Securing Web Content Distribution in the Presence of Third-Party Content Delivery Networks

Abstract

In today's Internet, websites widely use third-party Content Delivery Networks (CDNs) to accelerate webpage retrieval and protect web servers from a wide range of cyberattacks. The widespread third-party CDNs lead to both challenges and opportunities for building a secure web ecosystem. A significant challenge arises from the fact that third-party CDNs observe all communications between users and websites, raising privacy leakage concerns. On the other hand, the high-capacity networks, distributed servers, and widespread adoption of CDNs offer researchers opportunities to innovate defenses against cyberattacks on web services.This dissertation presents our research on securing modern web content distribution by measuring and solving the private data leakage to CDNs and utilizing CDNs to prevent the long-standing Application-layer Denial of Service (ADoS) vulnerability that exploits password authentication. Specifically, the dissertation consists of three correlated projects as follows.We began with a measurement of 50k websites to quantify user password leakage to third-party CDNs. We discovered that more than one-third of CDN-enabled websites expose user passwords to CDNs, which can be attributed to the pervasive practice of TLS key sharing between websites and CDNs. This discovery, along with prior reports of CDN data leakage vulnerabilities, necessitates a practical system to protect user privacy such as passwords and personal information on CDNs. Motivated by this discovery, we developed a system called InviCloak, which safeguards user privacy, retains the security and performance benefits of CDNs, and remains compatible with the current web ecosystem. The key idea of InviCloak is to introduce an additional layer of encryption inside HTTPS to hide users' private data through a new public key delivered by a combination of DNSSEC and DNS-over-HTTPS. However, InviCloak cannot address the ADoS vulnerability caused by password authentication in the current web ecosystems. Thus, we utilized the serverless computing service on CDNs to develop PreAcher. This system prevents such ADoS attacks by employing CDNs to pre-authenticate passwords in the login requests, intercepting most malicious ones without correct passwords. The key innovation of PreAcher is a novel three-party authentication protocol that enables a CDN to perform pre-authentication without gaining access to or the ability to guess passwords. Nevertheless, PreAcher is unable to prevent ADoS attacks when adversaries already know the passwords of user accounts or when they exploit interfaces other than password authentication, leaving opportunities for future work.In summary, based on our measurements and findings in today's Internet where CDNs are pervasive, we proposed InviCloak and PreAcher, two systems that are complementary to each other. By deploying them together, websites can address realistic security issues of privacy leakage and ADoS attacks in the presence of third-party CDNs. Furthermore, both systems are immediately deployable on the Internet without requiring any modification to CDNs or network infrastructures.Overall, our insight is that to meet the evolving user demands for efficiency and availability, modern network services like CDNs have disrupted the end-to-end design principle of Internet services and infrastructures, leading to security and reliability challenges in Internet resource delivery. We believe such a mismatch among Internet infrastructures, emerging network services, and evolving user demands will continue to drive research on networking, systems, and security in the future.