The Cost of the "S" in HTTPS

Increased user concern over security and privacy on the Internet has led to widespread adoption of HTTPS, the secure version of HTTP. HTTPS authenticates the communicating end points and provides confidentiality for the ensuing communication. However, as with any security solution, it does not come for free. HTTPS may introduce overhead in terms of infrastructure costs, communication latency, data usage, and energy consumption. Moreover, given the opaqueness of the encrypted communication, any in-network value added services requiring visibility into application layer content, such as caches and virus scanners, become ineffective. This paper attempts to shed some light on these costs. First, taking advantage of datasets collected from large ISPs, we examine the accelerating adoption of HTTPS over the last three years. Second, we quantify the direct and indirect costs of this evolution. Our results show that, indeed, security does not come for free. This work thus aims to stimulate discussion on technologies that can mitigate the costs of HTTPS while still protecting the user's privacy.

The Cost of the "S" in HTTPS / David Naylor;Alessandro Finamore;Ilias Leontiadis;Yan Grunenberger;Marco Mellia;Maurizio Munafò;Konstantina Papagiannaki;Peter Steenkiste. - STAMPA. - (2014), pp. 133-140. ((Intervento presentato al convegno Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies - CoNEXT '14 tenutosi a Sidney, Australia nel December 2014.

SFX
Titolo: The Cost of the "S" in HTTPS
Autori: 
FINAMORE, ALESSANDRO
MELLIA, MARCO
MUNAFO', MAURIZIO MATTEO
mostra contributor esterni 
Data di pubblicazione: 2014
Abstract: Increased user concern over security and privacy on the Internet has led to widespread adoption o...f HTTPS, the secure version of HTTP. HTTPS authenticates the communicating end points and provides confidentiality for the ensuing communication. However, as with any security solution, it does not come for free. HTTPS may introduce overhead in terms of infrastructure costs, communication latency, data usage, and energy consumption. Moreover, given the opaqueness of the encrypted communication, any in-network value added services requiring visibility into application layer content, such as caches and virus scanners, become ineffective.

This paper attempts to shed some light on these costs. First, taking advantage of datasets collected from large ISPs, we examine the accelerating adoption of HTTPS over the last three years. Second, we quantify the direct and indirect costs of this evolution. Our results show that, indeed, security does not come for free. This work thus aims to stimulate discussion on technologies that can mitigate the costs of HTTPS while still protecting the user's privacy.
ISBN: 9781450332798
Appare nelle tipologie:4.1 Contributo in Atti di convegno

File in questo prodotto:
FileDescrizioneTipologiaLicenza 
p133-naylor.pdf 2. Post-print / Author's Accepted ManuscriptNon Pubblico - Accesso privato/ristrettoAdministrator   Richiedi una copia
paper.pdf 2. Post-print / Author's Accepted ManuscriptPUBBLICO - Tutti i diritti riservatiVisibile a tuttiVisualizza/Apri
Utilizza questo identificativo per citare o creare un link a questo documento:
http://hdl.handle.net/11583/2602580
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
 
 
 
Powered by IRIS-about IRIS-Utilizzo dei cookie
Logo CINECA  Copyright © 2021