Detecting Unauthorized Modification of HTTP Communication with Steganography

HTTP does not secure its requests and responses. Using Man-in-the-Middle attack, it is possible to alter the HTTP communication, while it still would look authentic. This can be a problem, if you download data such as PGP key, TOR client, access banking services on-line, or when there is an interest to filter what you can read on the Internet. It should be noted that under particular circumstances, it is possible to attack HTTPS secured communication successfully. This paper proposes a steganography scheme that can be used to detect unauthorized modifications of HTTP communication.

[1]  Robert D. Silverman A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths RSA Labs bulletin , 2000 .

[2]  Eric Rescorla,et al.  HTTP Over TLS , 2000, RFC.

[3]  Franco Callegati,et al.  Man-in-the-Middle Attack to the HTTPS Protocol , 2009, IEEE Security & Privacy Magazine.

[4]  David M. Kristol,et al.  HTTP State Management Mechanism , 1997, RFC.

[5]  Yong Zhang,et al.  A Blocking-Resistant Method for Anonymity System Based on Proxy and Data Hiding , 2008, 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[6]  Chin-Tser Huang,et al.  A secure cookie protocol , 2005, Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005..

[7]  Jonathan Katz,et al.  Introduction to Modern Cryptography: Principles and Protocols , 2007 .

[8]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[9]  Frederic P. Miller,et al.  Advanced Encryption Standard , 2009 .

[10]  Brian A. Carter,et al.  Advanced Encryption Standard , 2007 .

[11]  Mohammad Shirali-Shahreza Java Applets Copy Protection by Steganography , 2006, 2006 International Conference on Intelligent Information Hiding and Multimedia.

[12]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[13]  Xingming Sun,et al.  A Steganography Scheme in P2P Network , 2008, 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[14]  M.E. Hellman,et al.  An overview of public key cryptography , 1978, IEEE Communications Magazine.