Simple and Lightweight HTTPS Enforcement to Protect against SSL Striping Attack

Puangpronpitag, Somnuk; Sriwiboon, Nattavut

doi:10.1109/cicsyn.2012.50

Cited by 20 publications

(12 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is important in order to achieve secure connection and data flow throughout network as well as content protection and copyright management. Several research presented in [12,13] report security attacks and breaches of streaming media content. These bring necessity for more security protocols and various ways of protecting content in the network.…”

Section: B Http Streaming Environmentmentioning

confidence: 99%

Implementation of DTCP-IP protected content on Android devices

Tapavicki

Spiric

Tanackovic

et al. 2014

2014 3rd Mediterranean Conference on Embedded Computing (MECO)

View full text Add to dashboard Cite

show abstract

Section: B Http Streaming Environmentmentioning

confidence: 99%

Implementation of DTCP-IP protected content on Android devices

Tapavicki

Spiric

Tanackovic

et al. 2014

2014 3rd Mediterranean Conference on Embedded Computing (MECO)

View full text Add to dashboard Cite

show abstract

“…So, credential information are passed as plain text from the client to the attacker. HTTPS enforcer [26] uses a list of URLs that is kept at the client side. When a web page is requested and the communication between the web browser and web server is done over HTTP connection, the HTTP enforcer checks the list of URLs.…”

Section: Isan-https Enforcermentioning

confidence: 99%

“…A test was performed using for ISAN-HTTPS Enforcer [26] on a web server containing Intel XEON 2.40 GHz processor with a RAM of 2GB. The Operating system in the server was CentOS 5.3, web server was Apache/2.…”

Section: Resource Requirement Of Isan-https Enforcermentioning

confidence: 99%

“…• Two-way authentication [22] • HTTPSLock [24] • Using ARP request packet to the gateway [23] • Monitoring ARP table [23] • Restricting ICMP packet [23] • SSLock [25] • HSTS [37] • ISAN-HTTPS Enforcer [26] • SHS-HTTPS Enforcer [27] • Cookie Proxy [38] 3 Categorization of Existing Approaches SSL stripping attack is targeted towards client. So client must defend against the attack.…”

Section: Existing Solutions To Ssl Stripping Attackmentioning

confidence: 99%

“…There exists several recent works [7][8][9][10][11][12][13] on threats and security analysis of mobile applications and SSL/TLS deployment in mobile applications. Other HTTPS and TLS/SSLbased attack techniques are discussed in several works [14][15][16][17][18][19][20][21] There have been several existing solutions proposed specifically for SSL stripping attack, for example, ARP-related solutions [22,23], web script based solutions [24][25][26][27], MITM based solutions [28] and others [29][30][31][32][33]. However, there has been no survey that compiles all the solutions against SSL stripping-based session hijacking attacks which are crucial security threats for web users.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks

Hossain

Paul

Islam

et al. 2018

NPA

View full text Add to dashboard Cite

Web communications between the server and the client are being used extensively. However, session hijacking has become a critical problem for most of the client-server communications. Among different session hijacking attacks, SSL stripping is the most dangerous attack. There are a number of measures proposed to prevent SSL tripping-based session hijacking attacks. However, existing surveys did not summarize all the preventive measures in a comprehensive manner (without much illustration and categorization). The objective of this paper is to provide a comprehensive survey of existing measures against SSL stripping-based session hijacking attacks and compare those measures. In this paper, we have classified all the existing preventive measures for SSL stripping-based session hijacking attacks into two main categories: client-side measures and server-side measures. We have illustrated the proposed solutions comprehensively with useful diagrams for clarification. We have also compared them based on different performance criteria. This paper will help web security researchers to have a comparative analysis of all solutions for the SSL stripping based attacks, thereby improving existing solutions to better protect the users from session hijacking attacks.

show abstract