Title :
Simple and Lightweight HTTPS Enforcement to Protect against SSL Striping Attack
Author :
Puangpronpitag, Somnuk ; Sriwiboon, Nattavut
Author_Institution :
Fac. of Inf., Mahasarakham Univ., Mahasarakham, Thailand
Abstract :
SSL is a protocol for secured traffic connections. By using the SSL, HTTPS has been designed to prevent eavesdroppers and malicious users from web application services. However, man-in-the-middle attack techniques based on stripping and sniffing the HTTPS connections are still possible, causing security problems on web applications. Several scrip-kiddy tools to launch such attacks are easy to find and available on the Internet. In this paper, we therefore proposed a solution to protect against SSL striping attack. By enforcing a connection to HTTPS, our techniques determine the web URL and enforce the communication to HTTPS for protecting against the SSL striping attack. The experimental results on a test-bed have demonstrated an effectiveness and efficiency of our solution.
Keywords :
Internet; security of data; transport protocols; HTTPS enforcement; SSL striping attack protection; Web application services; hypertext transfer protocol; man-in-the-middle attack; secure socket layer; secured traffic connections; Browsers; Cryptography; Protocols; Strips; Web servers; HTTPS; Man-in-the-Middle Attack; SSL Striping Attack; Web Application Attack;
Conference_Titel :
Computational Intelligence, Communication Systems and Networks (CICSyN), 2012 Fourth International Conference on
Conference_Location :
Phuket
Print_ISBN :
978-1-4673-2640-7
DOI :
10.1109/CICSyN.2012.50
