Welcome to the InfoSci Platform
HTTPV: Verifiable HTTP across an Untrusted Channel

HTTPV: Verifiable HTTP across an Untrusted Channel

Subrata Acharya
Copyright: © 2014 |Pages: 12
ISBN13: 9781466647893|ISBN10: 1466647892|EISBN13: 9781466647909
DOI: 10.4018/978-1-4666-4789-3.ch006
Cite Chapter Cite Chapter

MLA

Acharya, Subrata. "HTTPV: Verifiable HTTP across an Untrusted Channel." Network Security Technologies: Design and Applications, edited by Abdelmalek Amine, et al., IGI Global, 2014, pp. 84-95. https://doi.org/10.4018/978-1-4666-4789-3.ch006

APA

Acharya, S. (2014). HTTPV: Verifiable HTTP across an Untrusted Channel. In A. Amine, O. Mohamed, & B. Benatallah (Eds.), Network Security Technologies: Design and Applications (pp. 84-95). IGI Global. https://doi.org/10.4018/978-1-4666-4789-3.ch006

Chicago

Acharya, Subrata. "HTTPV: Verifiable HTTP across an Untrusted Channel." In Network Security Technologies: Design and Applications, edited by Abdelmalek Amine, Otmane Ait Mohamed, and Boualem Benatallah, 84-95. Hershey, PA: IGI Global, 2014. https://doi.org/10.4018/978-1-4666-4789-3.ch006

Export Reference

Mendeley
Favorite

Abstract

There is a need to be able to verify plaintext HTTP content transfers. Common sense dictates authentication and sensitive content should always be protected by SSL/HTTPS, but there is still great exploitation potential in the modification of static content in transit. Pre-computed signatures and client-side verification offers integrity protection of HTTP content in applications where SSL is not feasible. In this chapter, the authors demonstrate a mechanism by which a Web browser or other HTTP client can verify that content transmitted over an untrusted channel has not been modified. Verifiable HTTP is not intended to replace SSL. Rather, it is intended to be used in applications where SSL is not feasible, specifically, when serving high-volume static content and/or content from non-secure sources such as Content Distribution Networks. Finally, the authors find content verification is effective with server-side overhead similar to SSL. With future optimization such as native browser support, content verification could achieve comparable client-side efficiency.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.