NATIONAL SCIENCE FOUNDATION Award 1619391 to Qian, Zhiyun: NeTS: Small: Collaborative Research: Practical HTTPS Traffic Manipulation At Middleboxes

Zhiyun Qian
Professor
Computer Science & Engineering
zhiyunq@ucr.edu
(951) 827-6438

UCR Grants Archive

NeTS: Small: Collaborative Research: Practical HTTPS Traffic Manipulation At Middleboxes

AWARD NUMBER

008513-002

FUND NUMBER

33302

STATUS

Closed

AWARD TYPE

3-Grant

AWARD EXECUTION DATE

9/12/2016

BEGIN DATE

10/1/2016

END DATE

9/30/2019

AWARD AMOUNT

$140,000

Sponsor Information

SPONSOR AWARD NUMBER

1619391

SPONSOR

NATIONAL SCIENCE FOUNDATION

SPONSOR TYPE

Federal

FUNCTION

Organized Research

PROGRAM NAME

Proposal Information

PROPOSAL NUMBER

16050502

PROPOSAL TYPE

New

ACTIVITY TYPE

Basic Research

PI Information

Qian, Zhiyun

PI TITLE

Other

PI DEPTARTMENT

Computer Science & Engineering

PI COLLEGE/SCHOOL

Bourns College of Engineering

CO PIs

Project Information

ABSTRACT

Use of encrypted Web traffic is growing at an unprecedented rate. While enhancing user privacy, Secure Hypertext Transfer Protocol (HTTPS) makes it difficult for middleboxes that are commonly used by Internet service providers and mobile carriers to operate, because numerous beneficial middlebox functions (e.g., caching, web page optimization) rely on accessing the unencrypted traffic content. To overcome this challenge, this project develops a system aiming for a practical, ready-to-deploy solution that allows middleboxes to selectively inspect and manipulate HTTPS traffic while still respect the privacy requirements of users. This research will lead to new and continuous innovations in network services that are hard or impossible to achieve today.

The system has two prominent features. First, it is only deployed at client hosts as an operating system (OS) service, as well as on middleboxes. In addition to being transparent to applications, it does not change the encryption protocol or anything on the server side. Therefore, the system can be easily deployed by, for example, regular OS update pushed by mobile carriers. Second, the system allows clients to control what information the middlebox can access. Doing so provides least privileges to middleboxes for performing their functions. In addition, the proposed system is easy to use, secure, and incurs low overhead.

Developing these technologies will facilitate our understanding of the possible design space to allow coordinated, secure, and efficient manipulation of HTTPS traffic, ultimately leading to improved Internet user experience and privacy. The PIs will incorporate knowledge and results developed in this project into both undergraduate and graduate courses in networking, mobile computing and network security.

(Abstract from NSF)