HTTP and TCTP
  • Broaden your knowledge of browser extension APIs and application server frameworks
  • Design, implement and evaluate TCTP software

Requirements:

  • Proficiency in object oriented programming languages, such as Java, C++, C# or Ruby
  • Knowledge of web technologies, esp. HTTP
  • Basic comprehension of computer security, esp. TLS
  • Any implementation know-how regarding either browser extensions (e.g., Firefox, Chrome, Internet Explorer) or application server frameworks (e.g., Ruby on Rails, Spring MVC, Grails)

Supervisors:

,

Navigation

Quick Access

Schnellnavigation zur Seite über Nummerneingabe