SSL splitting and barnraising : cooperative caching with authenticity guarantees

• Main Author: Lesniewski-Laas, Christopher T. (Christopher Tur), 1980-
• Other Authors: M. Frans Kaashoek.
• Format: Others
• Language: English
• Published: Massachusetts Institute of Technology 2005
• Subjects: Electrical Engineering and Computer Science.
• Online Access: http://hdl.handle.net/1721.1/16981

Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2003. === Includes bibliographical references (p. 35-37). === This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. === SSL splitting is a cryptographic technique to guarantee that public data served by caching Web proxies is endorsed by the originating server. When a client makes a request, the trusted server generates a stream of authentication records and sends them to the untrusted proxy, which combines them with a stream of data records retrieved from its local cache. The combined stream is relayed to the client, a standard Web browser, which verifies the data's integrity. Since the combined stream simulates a normal Secure Sockets Layer (SSL) [7] connection, SSL splitting works with unmodified browsers; however, since it does not provide confidentiality, it is appropriate for applications that require only authentication. The server must be linked to a patched version of the industry-standard OpenSSL library; no other server modifications are necessary. In experiments replaying two-hour access.log traces taken from LCS Web sites over a DSL link, SSL splitting reduces bandwidth consumption of the server by between 25% and 90% depending on the warmth of the cache and the redundancy of the trace. Uncached requests forwarded through the proxy exhibit latencies within approximately 5% of those of an unmodified SSL server. === by Christopher T. Lesniewski-Laas. === M.Eng.