Selective HTTPS traffic manipulation at middleboxes for BYOD devices

Xing Liu; Feng Qian; Zhiyun Qian

doi:10.1109/ICNP.2017.8117557

Selective HTTPS traffic manipulation at middleboxes for BYOD devices

Xing Liu, Feng Qian, Zhiyun Qian

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

HTTPS has become a vital component of the WWW ecosystem. However, today's application-layer middleboxes in the cloud are largely 'blind' to HTTPS traffic. We propose a novel system infrastructural solution, called CloudEye, that allows middleboxes to selectively manipulate HTTPS traffic. A key design philosophy of CloudEye is to hide all the complexity from client and server applications (thus being transparent to them) and to have middlebox-related functions managed by a dedicated OS service. CloudEye provides control of what information the middlebox can access through new techniques such as HTTPS tags and shadow connections, without changing the TLS/SSL or HTTP protocol. CloudEye is secure and easy to use. We implemented its prototype on Linux/Android, and demonstrated its low overhead and rich use cases on off-the-shelf mobile devices and cloud servers.

Original language	English (US)
Title of host publication	2017 IEEE 25th International Conference on Network Protocols, ICNP 2017
Publisher	IEEE Computer Society
ISBN (Electronic)	9781509065011
DOIs	https://doi.org/10.1109/ICNP.2017.8117557
State	Published - Nov 21 2017
Externally published	Yes
Event	25th IEEE International Conference on Network Protocols, ICNP 2017 - Toronto, Canada Duration: Oct 10 2017 → Oct 13 2017

Publication series

Name	Proceedings - International Conference on Network Protocols, ICNP
Volume	2017-October
ISSN (Print)	1092-1648

Other

Other	25th IEEE International Conference on Network Protocols, ICNP 2017
Country	Canada
City	Toronto
Period	10/10/17 → 10/13/17

Access

10.1109/ICNP.2017.8117557

Fingerprint Dive into the research topics of 'Selective HTTPS traffic manipulation at middleboxes for BYOD devices'. Together they form a unique fingerprint.

Cite this

Selective HTTPS traffic manipulation at middleboxes for BYOD devices. / Liu, Xing; Qian, Feng; Qian, Zhiyun.

2017 IEEE 25th International Conference on Network Protocols, ICNP 2017. IEEE Computer Society, 2017. 8117557 (Proceedings - International Conference on Network Protocols, ICNP; Vol. 2017-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Liu, X, Qian, F & Qian, Z 2017, Selective HTTPS traffic manipulation at middleboxes for BYOD devices. in 2017 IEEE 25th International Conference on Network Protocols, ICNP 2017., 8117557, Proceedings - International Conference on Network Protocols, ICNP, vol. 2017-October, IEEE Computer Society, 25th IEEE International Conference on Network Protocols, ICNP 2017, Toronto, Canada, 10/10/17. https://doi.org/10.1109/ICNP.2017.8117557

@inproceedings{2e72cfcae0a24c0885e32dbbccd1298d,

title = "Selective HTTPS traffic manipulation at middleboxes for BYOD devices",

abstract = "HTTPS has become a vital component of the WWW ecosystem. However, today's application-layer middleboxes in the cloud are largely 'blind' to HTTPS traffic. We propose a novel system infrastructural solution, called CloudEye, that allows middleboxes to selectively manipulate HTTPS traffic. A key design philosophy of CloudEye is to hide all the complexity from client and server applications (thus being transparent to them) and to have middlebox-related functions managed by a dedicated OS service. CloudEye provides control of what information the middlebox can access through new techniques such as HTTPS tags and shadow connections, without changing the TLS/SSL or HTTP protocol. CloudEye is secure and easy to use. We implemented its prototype on Linux/Android, and demonstrated its low overhead and rich use cases on off-the-shelf mobile devices and cloud servers.",

author = "Xing Liu and Feng Qian and Zhiyun Qian",

year = "2017",

month = nov,

day = "21",

doi = "10.1109/ICNP.2017.8117557",

language = "English (US)",

series = "Proceedings - International Conference on Network Protocols, ICNP",

publisher = "IEEE Computer Society",

booktitle = "2017 IEEE 25th International Conference on Network Protocols, ICNP 2017",

note = "25th IEEE International Conference on Network Protocols, ICNP 2017 ; Conference date: 10-10-2017 Through 13-10-2017",

}

TY - GEN

T1 - Selective HTTPS traffic manipulation at middleboxes for BYOD devices

AU - Liu, Xing

AU - Qian, Feng

AU - Qian, Zhiyun

PY - 2017/11/21

Y1 - 2017/11/21

N2 - HTTPS has become a vital component of the WWW ecosystem. However, today's application-layer middleboxes in the cloud are largely 'blind' to HTTPS traffic. We propose a novel system infrastructural solution, called CloudEye, that allows middleboxes to selectively manipulate HTTPS traffic. A key design philosophy of CloudEye is to hide all the complexity from client and server applications (thus being transparent to them) and to have middlebox-related functions managed by a dedicated OS service. CloudEye provides control of what information the middlebox can access through new techniques such as HTTPS tags and shadow connections, without changing the TLS/SSL or HTTP protocol. CloudEye is secure and easy to use. We implemented its prototype on Linux/Android, and demonstrated its low overhead and rich use cases on off-the-shelf mobile devices and cloud servers.

AB - HTTPS has become a vital component of the WWW ecosystem. However, today's application-layer middleboxes in the cloud are largely 'blind' to HTTPS traffic. We propose a novel system infrastructural solution, called CloudEye, that allows middleboxes to selectively manipulate HTTPS traffic. A key design philosophy of CloudEye is to hide all the complexity from client and server applications (thus being transparent to them) and to have middlebox-related functions managed by a dedicated OS service. CloudEye provides control of what information the middlebox can access through new techniques such as HTTPS tags and shadow connections, without changing the TLS/SSL or HTTP protocol. CloudEye is secure and easy to use. We implemented its prototype on Linux/Android, and demonstrated its low overhead and rich use cases on off-the-shelf mobile devices and cloud servers.

UR - http://www.scopus.com/inward/record.url?scp=85041418021&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85041418021&partnerID=8YFLogxK

U2 - 10.1109/ICNP.2017.8117557

DO - 10.1109/ICNP.2017.8117557

M3 - Conference contribution

AN - SCOPUS:85041418021

T3 - Proceedings - International Conference on Network Protocols, ICNP

BT - 2017 IEEE 25th International Conference on Network Protocols, ICNP 2017

PB - IEEE Computer Society

T2 - 25th IEEE International Conference on Network Protocols, ICNP 2017

Y2 - 10 October 2017 through 13 October 2017

ER -