Survey of Attacks against HTTPS: Analysis, Exploitation, and Mitigation Strategies
Adithyan Arun Kumar1, Gowthamaraj Rajendran2, Nitin Srinivasan3, Praveen Kumar Sridhar4, Kishore Kumar Perumalsamy5
1Adithyan Arun Kumar, Department of Information Security, Carnegie Mellon University, San Jose, United States.
2Gowthamaraj Rajendran, Department of Information Security, Carnegie Mellon University, San Jose, United States.
3Nitin Srinivasan, Department of Computer Science, University of Massachusetts Amherst, Sunnyvale, United States.
4Praveen Kumar Sridhar, Department of Data Science, Northeastern University, San Jose, United States.
5Kishore Kumar Perumalsamy, Department of Computer Science, Carnegie Mellon University, San Jose, United States.
Manuscript received on 28 February 2024 | Revised Manuscript received on 08 March 2024 | Manuscript Accepted on 15 March 2024 | Manuscript published on 30 March 2024 | PP: 28-34 | Volume-13 Issue-4, March 2024 | Retrieval Number: 100.1/ijitee.D982613040324 | DOI: 10.35940/ijitee.D9826.13040324
Open Access | Editorial and Publishing Policies | Cite | Zenodo | OJS | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: This research paper aims to provide a comprehensive overview of known attacks against HTTPS, focusing on the SSL and TLS protocols. The paper begins by explaining the working of HTTPS, followed by detailed descriptions of SSL and TLS protocols. Subsequently, it explores common attacks against HTTPS, providing an in-depth analysis of each attack, along with proof-of-concept (PoC) demonstrations. Furthermore, the paper outlines mitigation strategies to address each attack, emphasizing the importance of proactive security measures. Finally, a conclusion is drawn, highlighting the evolving nature of HTTPS attacks and the continuous need for robust security practices.
Keywords: EHTTPS, TLS, SSL, Heartbleed, BEAST
Scope of the Article: Big Data Security