SecureCDN: Providing End-to-End Security in Content Delivery Networks
Principal Investigator: Christina Garman
Content Delivery Networks (CDNs) serve a large and increasing portion of today's web content. Beyond caching, CDNs provide their customers with a variety of services, from load balancing, to content compression and transcoding, to web application firewalls. As web traffic shifts from HTTP to HTTPS, CDNs continue to provide such services by also assuming control of their customers' private keys, thereby breaking a fundamental security principle: private keys must only be known by their owner.
We present the design and implementation of SecureCDN, a reverse caching proxy that uses Intel SGX to preserve the confidentiality of the content provider's private TLS key while stored on the edge server. SecureCDN runs the NGINX webserver in an Intel SGX enclave, while also enabling key CDN services, such as firewalling, local and remote caching, and scriptable configuration. In order to ensure the integrity and, optionally, confidentiality, of any cached content, we also develop a filesystem to extend the enclave's security guarantees to untrusted storage. In its strongest configuration, SecureCDN reduces the knowledge of the edge server to that of a traditional on-path HTTPS adversary. We evaluate the performance of SecureCDN with a series of micro- and macro-benchmarks.
This is ongoing work, in collaboration with the University of Maryland.
Dave Levin (UMD)