Man-in-the-Middle Attack to the HTTPS Protocol

@article{Callegati2009ManintheMiddleAT,
  title={Man-in-the-Middle Attack to the HTTPS Protocol},
  author={Franco Callegati and Walter Cerroni and Marco Ramilli},
  journal={IEEE Security \& Privacy Magazine},
  year={2009},
  volume={7},
  pages={78-81}
}
Web-based applications rely on the HTTPS protocol to guarantee privacy and security in transactions ranging from home banking, e-commerce, and e-procurement to those that deal with sensitive data such as career and identity information. Users trust this protocol to prevent unauthorized viewing of their personal, financial, and confidential information over the Web. 
Splitting the HTTPS Stream to Attack Secure Web Connections
TLDR
This document explains how the HTTPS protocol lets a browser verify a Web server's authenticity and establish an encrypted channel for protecting exchanged data. Expand
Analysis and Research on HTTPS Hijacking Attacks
  • Kefei Cheng, M. Gao, R. Guo
  • Computer Science
  • 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing
  • 2010
TLDR
Experimental results show that three methods to strengthen data security are effectively defensive against the HTTPS hijacking attacks, which are static ARP table, enhanced certificate system, and two-way authentication. Expand
PROTECTION AGAINST MAN-IN-THE-MIDDLE ATTACK IN BANKING TRANSACTION USING STEGANOGRAPHY Albina.N,
The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web.Expand
HTTPAS: active authentication against HTTPS man-in-the-middle attacks
TLDR
The authors propose HTTPAS, a new HTTP Active Secure framework that can enhance the HTTPS authentication against man-in-the-middle attacks by actively utilising available CAs and exploiting Internet path diversity as much as possible. Expand
Achieving Communication Effectiveness of Web Authentication Protocol with Key Update
TLDR
A new certification process is designed to make the protocol support key update, thus avoiding the risk of key leaks and improving the efficiency of implementation of SISCA protocol. Expand
Defense against DNS Man-In-The-Middle Spoofing
TLDR
This paper introduces one type of defense technique based on the main features of DNS response packets that employs Artificial Neural Networks (ANN), which produces excellent performance. Expand
HTTPS: a Phishing Attack in a Network
TLDR
The possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate, is discussed. Expand
Content-based control of HTTPs mail for implementation of IT-convergence security environment
TLDR
This paper proposes a method that controls HTTPs web mail contents by using a proxy server and distributing the secure socket layer (SSL) certificate to user’ s PC and plays the Certificate Authority role between the users’ PCs and the web mail server. Expand
Privacy Preservation and Data Security on Internet Using Mutual Ssl
TLDR
The way toward authenticating and setting up an encrypted channel using certificate-based mutual SSL authentication using Verisign or Microsoft Declaration Server are a critical part of mutual authentication process. Expand
SSL Enhancement
TLDR
This paper depicts a SSL breach and then provides a solution to nullify it and proposes a technique cum practical solution to strengthen data security by developing mozilla-firefox add-on and servlet code which will strengthen the defense against the https hijacking attacks. Expand
...
1
2
3
4
5
...

References

Hardening Web browsers against man-in-the-middle and eavesdropping attacks
TLDR
This work proposes context-sensitive certificate verification (CSCV), whereby the browser interrogates the user about the context in which a certificate verification error occurs, and guides the user in handling and possibly overcoming the security error. Expand