WebALPS Implementation and Performance Analysis: Using Trusted Co-servers to Enhance Privacy and Security of Web Interactions

Shan Jiang, Dartmouth College

Listed in the Dartmouth College Computer Science Technical Report Series as TR2001-399.

Abstract

The client-server model of the Web poses a fundamental trust issue: clients are forced to trust in secrecy and correctness of computation occurring at a remote server of unknown credibility. The current solution for this problem is to use a PKI (Public Key Infrastructure) system and SSL (Secure Sockets Layer) digital certificates to prove the claimed identity of a server and establish an authenticated, encrypted channel between the client and this server. However, this approach does not address the security risks posed by potential malicious server operators or any third parties who may penetrate the server sites.

The WebALPS (Web Applications with Lots of Privacy and Security) approach is proposed to address these weaknesses by moving sensitive computations at server side into trusted co-servers running inside high-assurance secure coprocessors.

In this report, we examine the foundations of the credibility of WebALPS co-servers. Then we will describe our work of designing and building a prototype WebALPS co-server, which is integrated into the widely-deployed, commercial-grade Apache server. We will also present the performance test results of our system which support the argument that WebALPS approach provides a systematic and practical way to address the remote trust issue.