In today's web ecosystem, a website that uses a Content Delivery Network (CDN) shares its Transport Layer Security (TLS) private key or session key with the CDN. In this paper, we present the design and implementation of InviCloak, a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN. InviCloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure to distribute a new public key associated with a website's domain name. A web client and a website can use the new key pair to build an encryption channel inside TLS. InviCloak accommodates the current web ecosystem. A website can deploy InviCloak unilaterally without a client's involvement to prevent a passive attacker inside a CDN from eavesdropping on their communications. If a client also installs InviCloak's browser extension, the client and the website can achieve end-to-end confidential and untampered communications in the presence of an active attacker inside a CDN. Our evaluation shows that InviCloak increases the median page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution.

翻译：在当前的网络生态系统中，使用内容分发网络（CDN）的网站会与其共享传输层安全（TLS）私钥或会话密钥。本文提出了InviCloak系统的设计与实现，该系统能够在无需修改TLS协议或升级CDN的前提下，保护用户与网站之间私有通信的机密性与完整性。InviCloak利用现有DNS基础设施构建了一个轻量级、安全且实用的密钥分发机制，用于分发与网站域名关联的新公钥。网络客户端与网站可使用该新密钥对在TLS内部建立加密信道。InviCloak兼容现有网络生态，网站可单方面部署而无需客户端参与，从而防止CDN内部的被动攻击者窃听通信。若客户端同时安装InviCloak浏览器扩展，则客户端与网站可在CDN内部存在主动攻击者的情况下实现端到端的机密且防篡改的通信。评估结果表明，InviCloak将实际网页的中位页面加载时间（PLT）从2.0秒增加至2.1秒，低于当前先进的基于可信执行环境（TEE）解决方案的中位PLT（2.8秒）。