19
A Web Framework For Selective Encryption Richie Steigerwald

A Web Framework For Selective Encryption

  • Upload
    bary

  • View
    19

  • Download
    0

Embed Size (px)

DESCRIPTION

A Web Framework For Selective Encryption. Richie Steigerwald. Privacy on the Web. Session Cookies. Session Cookies. HTTPS. Why HTTPS is slow. HTTPS. HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL - PowerPoint PPT Presentation

Citation preview

Page 1: A Web Framework For Selective Encryption

A Web Framework For Selective Encryption

Richie Steigerwald

Page 2: A Web Framework For Selective Encryption

Privacy on the Web

Page 3: A Web Framework For Selective Encryption

Session Cookies

Page 4: A Web Framework For Selective Encryption

Session Cookies

Page 5: A Web Framework For Selective Encryption

HTTPS

Page 6: A Web Framework For Selective Encryption

Why HTTPS is slow

Page 7: A Web Framework For Selective Encryption

HTTPS• HTTPS stands for Hypertext

Transfer Protocol over Secure Socket Layer, or HTTP over SSL

• SSL acts like a sub layer under regular HTTP application layering

• HTTPS encrypts an HTTP message prior to transmission and decrypts a message upon arrival.

Application (HTTP)

Security (SSL)

Transport (TCP)

Network (TCP)

Data Link (PPP)

Physical (modem, ADSL, cable)

Page 8: A Web Framework For Selective Encryption

HTTPS

• Authentication• Integrity• Privacy

Page 9: A Web Framework For Selective Encryption

Authentication

Integrity

Privacy

Selective Encryption

• Authentication– Encrypt cookies

• Data integrity– Encrypt data checksum

• Data privacy– Encrypt private data

Page 10: A Web Framework For Selective Encryption

Authentication

• For all requests, encrypt– Cookie– Secret Code

• For all responses, encrypt– Secret Code

Page 11: A Web Framework For Selective Encryption

Integrity

• Perform authentication related encryption

• In the response, attach and encrypt checksum with secret code

Don’t read

this while I’m

presenting! If

this is

distracting

you then I

guess my presentation is pretty boring anyway. I actually wrote this presentation this morning. I hope it’s going well. Anyway, here’s something interesting: Apparently some brothel in Borneo (dunno WTF that is) was using a shaved orangutan as a sex slave. I just saw that on reddit. Maybe you’re looking at reddit right now, I don’t blame you.

*(a$TH(0et1?be912zHZ&?

Page 12: A Web Framework For Selective Encryption

Privacy

• Perform authentication related security

• Encrypt the entire request/response

SSL in the 90’s

Page 13: A Web Framework For Selective Encryption

Framework Interface

• Developers should only have to specify what level of security to use

• Framework should keep track of sessions and perform checksums automatically

Page 14: A Web Framework For Selective Encryption

Server

• Keep track of sessions– Guarantee it’s the same

person

• Checksums

• Encryption

Page 15: A Web Framework For Selective Encryption

Client

• Decrypt and verify secret code

• Decrypt and verify checksum

• Decrypt private data

• Sandbox received code

Page 16: A Web Framework For Selective Encryption

Validation

• Guarantee authenticity with near-HTTP speeds

• Guarantee integrity with speeds faster than HTTPS

Page 17: A Web Framework For Selective Encryption

Performance

• Checksum faster than encryption

Page 18: A Web Framework For Selective Encryption

Problems

• Tradeoff speed vs. privacy

• Encrypting shorter messages easier to crack

Page 19: A Web Framework For Selective Encryption

Questions


Selective Encryption Algorithm Implementation for Video ...informatika.stei.itb.ac.id/~rinaldi.munir/Penelitian/MakalahTSSA2012-02.pdf · Selective Encryption Algorithm Implementation

Selective Encryption Algorithm Implementation for Video ...informatika.stei.itb.ac.id/~rinaldi.munir/Penelitian/MakalahTSSA2012-02.pdf · Selective Encryption Algorithm Implementation

Documents
A Secure Chaotic Framework for Medical Image Encryption

A Secure Chaotic Framework for Medical Image Encryption

Documents
Encryption and the Law: The need for a legal regulatory framework for PKI

Encryption and the Law: The need for a legal regulatory framework for PKI

Documents
Complete Hard Disk Encryption Using FreeBSD's GEOM Framework

Complete Hard Disk Encryption Using FreeBSD's GEOM Framework

Documents
A Framework for Identity-Based Encryption with Almost ... · Abstract. We show a framework for constructing identity-based encryption (IBE) schemes that are (almost) tightly secure

A Framework for Identity-Based Encryption with Almost ... · Abstract. We show a framework for constructing identity-based encryption (IBE) schemes that are (almost) tightly secure

Documents
Efficient Encryption from Random Quasi-Cyclic Codes · Efficient Encryption from Random Quasi-Cyclic ... We propose a framework for constructing efficient code-based encryption

Efficient Encryption from Random Quasi-Cyclic Codes · Efficient Encryption from Random Quasi-Cyclic ... We propose a framework for constructing efficient code-based encryption

Documents
E cient Selective Identity-Based Encryption Without Random Oraclescrypto.stanford.edu/~dabo/pubs/papers/bbibe.pdf · 2011. 3. 21. · E cient Selective Identity-Based Encryption Without

E cient Selective Identity-Based Encryption Without Random Oraclescrypto.stanford.edu/~dabo/pubs/papers/bbibe.pdf · 2011. 3. 21. · E cient Selective Identity-Based Encryption Without

Documents
SELECTIVE OPENING SECURE FUNCTIONAL ENCRYPTION

SELECTIVE OPENING SECURE FUNCTIONAL ENCRYPTION

Documents
Bench-marking Framework for Transparent Data Encryption …1347966/FULLTEXT01.pdf · namely Always Encrypted, TDE and Cell Level Encryption, Dynamic Data Masking and Vormetric Transparent

Bench-marking Framework for Transparent Data Encryption …1347966/FULLTEXT01.pdf · namely Always Encrypted, TDE and Cell Level Encryption, Dynamic Data Masking and Vormetric Transparent

Documents
Robustness Analysis of Selective Image Encryption ...informatika.stei.itb.ac.id/~rinaldi.munir/Penelitian/Makalah... · Robustness Analysis of Selective Image Encryption ... of each

Robustness Analysis of Selective Image Encryption ...informatika.stei.itb.ac.id/~rinaldi.munir/Penelitian/Makalah... · Robustness Analysis of Selective Image Encryption ... of each

Documents
Over the Real-Time Selective Encryption of AVS Video Coding

Over the Real-Time Selective Encryption of AVS Video Coding

Documents
Sorption and catalysis by robust microporous metalloporphyrin … 2018.piza5.pdf · KEYWORDS: framework solid, metalloporphyrin, hydroxylation, size selective catalysis, size selective

Sorption and catalysis by robust microporous metalloporphyrin … 2018.piza5.pdf · KEYWORDS: framework solid, metalloporphyrin, hydroxylation, size selective catalysis, size selective

Documents
Metal–organic framework with optimally selective xenon

Metal–organic framework with optimally selective xenon

Documents
Selective Encryption of Human Skin in JPEG Images · 3.1. The Encryption Procedure The proposed method for selective encryption is applied in the entropy encoding stage during the

Selective Encryption of Human Skin in JPEG Images · 3.1. The Encryption Procedure The proposed method for selective encryption is applied in the entropy encoding stage during the

Documents
Robust Watermarking Framework with DCT Based Encryption

Robust Watermarking Framework with DCT Based Encryption

Documents
Encryption Protection A proposed framework for thinking ... · Encryption ≠Protection A proposed framework for thinking about file security June 9th ... HELLO my name is HELLO my

Encryption Protection A proposed framework for thinking ... · Encryption ≠Protection A proposed framework for thinking about file security June 9th ... HELLO my name is HELLO my

Documents
Guesswork and Entropy as Security Measures for Selective ...kau.diva-portal.org/smash/get/diva2:537964/FULLTEXT01.pdf · Guesswork and Entropy as Security Measures for Selective Encryption

Guesswork and Entropy as Security Measures for Selective ...kau.diva-portal.org/smash/get/diva2:537964/FULLTEXT01.pdf · Guesswork and Entropy as Security Measures for Selective Encryption

Documents
Possibility and Impossibility Results for Encryption and … · 2010-01-23 · Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening Mihir

Possibility and Impossibility Results for Encryption and … · 2010-01-23 · Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening Mihir

Documents
A New Selective Document Image Encryption Using GMM-EM and ... · selective image encryption only the significant part of the image is selected for encryption, the size of the data

A New Selective Document Image Encryption Using GMM-EM and ... · selective image encryption only the significant part of the image is selected for encryption, the size of the data

Documents
New Proof Methods for Attribute-Based Encryption ... · New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko ∗ University

New Proof Methods for Attribute-Based Encryption ... · New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko ∗ University

Documents
Operational Framework for Digital Service Providers · container, application or database level encryption techniques. Payload encryption Applicable when the product or service does

Operational Framework for Digital Service Providers · container, application or database level encryption techniques. Payload encryption Applicable when the product or service does

Documents
SIF: A Selective Instrumentation Framework for Mobile Apps

SIF: A Selective Instrumentation Framework for Mobile Apps

Documents
PROTECTION OF JPEG COMPRESSED E-COMICS BY SELECTIVE …subsol/WWW/ICIP.0913.1.pdf · PROTECTION OF JPEG COMPRESSED E-COMICS BY SELECTIVE ENCRYPTION Mickael Pinto, William Puech and

PROTECTION OF JPEG COMPRESSED E-COMICS BY SELECTIVE …subsol/WWW/ICIP.0913.1.pdf · PROTECTION OF JPEG COMPRESSED E-COMICS BY SELECTIVE ENCRYPTION Mickael Pinto, William Puech and

Documents
Low Complexity Multimedia Encryption - MECS Press … as video surveillance systems, smart phones and wireless network cameras. Selective encryption is one of the most promising techniques

Low Complexity Multimedia Encryption - MECS Press … as video surveillance systems, smart phones and wireless network cameras. Selective encryption is one of the most promising techniques

Documents
From Weakly Selective to Selective Security in Compact ... Weakly Selective to Selective Security in Compact Functional Encryption, Revisited Linfeng Zhou Cheetah Mobile Inc. Abstract

From Weakly Selective to Selective Security in Compact ... Weakly Selective to Selective Security in Compact Functional Encryption, Revisited Linfeng Zhou Cheetah Mobile Inc. Abstract

Documents
OSR F ENCRYPTION SOLUTION FRAMEWORK S DEVELOPER S … · 2018-11-02 · OSR File Encryption Solution Framework Solution Developer's Guide V1.5 e 2 1 Introduction This guide provides

OSR F ENCRYPTION SOLUTION FRAMEWORK S DEVELOPER S … · 2018-11-02 · OSR File Encryption Solution Framework Solution Developer's Guide V1.5 e 2 1 Introduction This guide provides

Documents
Selective Image Encryption Using JBIG - Uni Salzburguhl/cms05paper.pdf · Selective Image Encryption Using JBIG ... Selective encryption techniques of JBIG encoded ... and assessments

Selective Image Encryption Using JBIG - Uni Salzburguhl/cms05paper.pdf · Selective Image Encryption Using JBIG ... Selective encryption techniques of JBIG encoded ... and assessments

Documents
Selective Image Encryption of Medical Images Based on

Selective Image Encryption of Medical Images Based on

Documents
Chaotic Image Encryption via Convex Sinusoidal Map€¦ · 4 CSM-Based Encryption Framework . In this section, the CSMbased image encryption - framework is explored which consists

Chaotic Image Encryption via Convex Sinusoidal Map€¦ · 4 CSM-Based Encryption Framework . In this section, the CSMbased image encryption - framework is explored which consists

Documents
On Selective-Opening Attacks Against Encryption Schemesrafail/PUBLIC/164.pdfconstruct SIM-SO-SOA schemes. In fact, they showed that every lossy encryption scheme is SIM-SO-SOA secure

On Selective-Opening Attacks Against Encryption Schemesrafail/PUBLIC/164.pdfconstruct SIM-SO-SOA schemes. In fact, they showed that every lossy encryption scheme is SIM-SO-SOA secure

Documents