Advertisement

A Survey on Omnipresent HTTPS and Its Impact on Network Security Monitoring

  • Madhu KhuranaEmail author
  • Priyanka Malik
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 39)

Abstract

HTTPS is gaining widespread popularity for performing secure transactions. Most popular sites have made default choice as HTTPS. Therefore, this paper makes a survey through various study done in the area and it has comprehensively explored the various tools, technologies, and mechanisms to deal with secured network in a robust way. We make a complete analysis and evaluation of HTTPS protocol–is it ensuring security or are we entering into a vicious cycle of finding weaknesses and trying to fill the gaps in Network security Monitoring. The gaps like Man In The Middle, active and passive attacks on device, compromising response time or accessibility at the cost of security are among the most important ones that has been explored and proposed solutions for various research studies. Data collected from couple of up to date research works and their conclusion has been discussed to provide a brief overview so as to provide the reader with global understanding of the research progress in this area.

Keywords

HTTPS MITM Network security monitoring 

Notes

Acknowledgment

The work described in this paper was supported by my mentor Mr. Kieran McLaughlin. The author pays gratitude for openhandedly giving his time and expertise, in helping on the challenges within cyber security to be viewed from a new standpoint, and in giving the insight into the investigation into cyber security monitoring as a psychological as well as a security question.

References

  1. 1.
    Larsson, E., Sigholm, J.: Papering over the cracks: the effects of introducing best practices on the web security ecosystem (2016). 978-1-5090-1724-9/16 ©2016 IEEEGoogle Scholar
  2. 2.
    Ouvrier, G., Laterman, M., Arlitt, M., Carlsson, N.: Characterizing the HTTPS trust landscape: a passive view from the edge. IEEE Commun. Mag. 55, 36–42 (2017)CrossRefGoogle Scholar
  3. 3.
    Ford, R., Howard, M.: Man-in-the-middle attack to the HTTPS protocol. IEEE Computer Society, IEEE, January 2009Google Scholar
  4. 4.
    Liu, X., Qian, F., Qian, Z.: Selective HTTPS traffic manipulation at middleboxes for byod devices (2017). 978-1-5090-6501-1/17/ © 2017 IEEEGoogle Scholar
  5. 5.
    Shbair, W.M., Cholez, T., Francois, J., Chrisment, I.: A Multi-level framework to identify https services. In: 2016 IEEE/IFIP Network Operations and Management Symposium (NOMS) (2016)Google Scholar
  6. 6.
    Husák, M., Cermák, M., Jirsík, T., Celeda, P.: Network-based HTTPS client identification using SSL/TLS fingerprinting. In: 2015 10th International Conference on Availability, Reliability and Security (2015)Google Scholar
  7. 7.
    Muehlstein, J., Zion, Y., Bahumi, M., Kirshenboim, I., Dubin, R., Dvir, A., Pele, O.: Analyzing HTTPS encrypted traffic to identify user’s operating system, browser and application. In: 2017 14th IEEE Annual Consumer Communications and Networking Conference (CCNC) (2017)Google Scholar
  8. 8.
    Yan, L., Deng, H., Chen, X., Ye, X.: Service differentiation strategy based on user demands on https web servers. In: SERA 2018, 13–15 June 2018, Kunming, China (2018). 978-1-5386-5886-4/18/ ©2018 IEEEGoogle Scholar
  9. 9.
    Fu, J., Xie, M., Wang, Y., Mei, X.: An empirical study of unsolicited content injection into a website. In: 2017 International Conference on Networking and Network Applications (2017)Google Scholar
  10. 10.
    Shbair, W.M., Cholez, T., Goichot, A., Chrisment, I.: Efficiently bypassing SNI-based HTTPS filtering. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM2015): Experience Session Paper (2015). 978-3-901882-76-0 @2015 IFIPGoogle Scholar
  11. 11.
    Song, Y.¸Li, H., Cheng, L., Xiang, M., Cai, J.: SSL VPN resources log optimization techniques based on Bloom Filter algorithm (2016). 978-1-4673-9194-8/16 © 2016 IEEEGoogle Scholar
  12. 12.
    Zhang, Z.H., Chai, X.D., Hou, B.C.: System security approach for web-enabled HLA/RTI in the cloud simulation environment. In: 2011 6th IEEE Conference on Industrial Electronics and Applications (2011). 978-1-4244-8756-1/11/ © 2011 IEEEGoogle Scholar
  13. 13.
    Kolamunna, H., Chauhan, J., Hu, Y.: Kanchana Copyright Information.  https://doi.org/10.1109/cicsyn.2012.50. 978-0-7695-4821-0/12 © 2012 IEEE
  14. 14.
    Fowdur, T.P., Veerasoo, L.: An email application with active spoof monitoring and control. In: 2016 International Conference on Computer Communication and Informatics (ICCCI - 2016), 07–09 January 2016, Coimbatore, India (2016). 978-1-4673-6680-9/16/ ©2016 IEEEGoogle Scholar
  15. 15.
    Foroushani, V.A., Zincir-Heywood, A.N.: Investigating application behavior in network traffic traces. In: 2013 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA) (2013). 978-1-4673-5911-5/13/ c 2013 IEEEGoogle Scholar
  16. 16.
    Wei, X., Wolf, M., Guo, L., Lee, K.H., Huang, M.-C., Niu, N.: emphaSSL: towards emphasis as a mechanism to harden networking security in android apps (2016). 978-1-5090-1328-9/16/ ©2016 IEEEGoogle Scholar
  17. 17.
    Unger, T., Mulazzani, M., Fruhwirt, D.: SHPF: enhancing HTTP(S) session security with browser fingerprinting. In: 2013 International Conference on Availability, Reliability and Security (2013).  https://doi.org/10.1109/ares.2013.33. 978-0-7695-5008-4/13 © 2013 IEEE
  18. 18.
    Khan, M.M., Bakhtiari, M., Bakhtiari, S.: An HTTPS approach to resist man in the middle attack in secure SMS using ECC and RSA. In: 2013 13th International Conference on Intelligent Systems Design and Applications (ISDA) (2013). 978-1-4799-3516-1113/ ©2013 IEEEGoogle Scholar
  19. 19.
    Komatineni, S., MacLean, D., Hashimi, S.Y.: Pro Android 3, ser. Apress. Paul Manning, April 2011. http://www.apress.com/9781430232223CrossRefGoogle Scholar
  20. 20.
    Elgin, B.: Google buys android for its mobile arsenal. Bloomberg Businessweek, August 2005. http://www.businessweek.com/technology/content/aug2005/tc20050817\0949\tc024.htm
  21. 21.
    Liang, J., Jiang, J., Duan, H., Li, K., Wan, T., Wu, J.: When HTTPS meets CDN: a case of authentication in delegated service. In: 2014 IEEE Symposium on Security and Privacy. IEEE (2014).  https://doi.org/10.1109/sp.2014.12
  22. 22.
    Wu, T., Li, J., Wu, N., Ou, T., Yang, B., Li, B.: Shutter: preventing information leakage based on domain gateway for social networks. In: 2014 IEEE International Conference on Ubiquitous Intelligence and Computing (2014).  https://doi.org/10.1109/uic-atc-scalcom.2014.121. 978-1-4799-7646-1/14 © 2014 IEEE

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.NoidaIndia

Personalised recommendations