F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services

Burnside, Matthew Spindel; Keromytis, Angelos D.

The frequency and severity of recent intrusions involving data theft and leakages has shown that online users' trust, voluntary or not, in the ability of third parties to protect their sensitive data is often unfounded. Data may be exposed anywhere along a corporation's web pipeline, from the outward-facing web servers to the back-end databases. Additionally, in service-oriented architectures (SOAs), data may also be exposed as they transit between SOAs. For example, credit card numbers may be leaked during transmission to or handling by transaction-clearing intermediaries. We present F3ildCrypt, a system that provides end-to-end protection of data across a web pipeline and between SOAs. Sensitive data are protected from their origin (the user's browser) to their legitimate final destination. To that end, F3ildCrypt exploits browser scripting to enable application- and merchant-aware handling of sensitive data. Such techniques have traditionally been considered a security risk; to our knowledge, this is one of the first uses of web scripting that enhances overall security. F3ildCrypt uses proxy re-encryption to re-target messages as they enter and cross SOA boundaries, and uses XACML, the XML-based access control language, to define protection policies. Our approach scales well in the number of public key operations required for web clients and does not reveal proprietary details of the logical enterprise network (because of the application of proxy re-encryption). We evaluate F3ildCrypt and show an additional cost of 40 to 150 ms when making sensitive transactions from the web browser, and a processing rate of 100 to 140 XML fields/second on the server. We believe such costs to be a reasonable tradeoff for increased sensitive-data confidentiality.



More About This Work

Academic Units
Computer Science
Department of Computer Science, Columbia University
Columbia University Computer Science Technical Reports, CUCS-015-09
Published Here
July 15, 2010