Man-in-the-Middle Attack in HTTP/2

被引:0
作者
Patni, Parth [1 ]
Iyer, Kartik [1 ]
Sarode, Rohan [1 ]
Mali, Amit [1 ]
Nimkar, Anant [1 ]
机构
[1] Univ Mumbai, Sardar Patel Inst Technol, Dept Comp Engn, Mumbai 400053, Maharashtra, India
来源
PROCEEDINGS OF 2017 INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTING AND CONTROL (I2C2) | 2017年
关键词
http/2; spdy; man in the middle; TLS; certificate forging; DNS poisoning;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Hyper Text Transfer Protocol Version 2 (HTTP/2) is the upgrade to the popularly used HTTP/1.1. This protocol has been created to enhance the already existing services and applications based on the older protocol with few modifications and rewriting. Thus, this has opened up to new possible vulnerabilities and attacks on them. HTTP/2 relies on Transport Layer Security (TLS) for its security. This paper intends to carry out Man-in-the-Middle (MITM) attack in an HTTP/2 environment by exploiting a known vulnerability of TLS. To the best of our knowledge, no study has been done on how MITM attacks can be launched against HTTP/2 services.
引用
收藏
页数:6
相关论文
共 50 条
[21]   Securing Electrical Drive Systems Against Man-in-the-Middle Attacks Using S-Box Optimized AES Encryption [J].
Dheeba, J. ;
Oberoi, Vansh ;
Singh, R. Raja ;
Karthik, V. Gautam .
IEEE ACCESS, 2025, 13 :114716-114735
[22]   Deep Q learning-based mitigation of man in the middle attack over secure sockets layer websites [J].
Manhas, Saloni ;
Taterh, Swapnesh ;
Singh, Dilbag .
MODERN PHYSICS LETTERS B, 2020, 34 (32)
[23]   Distributed Denial of Service Attack in HTTP/2: Review on Security Issues and Future Challenges [J].
Ming, Liang ;
Leau, Yu-Beng ;
Xie, Ying .
IEEE ACCESS, 2024, 12 :33296-33308
[24]   A novel intelligent approach for man-in-the-middle attacks detection over internet of things environments based on message queuing telemetry transport [J].
Michelena, Alvaro ;
Aveleira-Mata, Jose ;
Jove, Esteban ;
Bayon-Gutierrez, Martin ;
Novais, Paulo ;
Romero, Oscar Fontenla ;
Calvo-Rolle, Jose Luis ;
Alaiz-Moreton, Hector .
EXPERT SYSTEMS, 2024, 41 (02)
[25]   H2DoS: An Application-Layer DoS Attack Towards HTTP/2 Protocol [J].
Ling, Xiang ;
Wu, Chunming ;
Ji, Shouling ;
Han, Meng .
SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2017, 2018, 238 :550-570
[26]   Denial of Service and Man-in-the-Middle Attacks against IoT Devices in a GPS-based Monitoring Software for Intelligent Transportation Systems [J].
Andreica, Gheorghe Romeo ;
Bozga, Liviu ;
Zinca, Daniel ;
Dobrota, Virgil .
2020 19TH ROEDUNET CONFERENCE: NETWORKING IN EDUCATION AND RESEARCH (ROEDUNET), 2020,
[27]   HTTP/2 Cannon: Experimental analysis on HTTP/1 and HTTP/2 Request Flood DDoS Attacks [J].
Beckett, David ;
Sezer, Sakir .
2017 SEVENTH INTERNATIONAL CONFERENCE ON EMERGING SECURITY TECHNOLOGIES (EST), 2017, :107-112
[28]   Overview of HTTP/2 [J].
Brylinski, Anne-Sophie ;
Bhattacharjya, Aniruddha .
PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON INTERNET OF THINGS, DATA AND CLOUD COMPUTING (ICC 2017), 2017,
[29]   Man in the Middle Attack Detection for MQTT based IoT devices using different Machine Learning Algorithms [J].
Sultan, Ali Bin Mazhar ;
Mehmood, Saqib ;
Zahid, Hamza .
PROCEEDINGS OF 2ND IEEE INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE (ICAI 2022), 2022, :118-121
[30]   HTTP/2 Tsunami: Investigating HTTP/2 Proxy Amplification DDoS Attacks [J].
Beckett, David ;
Sezer, Sakir .
2017 SEVENTH INTERNATIONAL CONFERENCE ON EMERGING SECURITY TECHNOLOGIES (EST), 2017, :127-132
12345