Title :
Analysis and Research on HTTPS Hijacking Attacks
Author :
Cheng, Kefei ; Gao, Meng ; Guo, Ruijie
Author_Institution :
Coll. of Comput. Sci., Chongqing Univ. of Posts & Telecommun., Chongqing, China
Abstract :
With the development of e-commerce, SSL protocol is more and more widely applied to various network services. For the defect of SSL authentication, this paper analyses two kinds of drawbacks in SSL handshake, and respectively conducts fake certificate and conversion from HTTPS to HTTP data to attack. Both of them are dangerous to HTTPS communication. For that reason, we have proposed three different measures to strengthen data security, which are static ARP table, enhanced certificate system, and two-way authentication. Experimental results show that three methods are effectively defensive against the HTTPS hijacking attacks.
Keywords :
cryptographic protocols; message authentication; telecommunication services; transport protocols; HTTPS hijacking attacks; SSL authentication; SSL handshake; SSL protocol; certificate system; data security; e-commerce; static ARP table; two-way authentication; Access protocols; Authentication; Computer security; Cryptography; Network servers; Protection; Public key; Uniform resource locators; Web server; Wireless communication; HTTPS; Man in the Middle Attack; Session Hijacking;
Conference_Titel :
Networks Security Wireless Communications and Trusted Computing (NSWCTC), 2010 Second International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-0-7695-4011-5
Electronic_ISBN :
978-1-4244-6598-9
DOI :
10.1109/NSWCTC.2010.187
