HSTS and HPKP are relatively recent protocols aimed to enforce HTTPS connections and allow certificate pinning over HTTP. The combination of these protocols improves and strengthens HTTPS security in general, adding an additional layer of trust and verification, as well as ensuring as far as possible that the connection is always secure. However, the adoption and implementation of any protocol that is not yet completely settled, usually involves the possibility of introducing new weaknesses, opportunities or attack scenarios. Even when these protocols are implemented, bad practices prevent them from actually providing the additional security they are expected to provide. In this document, we have studied the quantity and the quality of the implementation both in servers and in most popular browsers and discovered some possible attack scenarios.
CITATION STYLE
de los Santos, S., Torrano, C., Rubio, Y., & Brezo, F. (2016). Implementation state of HSTS and HPKP in both browsers and servers. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10052 LNCS, pp. 192–207). Springer Verlag. https://doi.org/10.1007/978-3-319-48965-0_12
Mendeley helps you to discover research relevant for your work.