Survey of Attacks against HTTPS: Analysis, Exploitation, and Mitigation Strategies

Article Sidebar

PDF
Published: Apr 24, 2024
DOI: https://doi.org/10.35940/ijitee.D9826.13040324
Keywords:
HTTPS, TLS, SSL, Heartbleed, BEAST

Main Article Content

Adithyan Arun Kumar
Department of Information Security, Carnegie Mellon University, San Jose, United States.
https://orcid.org/0000-0001-9790-2657
Gowthamaraj Rajendran
Department of Information Security, Carnegie Mellon University, San Jose, United States
https://orcid.org/0000-0001-9422-3907
Nitin Srinivasan
Department of Computer Science, University of Massachusetts Amherst, Sunnyvale, United States.
https://orcid.org/0009-0001-6472-4441
Praveen Kumar Sridhar
Department of Data Science, Northeastern University, San Jose, United States.
https://orcid.org/0009-0001-6486-1614
Kishore Kumar Perumalsamy
Department of Computer Science, Carnegie Mellon University, San Jose, United States.

Abstract

This research paper aims to provide a comprehensive overview of known attacks against HTTPS, focusing on the SSL and TLS protocols. The paper begins by explaining the working of HTTPS, followed by detailed descriptions of SSL and TLS protocols. Subsequently, it explores common attacks against HTTPS, providing an in-depth analysis of each attack, along with proof-of-concept (PoC) demonstrations. Furthermore, the paper outlines mitigation strategies to address each attack, emphasizing the importance of proactive security measures. Finally, a conclusion is drawn, highlighting the evolving nature of HTTPS attacks and the continuous need for robust security practices.

Downloads

Download data is not yet available.

Article Details

How to Cite
[1]
Adithyan Arun Kumar, Gowthamaraj Rajendran, Nitin Srinivasan, Praveen Kumar Sridhar, and Kishore Kumar Perumalsamy , Trans., “Survey of Attacks against HTTPS: Analysis, Exploitation, and Mitigation Strategies”, IJITEE, vol. 13, no. 4, pp. 28–34, Apr. 2024, doi: 10.35940/ijitee.D9826.13040324.
Issue
Vol. 13 No. 4 (2024): Volume-13 Issue-4, March 2024
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

CC-BY-NC-ND 4.0

How to Cite

[1]
Adithyan Arun Kumar, Gowthamaraj Rajendran, Nitin Srinivasan, Praveen Kumar Sridhar, and Kishore Kumar Perumalsamy , Trans., “Survey of Attacks against HTTPS: Analysis, Exploitation, and Mitigation Strategies”, IJITEE, vol. 13, no. 4, pp. 28–34, Apr. 2024, doi: 10.35940/ijitee.D9826.13040324.
Share |
Crossref
Scopus
Google Scholar
Europe PMC

References

S. Puangpronpitag and N. Sriwiboon, "Simple and Lightweight HTTPS Enforcement to Protect against SSL Striping Attack," 2012 Fourth International Conference on Computational Intelligence, Communication Systems and Networks, Phuket, Thailand, 2012, pp. 229-234, doi: 10.1109/CICSyN.2012.50.

Nagendran, K., et al. "Sniffing HTTPS Traffic in LAN by Address Resolution Protocol Poisoning." International Journal of Pure and Applied Mathematics 119.12 (2018): 1187-1195.

A. Adithyan, K. Nagendran, R. Chethana, G. Pandy D. and G. Prashanth K., "Reverse Engineering and Backdooring Router Firmwares," 2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore, India, 2020, pp. 189-193, doi: 10.1109/ICACCS48705.2020.9074317.

P. Sirohi, A. Agarwal and S. Tyagi, "A comprehensive study on security attacks on SSL/TLS protocol," 2016 2nd International Conference on Next Generation Computing Technologies (NGCT), Dehradun, India, 2016, pp. 893-898, doi: 10.1109/NGCT.2016.7877537.

V. Platenka, A. Mazalek and Z. Vranova, "Attacks on devices using SSL/TLS," 2021 International Conference on Military Technologies (ICMT), Brno, Czech Republic, 2021, pp. 1-6, doi: 10.1109/ICMT52455.2021.9502818.

F. Qi, Z. Tang and G. Wang, "Attacks vs. Countermeasures of SSL Protected Trust Model," 2008 The 9th International Conference for Young Computer Scientists, Hunan, China, 2008, pp. 1986-1991, doi: 10.1109/ICYCS.2008.433.

G. Rajendran, H. V. Sathyabalu, M. Sachi and V. Devarajan, "Cyber Security in Smart Grid: Challenges and Solutions," 2019 2nd International Conference on Power and Embedded Drive Control (ICPEDC), Chennai, India, 2019, pp. 546-551, doi: 10.1109/ICPEDC47771.2019.9036484

P. P. Parthy and G. Rajendran, "Identification and prevention of social engineering attacks on an enterprise," 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, 2019, pp. 1-5, doi: 10.1109/CCST.2019.8888441

R. Oppliger, R. Hauser and D. Basin, "SSL/TLS Session-Aware User Authentication," in Computer, vol. 41, no. 3, pp. 59-65, March 2008, doi: 10.1109/MC.2008.98.

S. Stricot-Tarboton, S. Chaisiri and R. K. L. Ko, "Taxonomy of Man-in-the-Middle Attacks on HTTPS," 2016 IEEE Trustcom/Big Data SE/ISPA, Tianjin, China, 2016, pp. 527-534, doi: 10.1109/TrustCom.2016.0106.

Implementation of ARP Spoofing for IOT Devices Using Cryptography AES and ECDSA Algorithms. (2019). In International Journal of Recent Technology and Engineering (Vol. 8, Issue 2S11, pp. 2889–2893). https://doi.org/10.35940/ijrte.b1363.0982s1119

Prabhakaran, Prof. R., & Asha, Dr. S. (2019). Analysis of Cyber Attacks Vulnerabilities In Electrical Power Systems. In International Journal of Innovative Technology and Exploring Engineering (Vol. 8, Issue 9, pp. 925–928). https://doi.org/10.35940/ijitee.i7848.078919

Mathew, A. R. (2019). Cyber-Infrastructure Connections and Smart Gird Security. In International Journal of Engineering and Advanced Technology (Vol. 8, Issue 6, pp. 2285–2287). https://doi.org/10.35940/ijeat.f8681.088619

Sharma, T., & Sharma, R. (2024). Smart Grid Monitoring: Enhancing Reliability and Efficiency in Energy Distribution. In Indian Journal of Data Communication and Networking (Vol. 4, Issue 2, pp. 1–4). https://doi.org/10.54105/ijdcn.d7954.04020224

Balamurugan, A., R, S. D., J, S., & K, Sivasankari. (2021). Secure Online Transaction using Iris. In Indian Journal of Cryptography and Network Security (Vol. 1, Issue 2, pp. 5–14). https://doi.org/10.54105/ijcns.a1408.111221