W3Bcrypt: encryption as a stylesheet

Authors:
Angelos Stavrou;Michael E. Locasto;Angelos D. Keromytis
Affiliations:
Department of Computer Science, Columbia University, New York, NY;Department of Computer Science, Columbia University, New York, NY;Department of Computer Science, Columbia University, New York, NY
Venue:
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Year:
2006

Citing 9
Cited 1

Model-Carrying Code (MCC): a new paradigm for mobile-code security

Proceedings of the 2001 workshop on New security paradigms
Building a Secure Web Browser

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Trusted Paths for Browsers

Proceedings of the 11th USENIX Security Symposium
SSLACC: A Clustered SSL Accelerator

Proceedings of the 11th USENIX Security Symposium
Using client puzzles to protect TLS

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Remote timing attacks are practical

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
SSL splitting: securely serving data from untrusted caches

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Stronger password authentication using browser extensions

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Security of web browser scripting languages: vulnerabilities, attacks, and remedies

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7

F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services

ISC '09 Proceedings of the 12th International Conference on Information Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

While web-based communications (e.g., webmail or web chatrooms) are increasingly protected by transport-layer cryptographic mechanisms, such as the SSL/TLS protocol, there are many situations where even the web server (or its operator) cannot be trusted. The end-to-end (E2E) encryption of data becomes increasingly important in these trust models to protect the confidentiality and integrity of the data against snooping and modification. We introduce W3Bcrypt, an extension to the Mozilla Firefox platform that enables application-level cryptographic protection for web content. In effect, we view cryptographic operations as a type of style to be applied to web content, similar to and along with layout and coloring operations. Among the main benefits of using encryption as a stylesheet are (a) reduced workload on the web server, (b) targeted content publication, and (c) greatly increased privacy. This paper discusses our implementation for Firefox, although the core ideas are applicable to most current browsers.