Thumbnail Image

Taxonomy of man-in-the-middle attacks on HTTPS

With the increase in Man-in-the-Middle (MITM) attacks capable of breaking Hypertext Transfer Protocol Secure (HTTPS) over the past five years, researchers tasked with the improvement of HTTPS must understand each attacks characteristics. However with the large amount of attacks it is difficult to discern attack differences, with out any existing classification system capable of classifying these attacks. In this paper we provide a framework for classifying and mitigating MITM attacks on HTTPS communications. The identification and classification of these attacks can be used to provide useful insight into what can be done to improve the security of HTTPS communications. The classification framework was used to create a taxonomy of MITM attacks providing a visual representation of attack relationships, and was designed to flexibly allow other areas of attack analysis to be added. The classification framework was tested against a testbed of MITM attacks, then further validated and evaluated at the INTERPOL Global Complex for Innovation (IGCI) with a forensic taxonomy extension, and forensic analysis tool.
Conference Contribution
Type of thesis
Stricot-Tarboton, S., Chaisiri, S., & Ko, R. K. L. (2016). Taxonomy of man-in-the-middle attacks on HTTPS. In Proceedings of 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (pp. 527–534). Washington, DC, USA: IEEE Computer Society. https://doi.org/10.1109/TrustCom.2016.0106
IEEE Computer Society
This is an author’s accepted version of an article published in the Proceedings of 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. ©2016 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.