• DocumentCode
    2594064
  • Title

    Analysis and Research on HTTPS Hijacking Attacks

  • Author

    Cheng, Kefei ; Gao, Meng ; Guo, Ruijie

  • Author_Institution
    Coll. of Comput. Sci., Chongqing Univ. of Posts & Telecommun., Chongqing, China
  • Volume
    2
  • fYear
    2010
  • fDate
    24-25 April 2010
  • Firstpage
    223
  • Lastpage
    226
  • Abstract
    With the development of e-commerce, SSL protocol is more and more widely applied to various network services. For the defect of SSL authentication, this paper analyses two kinds of drawbacks in SSL handshake, and respectively conducts fake certificate and conversion from HTTPS to HTTP data to attack. Both of them are dangerous to HTTPS communication. For that reason, we have proposed three different measures to strengthen data security, which are static ARP table, enhanced certificate system, and two-way authentication. Experimental results show that three methods are effectively defensive against the HTTPS hijacking attacks.
  • Keywords
    cryptographic protocols; message authentication; telecommunication services; transport protocols; HTTPS hijacking attacks; SSL authentication; SSL handshake; SSL protocol; certificate system; data security; e-commerce; static ARP table; two-way authentication; Access protocols; Authentication; Computer security; Cryptography; Network servers; Protection; Public key; Uniform resource locators; Web server; Wireless communication; HTTPS; Man in the Middle Attack; Session Hijacking;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Networks Security Wireless Communications and Trusted Computing (NSWCTC), 2010 Second International Conference on
  • Conference_Location
    Wuhan, Hubei
  • Print_ISBN
    978-0-7695-4011-5
  • Electronic_ISBN
    978-1-4244-6598-9
  • Type

    conf

  • DOI
    10.1109/NSWCTC.2010.187
  • Filename
    5480600
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2594064