Skip to main content

Evaluating and Improving Browser Encryption

Researchers: Collin Jackson, Lin-Shung Huang, Eric Chen

Cross Cutting Thrusts: Software Security | Usable Privacy and Security

Abstract

Scope: This project will make browser encryption faster and easier to use, helping web sites prevent active network attacks that rely on executing code received over an insecure network. Outcomes: We are investigating a technique for pre-fetching and pre-validation of HTTPS certificates to improve the performance of HTTPS handshake. We are also proposing a new cache-friendly variant of HTTPS for documents that require integrity but not secrecy. Our study of intermediate web cache behavior has uncovered critical vulnerabilities in the HTML5 Web Sockets protocol.