WebTrust - A Comprehensive Authenticity and Integrity Framework for HTTPMichael Backes; Rainer W. Gerling; Sebastian Gerling; Stefan Nürnberger; Dominique Schröder; Mark Simkin
In: ACNS. International Conference on Applied Cryptography and Network Security (ACNS-2014), June 10-13, Lausanne, Switzerland, Pages 401-418, Lecture Notes in Computer Science (LNCS), Vol. 8479, Springer, 2014.
HTTPS is the standard for confidential and integrity-protected communication on the Web. However, it authenticates the server, not its content. We present WebTrust, the first comprehensive authenticity and integrity framework that allows on-the-fly verification of static, dynamic, and real-time streamed Web content from untrusted servers. Our framework seamlessly integrates into HTTP and allows to validate streamed content progressively at arrival. Our performance results demonstrate both the practicality and efficiency of our approach.