Skip to main content
Conference Proceedings

HSTS measurement and an enhanced stripping attack against HTTPS

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (2018) 238 489-509
DOI: 10.1007/978-3-319-78813-5_25
4Citations
Citations of this article
9Readers
Mendeley users who have this article in their library.
Get full text

Abstract

HTTPS has played a significant role in the Internet world. HSTS is deployed to ensure the proper running of HTTPS. To get a good understanding of the deployment of HSTS, we conducted an in-depth measurement of the deployment of HSTS among Alexa top 1 million sites, and investigated bookmarks and navigation panels in different browsers. We found five types of threats, including transmission errors, redirection errors, field setting errors, the auto completion mechanism in bookmarks and the embedded addresses in navigation panels. To demonstrate defects we found, we designed an enhanced HTTPS stripping attack, which was upgraded from the original sslstrip attack. Finally, we gave three effective suggestions to eliminate these defects. This paper exposed various risks of HTTPS and HSTS, making it possible to deploy HTTPS and HSTS in a more secure way.

Author supplied keywords

Cite

CITATION STYLE

APA

Li, X., Wu, C., Ji, S., Gu, Q., & Beyah, R. (2018). HSTS measurement and an enhanced stripping attack against HTTPS. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (Vol. 238, pp. 489–509). Springer Verlag. https://doi.org/10.1007/978-3-319-78813-5_25

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free