Trust Beyond the First Hop—What Really Happens to Data Sent to HTTPS Websites

Tuesday, January 26, 2016 - 1:30pm2:00pm

Nick Sullivan, Security Engineering Lead, CloudFlare

Abstract: 

There's a lot of fuss about the best way to visually show how secure your connection is when browsing online. The more mainstream example is the "lock" icon at the top left hand side of a browser—which indicates that you are currently visiting a website over an encrypted and authenticated HTTPS connection. This extra visual lets the trained web explorer know that the site they're visiting can't be tampered or "snooped" on. The visual impact of this information is top of mind for Google's Chrome team and Mozilla--with future browsers showing a solid bar of "red" for a more in-your-face indicators of an unencrypted connection.

This focus on improving HTTPS adoption by web browser is admirable. However, the basic visual information expressed to the web user belies a complex and evolving topology of services sitting on the other side. There's way more to it than a lock or a colored address bar. With the proliferation of low-cost web infrastructure services, even small personal blogs have access to secure global caching and HTTPS. Furthermore, HTTPS termination is not what it used to be in the early days of the web. In this session we will take a look "under the hood" to share more about where data is actually going.

Hear what happens to web data once it leaves the happy embrace of an HTTPS tunnel and spills out to the other side. Attendees will also learn about potential approaches to bridge the gap and allow web services to extend trust beyond the first hop.

Nick Sullivan, Security Engineering Lead, CloudFlare

Nick Sullivan is a leading cryptography and security technologist. He founded and built the security team at CloudFlare, one of the world's leading web security companies. He is a digital rights management pioneer in his work building Apple’s multi-billion dollar iTunes store. He holds an MSc in Cryptography and a BMath in Pure Mathematics.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {206265,
author = {Nick Sullivan},
title = {Trust Beyond the First {Hop{\textemdash}What} Really Happens to Data Sent to {HTTPS} Websites},
year = {2016},
address = {San Francisco, CA},
publisher = {USENIX Association},
month = jan
}

Presentation Video