| Title | GroupSec: A new security model for the web |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Sevilla, S., Garcia-Luna-Aceves, J. J., Sadjadpour, H. |
| Conference Name | 2017 IEEE International Conference on Communications (ICC) |
| Keywords | Browsers, content group membership, cryptography, GroupSec security model, HTTP, Human Behavior, Internet, Metrics, Middleboxes, privacy, pubcrawl, Resiliency, security of data, Servers, transparent content-caching, transport protocols, Uniform resource locators, Web Browser Security, web security |
| Abstract | The de facto approach to Web security today is HTTPS. While HTTPS ensures complete security for clients and servers, it also interferes with transparent content-caching at middleboxes. To address this problem and support both security and caching, we propose a new approach to Web security and privacy called GroupSec. The key innovation of GroupSec is that it replaces the traditional session-based security model with a new model based on content group membership. We introduce the GroupSec security model and show how HTTP can be easily adapted to support GroupSec without requiring changes to browsers, servers, or middleboxes. Finally, we present results of a threat analysis and performance experiments which show that GroupSec achieves notable performance benefits at the client and server while remaining as secure as HTTPS. |
| DOI | 10.1109/ICC.2017.7996681 |
| Citation Key | sevilla_groupsec:_2017 |
GroupSec: A new security model for the web