Proposed HTTPA Protocol Uses TEEs to Secure the Web
While HTTPS is becoming the default online protocol for providing a fast and secure connection for websites and applications, there is still room for improvement. The HTTPA protocol is intended to enhance online security by running code in trusted execution environments (TEE).
Intel software engineer Gordon King and Intel Labs research scientist Hans Wang outlined the proposed protocol – HTTPS-Attestable (HTTPA) – in a paper distributed this month through ArXiv.
HTTPA enhances online security with remote attestation – a way for applications to obtain assurance that the data is being handled by trusted software in secure execution environments. Applications use certificates or cryptographic methods to verify that the code running in a server-side TEE is the expected code, and that it hasn’t been modified by a rogue process, tool or administrator.
TEE refer to enclaves in memory where sensitive computations run can be used to perform computations on sensitive details. Both Intel and Arm offers hardware-based TEE, the Intel Software Guard Extension (Intel SGX) and TrustZone. Wang and King note in the paper that SGX provides in-memory encryption to help protect the runtime computation to reduce risks of illegal leaking or modifying private information. “SGX also provides provide security assurances via remote attestation to the web client, including TCB identity, vendor identity and verification identity,” the paper says.
The idea behind HTTPA is that web services can be more secure by carrying out computations in remote TEEs and giving clients a way to verify that this was done. At the moment, there is no way for the web client to verify that the server hasn’t been hijacked and that the data from the server hasn’t been maliciously modified, the researchers say.
“With HTTPA, we can provide security assurances to establish trustworthiness with web services and ensure integrity of request handling for web users,” Wang and King write in the paper.
HTTPA provides web services a way to confirm that the client’s workloads will run inside the enclave using the protected code. HTTPA does not say anything about the integrity of the server, just the application. The protocol would require extending the HTTPS handshake, the initial network connection between the client and server to verify each other before sending data, to include the attestation. The protocol calls for HTTP preflight request and response, HTTP attest request and response, and HTTP trusted session request and response.
“We propose a general solution to standardize attestation over HTTPS and establish multiple trusted connections to protect and manage requested data for selected HTTP domains,” King and Wang say in the paper. “Also, our solution leverage the current HTTPS protocol, so it does not introduce much complexity as other approaches.”
Read more here.
Read More HERE