Top

Published in:

2024 | OriginalPaper | Chapter

Web Content Integrity: Tamper-Proof Websites Beyond HTTPS

Authors : Sven Zemanek, Sebastian Tauchert, Max Jens Ufer, Lilli Bruckschen

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The chapter introduces Web Content Integrity (WCI), a framework designed to cryptographically verify the integrity of web content beyond the protections offered by HTTPS. It addresses the vulnerability of web servers to tampering, which can lead to the distribution of false or misleading information, extraction of secret data, or the spread of malware. WCI ensures that visitors to a website receive only content that has not been altered by creating an index of URLs and corresponding cryptographic hashes of the content. This index is then published in the Domain Name System (DNS) alongside the domain name entries. The chapter outlines the framework's design, including the creation and verification of the WCI index, and discusses its applicability, compatibility with existing web infrastructure, potential attacks, and overheads. It also provides a migration path for dynamic websites and demonstrates the automation of the creation of necessary data structures. The chapter concludes by highlighting the benefits of WCI in providing advanced integrity guarantees for static websites and facilitating its adoption through automated tools.

AI Generated

This summary of the content was generated with the help of AI.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Business + Economics & Engineering + Technology"

Online-Abonnement

Springer Professional "Business + Economics & Engineering + Technology" gives you access to:

more than 102.000 books
more than 537 journals

from the following subject areas:

Automotive
Construction + Real Estate
Business IT + Informatics
Electrical Engineering + Electronics
Energy + Sustainability
Finance + Banking
Management + Leadership
Marketing + Sales
Mechanical Engineering + Materials
Insurance + Risk

Secure your knowledge advantage now!

inform now

Springer Professional "Engineering + Technology"

Online-Abonnement

Springer Professional "Engineering + Technology" gives you access to:

more than 67.000 books
more than 390 journals

from the following specialised fileds:

Automotive
Business IT + Informatics
Construction + Real Estate
Electrical Engineering + Electronics
Energy + Sustainability
Mechanical Engineering + Materials

Secure your knowledge advantage now!

inform now

Springer Professional "Business + Economics"

Online-Abonnement

Springer Professional "Business + Economics" gives you access to:

more than 67.000 books
more than 340 journals

from the following specialised fileds:

Construction + Real Estate
Business IT + Informatics
Finance + Banking
Management + Leadership
Marketing + Sales
Insurance + Risk

Secure your knowledge advantage now!

inform now

next chapter Privacy-Preserving Clustering for Multi-dimensional Data Randomization Under LDP

Chromium and Firefox implement DNS clients that issue their own queries and process the responses. They do not require DNS support from the underlying operating system.

Bayardo, R., Sorensen, J.: Merkle tree authentication of http responses, pp. 1182–1183 (2005). https://doi.org/10.1145/1062745.1062929

Bundesamt für Sicherheit in der Informationstechnik: Kryptographische Verfahren: Empfehlungen und Schlüssellängen (BSI TR-02102-1), Version: 2023-01 (2023)

Hoffman, P.E., Schlyter, J.: The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA. RFC 6698 (2012).https://doi.org/10.17487/RFC6698, https://www.rfc-editor.org/info/rfc6698

Mockapetris, P.V.: Domain names - implementation and specification. RFC 1035 (1987). https://doi.org/10.17487/RFC1035, https://www.rfc-editor.org/info/rfc1035

National Institute of Standards and Technology: Fips pub 180-4 – secure hash standard (shs) (2015). https://doi.org/10.6028/NIST.FIPS.180-4

Popa, R.A., Stark, E., Valdez, S., Helfer, J., Zeldovich, N., Balakrishnan, H.: Building web applications on top of encrypted data using mylar. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14) (2014)

Powell, A., Peacock, I.: Metadata: Biblink.checksum. Ariadne (17) (1998). http://www.ariadne.ac.uk/issue/17/biblink/

Reis, C., Gribble, S.D., Kohno, T., Weaver, N.C.: Detecting in-flight page changes with web tripwires. In: NSDI, vol. 8 (2008)

Sedaghat, S., Pieprzyk, J., Vossough, E.: On-the-fly web content integrity check boosts users’ confidence. Commun. ACM 45(11), 33–37 (2002)CrossRef

10.

Singh, K., Wang, H.J., Moshchuk, A., Jackson, C., Lee, W.: Practical end-to-end web content integrity. In: Proceedings of the 21st International Conference on World Wide Web (2012)

11.

Weinberger, J., Braun, F., Akhawe, D., Marier, F.: Subresource integrity. W3C recommendation, W3C (2016)

Title: Web Content Integrity: Tamper-Proof Websites Beyond HTTPS
Authors: Sven Zemanek
Sebastian Tauchert
Max Jens Ufer
Lilli Bruckschen
Publisher: Springer Nature Switzerland
Book: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-031-56325-6

Electronic ISBN: 978-3-031-56326-3

Copyright Year: 2024
DOI: https://doi.org/10.1007/978-3-031-56326-3_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Business + Economics & Engineering + Technology"

Springer Professional "Engineering + Technology"

Springer Professional "Business + Economics"