A two-part solution to this problem is using signed API data when available, and otherwise using Notary TEEs as trusted intermediaries. These TEEs observe web content directly and provide signed attestations, enabling agents to get verifiable data from any website without requiring changes to existing infrastructure. Each attestation feed includes:

  • Content hash

  • Timestamp

  • TEE attestation

  • TLS session proof

Extension architecture

The attestation system implementation for private web data is based on a three-tier architecture: a browser-based client, a WebAssembly (WASM) module, and a trusted AWS Nitro Enclave. The system establishes two parallel WebSocket connections - one for secure communication with the Notary service running in the AWS Nitro Enclave, and another as a proxy to the target web server. This architecture ensures that all data flows through the trusted execution environment while maintaining end-to-end encryption. The extension and all the relevant code will soon be published.

The attestation process begins when the client initiates a request through the WASM module, which manages the TLS handshake and encryption parameters via the Notary service. As data flows between the client and target server, the Notary service, running in the secure AWS Nitro Enclave, maintains access to the TLS keys and can decrypt the proxied data to verify its integrity. When attestation is requested, the Notary examines the decrypted data for specified attributes and, if present, generates a cryptographic signature that serves as a tamper-proof attestation of the observed web content. This design ensures that attestations can only be generated within the secure hardware environment, providing strong guarantees about the authenticity of the attested data.

The system implements a secure TLS attestation architecture that enables verifiable attestations through AWS Nitro Enclaves, utilizing WebSocket connections and WASM-based processing. Here’s a detailed breakdown of the components and their operations:

Client-Side Components

  • The browser environment serves as the primary interface where users initiate secure browsing sessions and receive attestations, acting as the front-end gateway to the entire system.

  • The WASM extension functions as a sophisticated processing unit that manages cryptographic operations and orchestrates all communication channels, serving as the critical bridge between the browser, Notary, and target servers.

Server-Side Components

  • The Notary Service operates within a secure TEE - AWS Nitro Enclave environment, providing hardware-level isolation while managing sessions, generating cryptographic parameters, and producing trusted attestations.

  • The communication infrastructure utilizes two distinct WebSocket connections: one dedicated to Notary communications and another for proxied connections to target servers, ensuring persistent and secure data transmission.

Session Initialization

  • The initialization process begins when the client activates the WASM extension, which establishes a secure session with the Notary and receives a unique identifier for subsequent communications.

  • The TLS handshake workflow involves requesting parameters from the Notary, executing the handshake with the target server, and establishing a verified encrypted stream for secure data exchange.

Data Flow and Encryption

  • Request processing follows a careful sequence where client data is encrypted using Notary-provided parameters before transmission to the target server, with responses following a reverse process for secure delivery.

  • The attestation generation can be triggered at any point, involving the Notary accessing stored TLS keys, decrypting proxied data, and producing signed attestations after verifying required attributes.

Security Features

  • The AWS Nitro Enclave provides hardware-level isolation and secure key management, creating an impenetrable environment for sensitive cryptographic operations and data handling.

  • The dual WebSocket architecture implements end-to-end encryption and TLS parameter verification, while proxied connections prevent direct server exposure and maintain a secure communication chain.

  • The attestation mechanism ensures data integrity through cryptographic signing and attribute-based verification, creating an unbroken chain of trust from request to response.

Implementation Considerations

  • Performance optimization leverages persistent connections and efficient caching strategies, while the WASM compilation is optimized for minimal latency in client-side processing.

  • The error handling system implements comprehensive recovery mechanisms for session failures, connection dropouts, and invalid attestation requests, ensuring system resilience.

  • The scalability architecture enables independent enclave instances and horizontal scaling, allowing the system to grow while maintaining security and performance standards.

Why TLS Attestations?Verification Frontend