Abstract
We propose Web Content Integrity, a framework that allows a service provider to guarantee the integrity of their static website, even in the face of a compromised web server. Such integrity assurances can then be used to implement a secure end-to-end encryption application built in the form of a website. Our framework encompasses developers, the Domain Name System, and web browsers. To accomplish the integrity guarantees, our framework makes use of an index of queryable URLs and allowed redirects for the website, and publishes the cryptographic hash value of the index in the DNS. Web browsers can then use the information from the DNS to verify that the resources they retrieve from the web server have not been tampered with. The required data structures can be generated automatically, and the framework introduces an initial delay of about 4 ms and a recurring delay for each request of about 2 ms for a sample website.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Chromium and Firefox implement DNS clients that issue their own queries and process the responses. They do not require DNS support from the underlying operating system.
References
Bayardo, R., Sorensen, J.: Merkle tree authentication of http responses, pp. 1182–1183 (2005). https://doi.org/10.1145/1062745.1062929
Bundesamt für Sicherheit in der Informationstechnik: Kryptographische Verfahren: Empfehlungen und Schlüssellängen (BSI TR-02102-1), Version: 2023-01 (2023)
Hoffman, P.E., Schlyter, J.: The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA. RFC 6698 (2012).https://doi.org/10.17487/RFC6698, https://www.rfc-editor.org/info/rfc6698
Mockapetris, P.V.: Domain names - implementation and specification. RFC 1035 (1987). https://doi.org/10.17487/RFC1035, https://www.rfc-editor.org/info/rfc1035
National Institute of Standards and Technology: Fips pub 180-4 – secure hash standard (shs) (2015). https://doi.org/10.6028/NIST.FIPS.180-4
Popa, R.A., Stark, E., Valdez, S., Helfer, J., Zeldovich, N., Balakrishnan, H.: Building web applications on top of encrypted data using mylar. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14) (2014)
Powell, A., Peacock, I.: Metadata: Biblink.checksum. Ariadne (17) (1998). http://www.ariadne.ac.uk/issue/17/biblink/
Reis, C., Gribble, S.D., Kohno, T., Weaver, N.C.: Detecting in-flight page changes with web tripwires. In: NSDI, vol. 8 (2008)
Sedaghat, S., Pieprzyk, J., Vossough, E.: On-the-fly web content integrity check boosts users’ confidence. Commun. ACM 45(11), 33–37 (2002)
Singh, K., Wang, H.J., Moshchuk, A., Jackson, C., Lee, W.: Practical end-to-end web content integrity. In: Proceedings of the 21st International Conference on World Wide Web (2012)
Weinberger, J., Braun, F., Akhawe, D., Marier, F.: Subresource integrity. W3C recommendation, W3C (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Zemanek, S., Tauchert, S., Ufer, M.J., Bruckschen, L. (2024). Web Content Integrity: Tamper-Proof Websites Beyond HTTPS. In: Meyer, N., Grocholewska-Czuryło, A. (eds) ICT Systems Security and Privacy Protection. SEC 2023. IFIP Advances in Information and Communication Technology, vol 679. Springer, Cham. https://doi.org/10.1007/978-3-031-56326-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-56326-3_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-56325-6
Online ISBN: 978-3-031-56326-3
eBook Packages: Computer ScienceComputer Science (R0)