Man-in-the-Middle Attack in HTTP/2

被引:0
作者
Patni, Parth [1 ]
Iyer, Kartik [1 ]
Sarode, Rohan [1 ]
Mali, Amit [1 ]
Nimkar, Anant [1 ]
机构
[1] Univ Mumbai, Sardar Patel Inst Technol, Dept Comp Engn, Mumbai 400053, Maharashtra, India
来源
PROCEEDINGS OF 2017 INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTING AND CONTROL (I2C2) | 2017年
关键词
http/2; spdy; man in the middle; TLS; certificate forging; DNS poisoning;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Hyper Text Transfer Protocol Version 2 (HTTP/2) is the upgrade to the popularly used HTTP/1.1. This protocol has been created to enhance the already existing services and applications based on the older protocol with few modifications and rewriting. Thus, this has opened up to new possible vulnerabilities and attacks on them. HTTP/2 relies on Transport Layer Security (TLS) for its security. This paper intends to carry out Man-in-the-Middle (MITM) attack in an HTTP/2 environment by exploiting a known vulnerability of TLS. To the best of our knowledge, no study has been done on how MITM attacks can be launched against HTTP/2 services.
引用
收藏
页数:6
相关论文
共 50 条
[31]   An Experimental View on Fairness between HTTP/1.1 and HTTP/2 [J].
Min, Jiwon ;
Lee, Youngseok .
33RD INTERNATIONAL CONFERENCE ON INFORMATION NETWORKING (ICOIN 2019), 2019, :399-401
[32]   Can HTTP/2 Really Help Web Performance on Smartphones? [J].
Liu, Yi ;
Ma, Yun ;
Liu, Xuanzhe ;
Huang, Gang .
PROCEEDINGS 2016 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING (SCC 2016), 2016, :219-226
[33]   Cloud autoscaling for HTTP/2 workloads [J].
Calzarossa, Maria Carla ;
Massari, Luisa ;
Tabash, Momin I. M. ;
Tessera, Daniele .
PROCEEDINGS OF 2017 3RD INTERNATIONAL CONFERENCE OF CLOUD COMPUTING TECHNOLOGIES AND APPLICATIONS (CLOUDTECH), 2017, :166-171
[34]   HTTP/2 and QUIC for Virtual Worlds and the 3D Web? [J].
Bakri, Hussein ;
Allison, Colin ;
Miller, Alan ;
Oliver, Iain .
10TH INTERNATIONAL CONFERENCE ON FUTURE NETWORKS AND COMMUNICATIONS (FNC 2015) / THE 12TH INTERNATIONAL CONFERENCE ON MOBILE SYSTEMS AND PERVASIVE COMPUTING (MOBISPC 2015) AFFILIATED WORKSHOPS, 2015, 56 :242-251
[35]   HTTP/1.1 pipelining vs HTTP2 in-the-clear: performance comparison [J].
Corbel, Romuald ;
Stephan, Emile ;
Omnes, Nathalie .
2016 13TH INTERNATIONAL CONFERENCE ON NEW TECHNOLOGIES FOR DISTRIBUTED SYSTEMS (NOTERE), 2016,
[36]   Encrypted HTTP/2 Traffic Monitoring: Standing the Test of Time and Space [J].
Brissaud, Pierre-Olivier ;
Francois, Jerome ;
Chrisment, Isabelle ;
Cholez, Thibault ;
Bettan, Olivier .
2020 IEEE INTERNATIONAL WORKSHOP ON INFORMATION FORENSICS AND SECURITY (WIFS), 2020,
[37]   Networking Aspects of the Electronic Health Records: Hypertext Transfer Protocol Version 2 (HTTP/2) vs HTTP/3 [J].
Kirilov, Nikola ;
Bischoff, E. .
JOURNAL OF MEDICAL SYSTEMS, 2024, 48 (01)
[38]   HTTP/2-Based Methods to Improve the Live Experience of Adaptive Streaming [J].
Huysegems, Rafael ;
Bostoen, Tom ;
Alface, Patrice Rondao ;
van der Hooft, Jeroen ;
Petrangeli, Stefano ;
Wauters, Tim ;
De Turck, Filip .
MM'15: PROCEEDINGS OF THE 2015 ACM MULTIMEDIA CONFERENCE, 2015, :541-550
[39]   Is the Web ready for HTTP/2 Server Push? [J].
Zimmermann, Torsten ;
Wolters, Benedikt ;
Hohlfeld, Oliver ;
Wehrle, Klaus .
CONEXT'18: PROCEEDINGS OF THE 14TH INTERNATIONAL CONFERENCE ON EMERGING NETWORKING EXPERIMENTS AND TECHNOLOGIES, 2018, :13-19
[40]   SMig: Stream Migration Extension For HTTP/2 [J].
Mi, Xianghang ;
Qian, Feng ;
Wang, Xiaofeng .
PROCEEDINGS OF THE 12TH INTERNATIONAL CONFERENCE ON EMERGING NETWORKING EXPERIMENTS AND TECHNOLOGIES (CONEXT'16), 2016, :121-128
12345