Taxonomy of Man-in-the-Middle Attacks on HTTPS

With the increase in Man-in-the-Middle (MITM) attacks capable of breaking Hypertext Transfer Protocol Secure (HTTPS) over the past five years, researchers tasked with the improvement of HTTPS must understand each attacks characteristics. However with the large amount of attacks it is difficult to discern attack differences, with out any existing classification system capable of classifying these attacks. In this paper we provide a framework for classifying and mitigating MITM attacks on HTTPS communications. The identification and classification of these attacks can be used to provide useful insight into what can be done to improve the security of HTTPS communications. The classification framework was used to create a taxonomy of MITM attacks providing a visual representation of attack relationships, and was designed to flexibly allow other areas of attack analysis to be added. The classification framework was tested against a testbed of MITM attacks, then further validated and evaluated at the INTERPOL Global Complex for Innovation (IGCI) with a forensic taxonomy extension, and forensic analysis tool.

[1]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[2]  José Carlos Brustoloni,et al.  Hardening Web browsers against man-in-the-middle and eavesdropping attacks , 2005, WWW '05.

[3]  Jana Dittmann,et al.  Taxonomy for Computer Security Incidents , 2007 .

[4]  Jörg Schwenk,et al.  SoK: Lessons Learned from SSL/TLS Attacks , 2013, WISA.

[5]  Peter Saint-Andre,et al.  Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS) , 2015, RFC.

[6]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[7]  Mary Popeck,et al.  A Taxonomy of Operational Cyber Security Risks Version 2 , 2014 .

[8]  Alan O. Freier,et al.  Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .

[9]  Erich M. Nahum,et al.  Cryptographic strength of ssl/tls servers: current and recent practices , 2007, IMC '07.

[10]  Valtteri Niemi,et al.  Man-in-the-Middle in Tunnelled Authentication Protocols , 2003, Security Protocols Workshop.

[11]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[12]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[13]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[14]  Peter Saint-Andre,et al.  Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) , 2015, RFC.

[15]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[16]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[17]  Robert K. Cunningham,et al.  A taxonomy of computer worms , 2003, WORM '03.

[18]  D. L. Lough,et al.  A taxonomy of computer attacks with applications to wireless networks , 2001 .

[19]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[20]  Pratik Guha Sarkar,et al.  ATTACKS ON SSL A COMPREHENSIVE STUDY OF BEAST , CRIME , TIME , BREACH , LUCKY 13 & RC 4 BIASES , 2013 .

[21]  Lech J. Janczewski,et al.  Cyber Warfare and Cyber Terrorism , 2007 .