Man-in-the-Middle Attack in HTTP/2

被引:0
作者
Patni, Parth [1 ]
Iyer, Kartik [1 ]
Sarode, Rohan [1 ]
Mali, Amit [1 ]
Nimkar, Anant [1 ]
机构
[1] Univ Mumbai, Sardar Patel Inst Technol, Dept Comp Engn, Mumbai 400053, Maharashtra, India
来源
PROCEEDINGS OF 2017 INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTING AND CONTROL (I2C2) | 2017年
关键词
http/2; spdy; man in the middle; TLS; certificate forging; DNS poisoning;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Hyper Text Transfer Protocol Version 2 (HTTP/2) is the upgrade to the popularly used HTTP/1.1. This protocol has been created to enhance the already existing services and applications based on the older protocol with few modifications and rewriting. Thus, this has opened up to new possible vulnerabilities and attacks on them. HTTP/2 relies on Transport Layer Security (TLS) for its security. This paper intends to carry out Man-in-the-Middle (MITM) attack in an HTTP/2 environment by exploiting a known vulnerability of TLS. To the best of our knowledge, no study has been done on how MITM attacks can be launched against HTTP/2 services.
引用
收藏
页数:6
相关论文
共 50 条
  • [21] A novel intelligent approach for man-in-the-middle attacks detection over internet of things environments based on message queuing telemetry transport
    Michelena, Alvaro
    Aveleira-Mata, Jose
    Jove, Esteban
    Bayon-Gutierrez, Martin
    Novais, Paulo
    Romero, Oscar Fontenla
    Calvo-Rolle, Jose Luis
    Alaiz-Moreton, Hector
    EXPERT SYSTEMS, 2024, 41 (02)
  • [22] H2DoS: An Application-Layer DoS Attack Towards HTTP/2 Protocol
    Ling, Xiang
    Wu, Chunming
    Ji, Shouling
    Han, Meng
    SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2017, 2018, 238 : 550 - 570
  • [23] Denial of Service and Man-in-the-Middle Attacks against IoT Devices in a GPS-based Monitoring Software for Intelligent Transportation Systems
    Andreica, Gheorghe Romeo
    Bozga, Liviu
    Zinca, Daniel
    Dobrota, Virgil
    2020 19TH ROEDUNET CONFERENCE: NETWORKING IN EDUCATION AND RESEARCH (ROEDUNET), 2020,
  • [24] HTTP/2 Cannon: Experimental analysis on HTTP/1 and HTTP/2 Request Flood DDoS Attacks
    Beckett, David
    Sezer, Sakir
    2017 SEVENTH INTERNATIONAL CONFERENCE ON EMERGING SECURITY TECHNOLOGIES (EST), 2017, : 107 - 112
  • [25] Overview of HTTP/2
    Brylinski, Anne-Sophie
    Bhattacharjya, Aniruddha
    PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON INTERNET OF THINGS, DATA AND CLOUD COMPUTING (ICC 2017), 2017,
  • [26] Man in the Middle Attack Detection for MQTT based IoT devices using different Machine Learning Algorithms
    Sultan, Ali Bin Mazhar
    Mehmood, Saqib
    Zahid, Hamza
    PROCEEDINGS OF 2ND IEEE INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE (ICAI 2022), 2022, : 118 - 121
  • [27] HTTP/2 Tsunami: Investigating HTTP/2 Proxy Amplification DDoS Attacks
    Beckett, David
    Sezer, Sakir
    2017 SEVENTH INTERNATIONAL CONFERENCE ON EMERGING SECURITY TECHNOLOGIES (EST), 2017, : 127 - 132
  • [28] An Experimental View on Fairness between HTTP/1.1 and HTTP/2
    Min, Jiwon
    Lee, Youngseok
    33RD INTERNATIONAL CONFERENCE ON INFORMATION NETWORKING (ICOIN 2019), 2019, : 399 - 401
  • [29] Can HTTP/2 Really Help Web Performance on Smartphones?
    Liu, Yi
    Ma, Yun
    Liu, Xuanzhe
    Huang, Gang
    PROCEEDINGS 2016 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING (SCC 2016), 2016, : 219 - 226
  • [30] Cloud autoscaling for HTTP/2 workloads
    Calzarossa, Maria Carla
    Massari, Luisa
    Tabash, Momin I. M.
    Tessera, Daniele
    PROCEEDINGS OF 2017 3RD INTERNATIONAL CONFERENCE OF CLOUD COMPUTING TECHNOLOGIES AND APPLICATIONS (CLOUDTECH), 2017, : 166 - 171
12345