Multisurf: MITM detection using multiple HTTP clients

نویسندگان

  • Marcela Melara
  • Annie Edmundson
  • Ohad Fried
چکیده

An increasing number of popular websites support the SSL/TLS protocol, the current standard for encrypting web traffic. Most commonly seen as part of the HTTPS protocol, SSL/TLS provides data and message confidentiality to protect users browsing the web from malicious attackers attempting to eavesdrop or tamper with traffic. Nonetheless, about 48% of popular websites remain insecure by only supporting HTTP connections [8], which are vulnerable to man-in-the-middle (MITM) attacks. Because HTTP traffic is not encrypted nor authenticated, an unsuspecting user may be visiting a specific website without realizing that an adversary has modified the contents of these web pages while in transit. Indeed, such in-flight web page modifications occur in practice with a surprising frequency for various reasons, often resulting in undesirable effects such as injected advertisements, broken pages, and exploitable security vulnerabilities [7]. While the vast majority of changes to web pages in transit have economic incentives for website publishers, [7] also found that a portion of their measured inflight modifications was due to injected malware. To provide web servers with a practical, more affordable alternative to HTTPS, Reis et al. [7] proposed web tripwires, client-side scripts that can detect most modifications to unencrypted web pages. However, this solution requires that website publishers modify their pages to contain these scripts, and users unaware of the installed web tripwires may disregard warning messages as spam. Furthermore, helping website publishers understand and react to any changes made en route does not necessarily help users protect themselves from injected malware. This paper presents Multisurf, a browser extension which checks the integrity of unencrypted web pages helping users detect when their HTTP traffic has been hijacked, and without requiring support from the administrator or owner of the affected website. Multisurf’s collaborative integrity checks detect in-flight changes to websites through a system of trusted peers, end-hosts run by persons or institutions that a user running the Multisurf client trusts. By gathering the peers’ versions of requested web content, the client can verify whether the visited web page was tampered with in transit. Because many changes to web pages en route are not of malicious nature, the Multisurf client displays the result of the integrity check and gives the user the option of viewing the peers’ versions to help her determine if she accepts the in-flight modifications or if she considers the modifications to be malicious, blacklisting the site. Thus, Multisurf leverages out-of-band communication, inter-personal trust and takes user preferences into account giving control to the end user in whether she would like to surf the web in a more aware way. This paper is organized as follows. In Section 2 we outline our system model. Section 3 details Multisurf’s system design and the collaborative integrity check protocol; we evaluate the efficacy and accuracy of Multisurf in Section 4. Section 5 describes some related work, and we discuss directions for future work in Section 6. We conclude in Section 7.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Detection of man-in-the-middle attacks using physical layer wireless security techniques

In a wireless network environment, all the users are able to access the wireless channel. Thus, if malicious users exploit this feature by mimicking the characteristics of a normal user or even the central wireless access point (AP), they can intercept almost all the information through the network. This scenario is referred as a Man-in-the-middle (MITM) attack. In the MITM attack, the attacker...

متن کامل

Active Detection and Prevention of Sophisticated ARP-Poisoning Man-in-the-Middle Attacks on Switched Ethernet LANs

In this paper we describe two novel methods for active detection and prevention of ARPpoisoning-based Man-in-the-Middle (MitM) attacks on switched Ethernet LANs. As a stateless and inherently insecure protocol, ARP has been used as a relatively simple means to launch Denial-of-Service (DoS) and MitM attacks on local networks and multiple solutions have been proposed to detect and prevent these ...

متن کامل

DNSSEC for cyber forensics

Domain Name System (DNS) cache poisoning is a stepping stone towards advanced (cyber) attacks. DNS cache poisoning can be used to monitor users’ activities for censorship, to distribute malware and spam and to subvert correctness and availability of Internet clients and services. Currently, the DNS infrastructure relies on challengeresponse defences against attacks by (the common) off-path adve...

متن کامل

Benchmarking Relief-Based Feature Selection Methods

Modern data mining requires feature selection methods that can (1) be applied to large scale feature spaces, (2) function in noisy problems, (3) detect complex patterns of association (e.g. interactions), (4) be flexibly adapted to various problem domains and data types, and (5) are computationally tractable. To that end, this work examines a set of filter-style feature selection algorithms ins...

متن کامل

Public key Tracing Framework using Blockchain

Context In recent years, instant messaging has become a popular means of communication among users. This has led to an increased amount of data exchange over the network. The exchanged data is usually privacy-sensitive, which makes data protection crucial in such systems. The market leaders (such as Whatsapp and Telegram) aim at mitigating the risk by utilizing end-to-end asymmetric encryption,...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2015