Full Program »
This paper introduces Senser, a system for validating retrieved web content. Senser does not rely on a PKI and operates even when SSL/TLS is not supported by the web server. Senser operates as a network of proxies located at different vantage points on the Internet. Clients query a random subset of Senser proxies for compact descriptions of a desired web page, and apply consensus and matching algorithms to the returned results to locally render a "majority" web page. To ensure diverse selections of proxies (and consequently decrease an adversary’s ability to manipulate a majority of the proxies’ requests), Senser leverages Internet mapping systems that accurately predict AS-level paths between available proxies and the desired web page. We demonstrate using a deployment of Senser on Amazon EC2 that Senser detects and mitigates attempts to manipulate web content — even by large collections of autonomous systems — while incurring reasonable performance overheads.
Author(s):
Jordan Wilberding
Georgetown University
United States
Andrew Yates
Georgetown University
United States
Micah Sherr
Georgetown University
United States
Wenchao Zhou
Georgetown University
United States