Research Of Secure Socket Layer MitM Attacks And Defending

With rapid development of the Internet, more and more personal network services arise.Thus, there is more and more sensitive data transported on the public Internet. Thesesensitive data relates to the security of users’ individual property and privacy. Researchersproposed SSL/TLS protocol to assure the security of these sensitive data. SSL/TLS protocolitself is proved secure. The use of this protocol with HTTP needs the interaction with users,the collaboration of different protocols. Furthermore, the implementation and realization ofSSL/TLS protocol have some leaks and compromises considering performance. These giveattacks the opportunity on SSL/TLS, especially the MitM attacks on SSL/TLS. This kind ofattacks against the protection of SSL/TLS so that it makes the sensitive data transmitted onInternet unsecure. This is a huge disaster to Internet users. Eagerly, it requires researchers’studying on the protection against MitM attack on SSL/TLS.There are two types of MitM attacks on SSL/TLS, MitM attack by ciphertext andMitM attack by cleartext. MitM attack by ciphertext is mainly represented by SSL Sniffingand MitM attack by cleartext is represented by SSLStrip. SSL Sniffing exploits the leaks ofimplementation and realization of SSL/TLS. However, SSLStrip exploits users’ browsinghabits than a technical pitfall to strongly defeat SSL/TLS security. It is difficult to protectthese attacks exploiting users’ gaps in Internet knowledge for the reason that there are fewpeople who has fully knowledge and awareness of network security. This paper proposesthe protection methods against those two kinds of MitM attack on SSL/TLS based onprinciples and characteristics of MitM attack on SSL/TLS.This paper presents a detection and protection method based on timing analysis andcredential verification to against MitM ciphertext attack on SSL/TLS. This methodinitializes a threshold and then updates it continually by the result of voter. This threshold isused in timing analyzer again. Timing analysis method is based on the statistical differenceof timing data. This difference is the result of t-distribution inference on timing data. Thetiming data is obtained whether exits an attack. The experimental data and ROC curveanalysis on experimental data suggest that this protection method is effective. This paper presents a detection and protection method based on the history informationof client browsing, named HPP. The HPP consists of a detection rule set and somecomponents. The components are composed of a webpage analyzer, a MitM identifier and apage tainter. A webpage analyzer analyzes and identifies the requests initiated from thebrowser along with the server reposes. A MitM identifier checks requests and responsesagainst the detection rule set to decide whether a page is safe or not. Page tainter tries toprevent the leakage of private information even if the MitM identifier incorrectly tags apage safe. An experiment on100websites indicates that this method is effective andefficient. Experimental data manifests that false positive rate of detection can be as low as4%. Furthermore, the extra time consuming is only0.322s compare to no defending.This paper also presents a detection and protection method based on secure cookieprotocol, named Cookie-Proxy. On the basis of studying secure cookie protocol, the existingsecure cookie is improved. This method achieves the successful defending against SSLStripattack by combing a new topology structure. The data of confirmatory experiments showsthat this method achieves a good defensive effect and low extra time and space overhead.The extra time cost of Cookie-Proxy is0.00385and the extra communication cost is2560bit compare to traditional cookie methods. A formal security proof using SVO logic showsthat Cookie-Proxy achieves the following security properties: authentication, confidentiality,integrity, anti-replay and anti-SSLStrip attack. Cookie-Proxy spends not so much extra timecost and extra communication cost, but it gets the ability of withstanding SSLStrip attackand the integrity of protocol comparing with other cookie protocols.