4WWW95: CCI-based Web security


authors:


Common Client Interface (CCI):

today, multiple solutions are available to increase security in the Web, e.g. S-HTTP, message digest, Kerberos based systems, SSL and PCT, DCE-Web and so on. while a diversity of methods and protocols may be desirable for various reasons, we may end up in a situation, where we need multiple browsers, one for each set of security mechanisms it supports.

instead of adding each new security feature to the browser itself, CCI is a new approach which adds application layer support to the client. a well defined interface allows to call other applications from the client, including security applications. if a new security algorithm is introduced, the browser does not need to be modified, instead, it simply calls the corresponding application via the CCI.

in the approach presented, they used PGP ("Pretty Good Privacy") to handle data encryption, signature verification and so on. in this PGP-CCI approach, they introduced HTTP extensions similar to S-HTTP and new HTML anchor attributes. no chances have to be made to the code of neither the server nor the client, all that is necessary is the addition of the new proposed MIME type

Content-type: application/x-pgp

the PGP-CCI protocol:

to handle the application/x-pgp content-types, the PGP-CCI application registers with the browser to receive all requests for URLs with the HTTP protocol and to handle all application/x-www-pgp-response content-types.

hyperlinks pointing to documents that shall be retrieved using PGP-CCI contain special attributes, such as the server's public key ID, if the request should be encrypted, signed or both and so on.

a request for a document using PGP-CCI is processed as follows:

  1. the browser passes the HTTP request to the CCI application as it would normally send it to the server.
  2. the CCI application applies the proper security enhancements to the request as defined by the attributes in the URL.
  3. the CCI application encapsulates the original request with a generic HTTP request and passes it back to the browser for retrieval on the network.
  4. the server uses PGP to decrypt and/or verify the signature on the encapsulated request. if the request was not properly authorized, the server sends back an "unauthorized" (message 401) response.
    if the request passed the authorization correctly, it sends back an "application/x-www-pgp-response" which might be encrypted and/or signed using the session key contained in the client's request.
  5. if the server's respond is "unauthorized", the browser will display the server's HTML error message.
  6. the CCI application uses PGP to decrypt and/or verify the signature of the server's response, then it passes the plain text of the HTTP response to the browser. the browser processes this response as it would handle any HTTP response.

the proposed new hyperlink attributes for PGP-CCI include:


this is an example of a PGP-CCI hyperlink:

<A HREF="http://www.topsecret.org/wherever/whatever.html"
PGPUSER="Topsecret Web Server <www@topsecret.org>"
PGPPUBKEYID="E9B2BB1D"
PGPMODE="request-signed,request-encrypted"
> this is a secure link </A>

CCI functions:

the commands used by PGP-CCI are based on