Abstract
In 2009 Moxie Marlinspike proposed a new Man-in-the- Middle (MitM) attack on secure socket layer (SSL) called SSLStrip attack at Black Hat DC, which is a serious threat to Web users. Some solutions have been proposed in literature. However, until now there is no practical countermeasure to resist on such attack. In this paper, we propose a new scheme to defend against SSLStrip attack by improving the previous secure cookie protocols and using proxy pattern and reverse proxy pattern. It implements a secure LAN guaranteed proxy in client-side, a secure server guaranteed proxy in server-side and a cookie authentication mechanism to provide the following security services: source authentication, integrity control and defending SSLStrip attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Nikiforakis, N., Younan, Y., Joosen, W.: HProxy: Client-Side Detection of SSL Stripping Attacks. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 200–218. Springer, Heidelberg (2010)
Shin, D., Lopes, R.: An empirical study of visual security cues to prevent the sslstripping attack. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011, pp. 287–296. ACM, New York (2011)
Callegati, F., Cerroni, W., Ramilli, M.: Man-in-the-middle attack to the https protocol. IEEE Security Privacy 7(1), 78–81 (2009)
Fu, K., Sit, E., Smith, K., Feamster, N.: Dos and don’ts of client authentication on the web. In: Proceedings of the 10th Conference on USENIX Security Symposium, SSYM 2001, vol. 10, pp. 19–35. USENIX Association, Berkeley (2001)
Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Liu, A., Kovacs, J., Huang, C.T., Gouda, M.: A secure cookie protocol. In: Proceeding of 14th International Conference on Computer Communications and Networks, ICCCN 2005, pp. 333–338 (October 2005)
Pujolle, G., Serhrouchni, A., Ayadi, I.: Secure session management with cookies. In: Processing of 7th International Conference on Information, Communications and Signal, ICICS 2009, pp. 1–6 (December 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhao, S., Yang, W., Wang, D., Qiu, W. (2012). A New Scheme with Secure Cookie against SSLStrip Attack. In: Wang, F.L., Lei, J., Gong, Z., Luo, X. (eds) Web Information Systems and Mining. WISM 2012. Lecture Notes in Computer Science, vol 7529. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33469-6_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-33469-6_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33468-9
Online ISBN: 978-3-642-33469-6
eBook Packages: Computer ScienceComputer Science (R0)