Securing HTTP/3 Web Architecture in the Cloud
Author
Abstract

The HTTP protocol is the backbone for how traffic is communicated over the Internet and between web applications and users. Introduced in 1997 with HTTP 1.0 and 1.1, HTTP has gone through several developmental changes throughout the years. HTTP/1.1 suffers from several issues. Namely only allowing a one-to-one connection. HTTP/2 allowed for multiplexed connections. Additionally, HTTP/2 attempted to address the security issues that were faced by the prior version of HTTP by allowing administrators to enable HTTPS, as well as enable certificates to help ensure the encryption and protection of data between users and the web application. One of the major issues HTTP/2 faces is that it allows users to have multiplexed connections, but when there is an error and data needs to be retransmitted, this leads to head of line blocking. HTTP/3 is a new protocol that was proposed for formalization to the IETF in June of 2022. One of the first major changes is that unlike prior versions of HTTP that used the TCP/IP method of networking for data transmission, HTTP/3 uses UDP for data transmission. Prior research has focused on the protocol itself or investigating how certain types of attacks affect your web architecture that uses QUIC and HTTP/3. One area lacking research in this topic is how to secure web architecture in the cloud that uses this new protocol. To this end, we will be investigating how logging can be used to secure your web architecture and this protocol in the cloud.

Year of Publication
2023
Date Published
jun
URL
https://ieeexplore.ieee.org/document/10174337/?arnumber=10174337
DOI
10.1109/AIIoT58121.2023.10174337
Google Scholar | BibTeX | DOI