Man-in-the-Middle Attack to the HTTPS Protocol
@article{Callegati2009ManintheMiddleAT,
title={Man-in-the-Middle Attack to the HTTPS Protocol},
author={Franco Callegati and Walter Cerroni and Marco Ramilli},
journal={IEEE Security \& Privacy Magazine},
year={2009},
volume={7},
pages={78-81}
}Web-based applications rely on the HTTPS protocol to guarantee privacy and security in transactions ranging from home banking, e-commerce, and e-procurement to those that deal with sensitive data such as career and identity information. Users trust this protocol to prevent unauthorized viewing of their personal, financial, and confidential information over the Web.
Figures and Topics from this paper
272 Citations
Splitting the HTTPS Stream to Attack Secure Web Connections
- Computer Science
- IEEE Security & Privacy
- 2010
This document explains how the HTTPS protocol lets a browser verify a Web server's authenticity and establish an encrypted channel for protecting exchanged data. Expand
Analysis and Research on HTTPS Hijacking Attacks
- Computer Science
- 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing
- 2010
Experimental results show that three methods to strengthen data security are effectively defensive against the HTTPS hijacking attacks, which are static ARP table, enhanced certificate system, and two-way authentication. Expand
PROTECTION AGAINST MAN-IN-THE-MIDDLE ATTACK IN BANKING TRANSACTION USING STEGANOGRAPHY Albina.N,
- 2012
The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web.… Expand
HTTPAS: active authentication against HTTPS man-in-the-middle attacks
- Computer Science
- IET Commun.
- 2016
The authors propose HTTPAS, a new HTTP Active Secure framework that can enhance the HTTPS authentication against man-in-the-middle attacks by actively utilising available CAs and exploiting Internet path diversity as much as possible. Expand
Achieving Communication Effectiveness of Web Authentication Protocol with Key Update
- Computer Science
- MSN
- 2017
A new certification process is designed to make the protocol support key update, thus avoiding the risk of key leaks and improving the efficiency of implementation of SISCA protocol. Expand
Defense against DNS Man-In-The-Middle Spoofing
- Computer Science
- WISM
- 2011
This paper introduces one type of defense technique based on the main features of DNS response packets that employs Artificial Neural Networks (ANN), which produces excellent performance. Expand
HTTPS: a Phishing Attack in a Network
- Computer Science
- ICICM 2017
- 2017
The possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate, is discussed. Expand
Content-based control of HTTPs mail for implementation of IT-convergence security environment
- Computer Science
- J. Intell. Manuf.
- 2014
This paper proposes a method that controls HTTPs web mail contents by using a proxy server and distributing the secure socket layer (SSL) certificate to user’ s PC and plays the Certificate Authority role between the users’ PCs and the web mail server. Expand
Privacy Preservation and Data Security on Internet Using Mutual Ssl
- Computer Science
- 2017
The way toward authenticating and setting up an encrypted channel using certificate-based mutual SSL authentication using Verisign or Microsoft Declaration Server are a critical part of mutual authentication process. Expand
SSL Enhancement
- Computer Science
- ArXiv
- 2012
This paper depicts a SSL breach and then provides a solution to nullify it and proposes a technique cum practical solution to strengthen data security by developing mozilla-firefox add-on and servlet code which will strengthen the defense against the https hijacking attacks. Expand
References
Hardening Web browsers against man-in-the-middle and eavesdropping attacks
- Computer Science
- WWW '05
- 2005
This work proposes context-sensitive certificate verification (CSCV), whereby the browser interrogates the user about the context in which a certificate verification error occurs, and guides the user in handling and possibly overcoming the security error. Expand