A Browser-Based Distributed System for the Detection of HTTPS Stripping Attacks against Web Pages

Abstract : HTTPS stripping attacks leverage a combination of weak configuration choices to trick users into providing sensitive data through hijacked connections. Here we present a browser extension that helps web users to detect this kind of integrity and authenticity breaches, by extracting relevant features from the browsed pages and comparing them to reference values coming from different sorts of trusted sources. The rationale behind the extension is discussed and its effectiveness is demonstrated with some quantitative results, gathered on the prototype that has been implemented for Mozilla Firefox.
Type de document :
Communication dans un congrès
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.549-554, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_47〉
Liste complète des métadonnées

Littérature citée [7 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01518220
Contributeur : Hal Ifip <>
Soumis le : jeudi 4 mai 2017 - 13:45:18
Dernière modification le : jeudi 4 mai 2017 - 14:53:56
Document(s) archivé(s) le : samedi 5 août 2017 - 13:33:06

Fichier

978-3-642-30436-1_47_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Marco Prandini, Marco Ramilli. A Browser-Based Distributed System for the Detection of HTTPS Stripping Attacks against Web Pages. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.549-554, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_47〉. 〈hal-01518220〉

Partager

Métriques

Consultations de la notice

40

Téléchargements de fichiers

24