The Trusted Cloud Transfer Protocol

Contemporary cloud computing solutions incorporate HTTP intermediaries, such as reverse proxies, load balancers, and intrusion prevention systems. These act as TLS server connection ends and access HTTP/TLS plaintext to carry out their functions. This raises many concerns: increased security efforts, the risk of losing confidentiality and integrity, and potentially unauthorized data access. Current HTTP entity-body encryption technologies address these concerns by providing end-to-end security between user agents and origin servers. However, they present disparate deficiencies, e.g., inefficient presentation languages, message-flow vulnerabilities, and the circumvention of HTTP streaming. This paper introduces the Trusted Cloud Transfer Protocol (TCTP), which presents a novel approach to entity-body encryption overcoming these deficiencies. The pivotal idea of TCTP are HTTP application layer encryption channels (HALECs), which integrate TLS functionality into the HTTP application layer. TCTP can be deployed immediately, as it is fully HTTP compliant, and rapidly implemented, as required TLS libraries are widely available. The reliance upon the mature TLS protocol minimizes the risk of introducing new security threats. Furthermore, TLS brings the benefit of relative efficiency, which is demonstrated on the basis of an example TCTP implementation.