The Cost of the "S" in HTTPS

David, Naylor; Finamore, Alessandro; Ilias, Leontiadis; Yan, Grunenberger; Mellia, Marco; Munafo', MAURIZIO MATTEO; Konstantina, Papagiannaki; Peter, Steenkiste

doi:10.1145/2674005.2674991

PORTO @ Publications Open Repository TOrino

IRIS è la soluzione IT che facilita la raccolta e la gestione dei dati relativi alle attività e ai prodotti della ricerca. Fornisce a ricercatori, amministratori e valutatori gli strumenti per monitorare i risultati della ricerca, aumentarne la visibilità e allocare in modo efficace le risorse disponibili.

Increased user concern over security and privacy on the Internet has led to widespread adoption of HTTPS, the secure version of HTTP. HTTPS authenticates the communicating end points and provides confidentiality for the ensuing communication. However, as with any security solution, it does not come for free. HTTPS may introduce overhead in terms of infrastructure costs, communication latency, data usage, and energy consumption. Moreover, given the opaqueness of the encrypted communication, any in-network value added services requiring visibility into application layer content, such as caches and virus scanners, become ineffective. This paper attempts to shed some light on these costs. First, taking advantage of datasets collected from large ISPs, we examine the accelerating adoption of HTTPS over the last three years. Second, we quantify the direct and indirect costs of this evolution. Our results show that, indeed, security does not come for free. This work thus aims to stimulate discussion on technologies that can mitigate the costs of HTTPS while still protecting the user's privacy.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11583/2602580

Titolo:	The Cost of the "S" in HTTPS
Autori:	David Naylor FINAMORE, ALESSANDRO Ilias Leontiadis Yan Grunenberger MELLIA, MARCO MUNAFO', MAURIZIO MATTEO Konstantina Papagiannaki Peter Steenkiste mostra contributor esterni nascondi contributor esterni
Data di pubblicazione:	2014
Abstract:	Increased user concern over security and privacy on the Internet has led to widespread adoption of HTTPS, the secure version of HTTP. HTTPS authenticates the communicating end points and provides confidentiality for the ensuing communication. However, as with any security solution, it does not come for free. HTTPS may introduce overhead in terms of infrastructure costs, communication latency, data usage, and energy consumption. Moreover, given the opaqueness of the encrypted communication, any in-network value added services requiring visibility into application layer content, such as caches and virus scanners, become ineffective. This paper attempts to shed some light on these costs. First, taking advantage of datasets collected from large ISPs, we examine the accelerating adoption of HTTPS over the last three years. Second, we quantify the direct and indirect costs of this evolution. Our results show that, indeed, security does not come for free. This work thus aims to stimulate discussion on technologies that can mitigate the costs of HTTPS while still protecting the user's privacy.
ISBN:	9781450332798
Appare nelle tipologie:	4.1 Contributo in Atti di convegno

File in questo prodotto:

File	Descrizione	Tipologia	Licenza
p133-naylor.pdf		2. Post-print	Non Pubblico - Accesso privato/ristretto	Administrator Richiedi una copia
paper.pdf		2. Post-print	PUBBLICO - Tutti i diritti riservati	Visibile a tuttiVisualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.