The Security Impact of HTTPS Interception

@inproceedings{Durumeric2017TheSI,
  title={The Security Impact of HTTPS Interception},
  author={Zakir Durumeric and Zane Ma and Drew Springall and Richard Barnes and Nick Sullivan and Elie Bursztein and Michael Bailey and J. Alex Halderman and Vern Paxson},
  booktitle={NDSS},
  year={2017}
}
As HTTPS deployment grows, middlebox and antivirus products are increasingly intercepting TLS connections to retain visibility into network traffic. In this work, we present a comprehensive study on the prevalence and impact of HTTPS interception. First, we show that web servers can detect interception by identifying a mismatch between the HTTP User-Agent header and TLS client behavior. We characterize the TLS handshakes of major browsers and popular interception products, which we use to build… CONTINUE READING
Highly Cited
This paper has 24 citations. REVIEW CITATIONS
18 Citations
29 References
Similar Papers

Citations

Publications citing this paper.
Showing 1-10 of 18 extracted citations

References

Publications referenced by this paper.
Showing 1-10 of 29 references

Komodia/superfish SSL validation is broken

  • F. Valsorda
  • https://blog.filippo.io/komodia-superfish-ssl…
  • 2015
Highly Influential
7 Excerpts

Man-in-the-middle interfering with increased security

  • R. Barnes
  • Mozilla Security Blog
  • 2016
1 Excerpt

Deprecating non-secure HTTP

  • R. Barnes
  • Mozilla Security Blog. https:// blog.mozilla.org…
  • 2015
1 Excerpt

Similar Papers

Loading similar papers…