The HTTPS protocol is commonly adopted to secure connections to websites, both to guarantee the server's authenticity and to protect the privacy of transmitted data. However, the computational load associated with the protocol's key exchange and encryption/decryption activities isn't negligible. Many trafficked websites must avoid using HTTPS for most of their pages, typically restricting its usage only to encrypting sensitive user data. This article illustrates how this common practice significantly reduces the possibility of detecting manipulations of the data stream by the client, thus exposing the user to potential man-in-the-middle attacks.

Splitting the HTTPS Stream to Attack Secure Web Connections

PRANDINI, MARCO;RAMILLI, MARCO;CERRONI, WALTER;CALLEGATI, FRANCO
2010

Abstract

The HTTPS protocol is commonly adopted to secure connections to websites, both to guarantee the server's authenticity and to protect the privacy of transmitted data. However, the computational load associated with the protocol's key exchange and encryption/decryption activities isn't negligible. Many trafficked websites must avoid using HTTPS for most of their pages, typically restricting its usage only to encrypting sensitive user data. This article illustrates how this common practice significantly reduces the possibility of detecting manipulations of the data stream by the client, thus exposing the user to potential man-in-the-middle attacks.
m. prandini; m. ramilli; w. cerroni; f. callegati
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11585/93748
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? 10
social impact