We received positive feedback and inquiries on the previous version of HTTPA [11](HTTPA/1). As a result, we present a major revision of the HTTPA protocol (HTTPA/2) to protect sensitive data in HTTPA transactions from cyber attacks. Comparatively, the previous work [11] is mainly focused on how to include remote attestation (RA) and secret provisioning to the HTTP protocol with Transport Layer Security (TLS) protection across the Internet, which is great, but it comes at a price. In contrast, HTTPA/2 is not necessary to rely on the TLS protocol, such as TLS 1.3 [20], for secure communication over the Internet. The design of HTTPA/2 follows the SIGMA model [13] to establish a trusted (attested) and secure communication context between endpoints at layer 7 (L7) of the OSI model. Different from connection-based protocols, HTTPA/2 is transaction-based in which the TEE is considered to be a new type of requested resource over the Internet. In addition to protecting sensitive data transmitted to TEE-based services (TServices), HTTPA/2 can potentially be used to optimize the end-to-end performance of Internet or cloud backend traffic, thus saving energy and reducing the operational costs of Cloud Service Providers (CSPs). We envision that HTTPA/2 will further enable confidential web services and trustworthy AI applications in the future.
View on arXiv