Web Security and Enhancement Using SSL

Authors(2) :-Ajay Singh, Ramesh Loar

With the development of e-commerce, ssl protocol is more and more widely applied to various network services. It is one of key technologies to keep user's data in secure transmission via internet. This document majorly focuses on sslstrip which generates the most recent attack in the secure network connections. It strips out all the secure connections to unsecure plain connection. In this article we depict this attack and to nullify it, we have proposed a technique cum practical solution to strengthen data security by developing mozilla-firefox add-on and servlet code which will strengthen our defense against the https hijacking attacks. Internet users today depend daily on HTTPS for secure communication with sites they intend to visit. Over the years, many attacks on HTTPS and the certi?cate trust model it uses have been hypothesized, executed, and/or evolved. Meanwhile the number of browser-trusted (and thus, de facto, user-trusted) certi?cate authorities has proliferated, while the due diligence in baseline certi?cate issuance has declined. We survey and categorize prominent security issues with HTTPS and provide a systematic treatment of the history and on-going challenges, intending to provide context for future directions.

Authors and Affiliations

Ajay Singh
Department of Computer Science and Engineering, Rao Pahlad Singh Group of Institutions, Balana, Mohindergarh, Haryana, India
Ramesh Loar
Department of Computer Science and Engineering, Rao Pahlad Singh Group of Institutions, Balana, Mohindergarh, Haryana, India

HTTPS, SSL, SSLSTRIP

  1. Kartikey Agarwal and Dr. Sanjay Kumar Dubey, " Network Security : Attacks and Defence." IJCSE 2016
  2. Mr. Pradeep Kumar Panwar and Mr. Devendra Kumar," Security through SSL ." in International Journal of Advanced Research in Computer Science and Software Engineering Volume 2, Issue 12, December 2012.
  3. Confidentiality integrity and availability CIA http://whatis.techtarget.com/definition.
  4. Encryption and secret key cryptography cryptography/www.wikipedia.org.
  5. Network Security: History, Importance, and Future by University of Florida Department of Electrical and Computer Engineering Bhavya Daya.
  6. Mohammed A. Alnatheer , " Secure Socket Layer (SSL) Impact on Web Server Performance ." in Journal of Advances in Computer Networks, Vol. 2, No. 3, Sept 2014.
  7. K Kant, R. Iyer, and P. Mohapatra, "Architectural impact of secure socket layer on internet servers: A Retrospect" in Proc. International Conference on Computer Design.
  8. K Kant, R. Iyer, and P. Mohapatra "Architectural impact of secure socket layer on internet servers" in Int. Conf. on Computer Design, pp. 7-14, 2000.
  9. SSL Certificate Explained by Scion Solutions Ltd.
  10. SSL Information Center/What is an SSL Certificatehttps://www.globalsign.com/en-in.
  11. MS.Bhiogade Patni Computer Services, Secure Socket Layer InSITE - "Where Parallels Intersect" June 2002.
  12. Yogesh Joshi, Debabrata Das, Subir Saha, International Institute of Information Technology Bangalore (IIIT B), Electronics City, Bangalore, India. "Mitigating Man in the Middle Attack over Secure Sockets Layer, 2009
  13. What is SSL and how the SSL works http://docs.oracle.com/cd/E17904_01/core.1111/e10105/sslconfig.htm
  14. A. J. Kenneth, P. C. Van Orshot and S. A. Vanstone, Handbook of applied Cryptography, CRC press, 1977.
  15. IT security web site, The Secure Sockets Layer Protocol Enabling Secure Web Transactions http://www.verisign.com/ssl/ssl information center/how ssl security works/index.html
  16. RSA website, 5.1 Security on the Internet, http://www.emc.com/security/rsasecurid/rsa-authentication-manager.htm
  17. IT security web site, the risks of short RSA keys for secure communications using SSL, http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=4259828&url=http%3A%2F%2Fieeexplor.ieeee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D425982
  18. H. Otrok, Security testing and evaluation of Cryptographic Algorithms, M.S. Thesis, Lebanese American University, June 2003.

Publication Details

Published in : Volume 3 | Issue 4 | March-April 2018
Date of Publication : 2018-04-30
License:  This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) : 1302-1307
Manuscript Number : CSEIT1835245
Publisher : Technoscience Academy

ISSN : 2456-3307

Cite This Article :

Ajay Singh, Ramesh Loar, "Web Security and Enhancement Using SSL", International Journal of Scientific Research in Computer Science, Engineering and Information Technology (IJSRCSEIT), ISSN : 2456-3307, Volume 3, Issue 4, pp.1302-1307, March-April-2018. |          | BibTeX | RIS | CSV

Article Preview