NeTS: Small: Collaborative Research: Practical HTTPS Traffic Manipulation At Middleboxes

NetS：小型：协作研究：中间盒的实用 HTTPS 流量操纵

• 批准号: 1619391
• 负责人: Zhiyun Qian
• 金额: $ 14万
• 依托单位: University of California-Riverside
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-10-01 至 2020-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1619391&HistoricalAwards=false
• 关键词: NeTS; Small; Collaborative; Research; Practical

Use of encrypted Web traffic is growing at an unprecedented rate. While enhancing user privacy, Secure Hypertext Transfer Protocol (HTTPS) makes it difficult for middleboxes that are commonly used by Internet service providers and mobile carriers to operate, because numerous beneficial middlebox functions (e.g., caching, web page optimization) rely on accessing the unencrypted traffic content. To overcome this challenge, this project develops a system aiming for a practical, ready-to-deploy solution that allows middleboxes to selectively inspect and manipulate HTTPS traffic while still respect the privacy requirements of users. This research will lead to new and continuous innovations in network services that are hard or impossible to achieve today. The system has two prominent features. First, it is only deployed at client hosts as an operating system (OS) service, as well as on middleboxes. In addition to being transparent to applications, it does not change the encryption protocol or anything on the server side. Therefore, the system can be easily deployed by, for example, regular OS update pushed by mobile carriers. Second, the system allows clients to control what information the middlebox can access. Doing so provides least privileges to middleboxes for performing their functions. In addition, the proposed system is easy to use, secure, and incurs low overhead. Developing these technologies will facilitate our understanding of the possible design space to allow coordinated, secure, and efficient manipulation of HTTPS traffic, ultimately leading to improved Internet user experience and privacy. The PIs will incorporate knowledge and results developed in this project into both undergraduate and graduate courses in networking, mobile computing and network security.

加密网络流量的使用正在以前所未有的速度增长。在增强用户隐私的同时，安全超文本传输​​协议 (HTTPS) 使得互联网服务提供商和移动运营商常用的中间件难以运行，因为许多有益的中间件功能（例如缓存、网页优化）都依赖于访问未加密的数据。流量内容。为了克服这一挑战，该项目开发了一个系统，旨在提供实用的、可立即部署的解决方案，允许中间件有选择地检查和操纵 HTTPS 流量，同时仍然尊重用户的隐私要求。这项研究将带来网络服务方面的新的、持续的创新，而这在今天很难或不可能实现。该系统有两个突出的特点。首先，它仅作为操作系统 (OS) 服务部署在客户端主机以及中间盒上。除了对应用程序透明之外，它不会更改加密协议或服务器端的任何内容。因此，该系统可以通过例如移动运营商定期推送的操作系统更新来轻松部署。其次，系统允许客户端控制中间件可以访问哪些信息。这样做为中间件提供执行其功能的最小权限。此外，所提出的系统易于使用、安全且开销低。开发这些技术将有助于我们了解可能的设计空间，以允许协调、安全和高效地操纵 HTTPS 流量，最终改善互联网用户体验和隐私。 PI 将把该项目中开发的知识和成果融入到网络、移动计算和网络安全方面的本科生和研究生课程中。