Survey of Attacks against HTTPS: Analysis, Exploitation, and Mitigation Strategies
Main Article Content
Abstract
This research paper aims to provide a comprehensive overview of known attacks against HTTPS, focusing on the SSL and TLS protocols. The paper begins by explaining the working of HTTPS, followed by detailed descriptions of SSL and TLS protocols. Subsequently, it explores common attacks against HTTPS, providing an in-depth analysis of each attack, along with proof-of-concept (PoC) demonstrations. Furthermore, the paper outlines mitigation strategies to address each attack, emphasizing the importance of proactive security measures. Finally, a conclusion is drawn, highlighting the evolving nature of HTTPS attacks and the continuous need for robust security practices.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
How to Cite
References
S. Puangpronpitag and N. Sriwiboon, "Simple and Lightweight HTTPS Enforcement to Protect against SSL Striping Attack," 2012 Fourth International Conference on Computational Intelligence, Communication Systems and Networks, Phuket, Thailand, 2012, pp. 229-234, doi: 10.1109/CICSyN.2012.50.
Nagendran, K., et al. "Sniffing HTTPS Traffic in LAN by Address Resolution Protocol Poisoning." International Journal of Pure and Applied Mathematics 119.12 (2018): 1187-1195.
A. Adithyan, K. Nagendran, R. Chethana, G. Pandy D. and G. Prashanth K., "Reverse Engineering and Backdooring Router Firmwares," 2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore, India, 2020, pp. 189-193, doi: 10.1109/ICACCS48705.2020.9074317.
P. Sirohi, A. Agarwal and S. Tyagi, "A comprehensive study on security attacks on SSL/TLS protocol," 2016 2nd International Conference on Next Generation Computing Technologies (NGCT), Dehradun, India, 2016, pp. 893-898, doi: 10.1109/NGCT.2016.7877537.
V. Platenka, A. Mazalek and Z. Vranova, "Attacks on devices using SSL/TLS," 2021 International Conference on Military Technologies (ICMT), Brno, Czech Republic, 2021, pp. 1-6, doi: 10.1109/ICMT52455.2021.9502818.
F. Qi, Z. Tang and G. Wang, "Attacks vs. Countermeasures of SSL Protected Trust Model," 2008 The 9th International Conference for Young Computer Scientists, Hunan, China, 2008, pp. 1986-1991, doi: 10.1109/ICYCS.2008.433.
G. Rajendran, H. V. Sathyabalu, M. Sachi and V. Devarajan, "Cyber Security in Smart Grid: Challenges and Solutions," 2019 2nd International Conference on Power and Embedded Drive Control (ICPEDC), Chennai, India, 2019, pp. 546-551, doi: 10.1109/ICPEDC47771.2019.9036484
P. P. Parthy and G. Rajendran, "Identification and prevention of social engineering attacks on an enterprise," 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, 2019, pp. 1-5, doi: 10.1109/CCST.2019.8888441
R. Oppliger, R. Hauser and D. Basin, "SSL/TLS Session-Aware User Authentication," in Computer, vol. 41, no. 3, pp. 59-65, March 2008, doi: 10.1109/MC.2008.98.
S. Stricot-Tarboton, S. Chaisiri and R. K. L. Ko, "Taxonomy of Man-in-the-Middle Attacks on HTTPS," 2016 IEEE Trustcom/Big Data SE/ISPA, Tianjin, China, 2016, pp. 527-534, doi: 10.1109/TrustCom.2016.0106.
Implementation of ARP Spoofing for IOT Devices Using Cryptography AES and ECDSA Algorithms. (2019). In International Journal of Recent Technology and Engineering (Vol. 8, Issue 2S11, pp. 2889–2893). https://doi.org/10.35940/ijrte.b1363.0982s1119
Prabhakaran, Prof. R., & Asha, Dr. S. (2019). Analysis of Cyber Attacks Vulnerabilities In Electrical Power Systems. In International Journal of Innovative Technology and Exploring Engineering (Vol. 8, Issue 9, pp. 925–928). https://doi.org/10.35940/ijitee.i7848.078919
Mathew, A. R. (2019). Cyber-Infrastructure Connections and Smart Gird Security. In International Journal of Engineering and Advanced Technology (Vol. 8, Issue 6, pp. 2285–2287). https://doi.org/10.35940/ijeat.f8681.088619
Sharma, T., & Sharma, R. (2024). Smart Grid Monitoring: Enhancing Reliability and Efficiency in Energy Distribution. In Indian Journal of Data Communication and Networking (Vol. 4, Issue 2, pp. 1–4). https://doi.org/10.54105/ijdcn.d7954.04020224
Balamurugan, A., R, S. D., J, S., & K, Sivasankari. (2021). Secure Online Transaction using Iris. In Indian Journal of Cryptography and Network Security (Vol. 1, Issue 2, pp. 5–14). https://doi.org/10.54105/ijcns.a1408.111221