Proposed HTTPA Protocol Uses TEEs to Secure the Web

While HTTPS is becoming the default online protocol for providing a fast and secure connection for websites and applications, there is still room for improvement. The HTTPA protocol is intended to enhance online security by running code in trusted execution environments (TEEs).

Intel software engineer Gordon King and Intel Labs research scientist Hans Wang outlined the proposed protocol – HTTPS-Attestable (HTTPA) – in a paper distributed this month through ArXiv.

HTTPA enhances online security with remote attestation – a way for applications to obtain assurance that the data is being handled by trusted software in secure execution environments. Applications use certificates or cryptographic methods to verify that the code running in a server-side TEE is the expected code and that it hasn’t been modified by a rogue process, tool, or administrator.

A TEE refers to enclaves in memory where sensitive computations can be run on sensitive details. Both Intel and ARM offer hardware-based TEEs: the Intel Software Guard Extension (Intel SGX) and TrustZone. Wang and King note in the paper that SGX provides in-memory encryption to help protect the runtime computation and reduce risks of illegal leaking or modifying private information. 

"SGX also provides security assurances via remote attestation to the web client, including TCB identity, vendor identity and verification identity," the paper says.

The idea behind HTTPA is that Web services can be more secure by carrying out computations in remote TEEs and giving clients a way to verify this was done. At the moment, there is no way for the Web client to verify that the server hasn't been hijacked and that its data hasn't been maliciously modified, the researchers say. 

"With HTTPA, we can provide security assurances to establish trustworthiness with web services and ensure integrity of request handling for web users," Wang and King state in the paper.

HTTPA provides Web services a way to confirm that a client's workload will run inside the enclave using the protected code. HTTPA does not say anything about the integrity of the server, just the application. The protocol would require extending the HTTPS handshake – the initial network connection between the client and server to verify each other before sending data – to include the attestation. The protocol calls for HTTP preflight request and response, HTTP attest request and response, and HTTP trusted session request and response.

"We propose a general solution to standardize attestation over HTTPS and establish multiple trusted connections to protect and manage requested data for selected HTTP domains," King and Wang state in the paper. "Also, our solution leverages the current HTTPS protocol, so it does not introduce much complexity as other approaches."

Read more here.