Abstract
HTTPS is gaining widespread popularity for performing secure transactions. Most popular sites have made default choice as HTTPS. Therefore, this paper makes a survey through various study done in the area and it has comprehensively explored the various tools, technologies, and mechanisms to deal with secured network in a robust way. We make a complete analysis and evaluation of HTTPS protocol–is it ensuring security or are we entering into a vicious cycle of finding weaknesses and trying to fill the gaps in Network security Monitoring. The gaps like Man In The Middle, active and passive attacks on device, compromising response time or accessibility at the cost of security are among the most important ones that has been explored and proposed solutions for various research studies. Data collected from couple of up to date research works and their conclusion has been discussed to provide a brief overview so as to provide the reader with global understanding of the research progress in this area.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Larsson, E., Sigholm, J.: Papering over the cracks: the effects of introducing best practices on the web security ecosystem (2016). 978-1-5090-1724-9/16 ©2016 IEEE
Ouvrier, G., Laterman, M., Arlitt, M., Carlsson, N.: Characterizing the HTTPS trust landscape: a passive view from the edge. IEEE Commun. Mag. 55, 36–42 (2017)
Ford, R., Howard, M.: Man-in-the-middle attack to the HTTPS protocol. IEEE Computer Society, IEEE, January 2009
Liu, X., Qian, F., Qian, Z.: Selective HTTPS traffic manipulation at middleboxes for byod devices (2017). 978-1-5090-6501-1/17/ © 2017 IEEE
Shbair, W.M., Cholez, T., Francois, J., Chrisment, I.: A Multi-level framework to identify https services. In: 2016 IEEE/IFIP Network Operations and Management Symposium (NOMS) (2016)
Husák, M., Cermák, M., JirsÃk, T., Celeda, P.: Network-based HTTPS client identification using SSL/TLS fingerprinting. In: 2015 10th International Conference on Availability, Reliability and Security (2015)
Muehlstein, J., Zion, Y., Bahumi, M., Kirshenboim, I., Dubin, R., Dvir, A., Pele, O.: Analyzing HTTPS encrypted traffic to identify user’s operating system, browser and application. In: 2017 14th IEEE Annual Consumer Communications and Networking Conference (CCNC) (2017)
Yan, L., Deng, H., Chen, X., Ye, X.: Service differentiation strategy based on user demands on https web servers. In: SERA 2018, 13–15 June 2018, Kunming, China (2018). 978-1-5386-5886-4/18/ ©2018 IEEE
Fu, J., Xie, M., Wang, Y., Mei, X.: An empirical study of unsolicited content injection into a website. In: 2017 International Conference on Networking and Network Applications (2017)
Shbair, W.M., Cholez, T., Goichot, A., Chrisment, I.: Efficiently bypassing SNI-based HTTPS filtering. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM2015): Experience Session Paper (2015). 978-3-901882-76-0 @2015 IFIP
Song, Y.¸Li, H., Cheng, L., Xiang, M., Cai, J.: SSL VPN resources log optimization techniques based on Bloom Filter algorithm (2016). 978-1-4673-9194-8/16 © 2016 IEEE
Zhang, Z.H., Chai, X.D., Hou, B.C.: System security approach for web-enabled HLA/RTI in the cloud simulation environment. In: 2011 6th IEEE Conference on Industrial Electronics and Applications (2011). 978-1-4244-8756-1/11/ © 2011 IEEE
Kolamunna, H., Chauhan, J., Hu, Y.: Kanchana Copyright Information. https://doi.org/10.1109/cicsyn.2012.50. 978-0-7695-4821-0/12 © 2012 IEEE
Fowdur, T.P., Veerasoo, L.: An email application with active spoof monitoring and control. In: 2016 International Conference on Computer Communication and Informatics (ICCCI - 2016), 07–09 January 2016, Coimbatore, India (2016). 978-1-4673-6680-9/16/ ©2016 IEEE
Foroushani, V.A., Zincir-Heywood, A.N.: Investigating application behavior in network traffic traces. In: 2013 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA) (2013). 978-1-4673-5911-5/13/ c 2013 IEEE
Wei, X., Wolf, M., Guo, L., Lee, K.H., Huang, M.-C., Niu, N.: emphaSSL: towards emphasis as a mechanism to harden networking security in android apps (2016). 978-1-5090-1328-9/16/ ©2016 IEEE
Unger, T., Mulazzani, M., Fruhwirt, D.: SHPF: enhancing HTTP(S) session security with browser fingerprinting. In: 2013 International Conference on Availability, Reliability and Security (2013). https://doi.org/10.1109/ares.2013.33. 978-0-7695-5008-4/13 © 2013 IEEE
Khan, M.M., Bakhtiari, M., Bakhtiari, S.: An HTTPS approach to resist man in the middle attack in secure SMS using ECC and RSA. In: 2013 13th International Conference on Intelligent Systems Design and Applications (ISDA) (2013). 978-1-4799-3516-1113/ ©2013 IEEE
Komatineni, S., MacLean, D., Hashimi, S.Y.: Pro Android 3, ser. Apress. Paul Manning, April 2011. http://www.apress.com/9781430232223
Elgin, B.: Google buys android for its mobile arsenal. Bloomberg Businessweek, August 2005. http://www.businessweek.com/technology/content/aug2005/tc20050817\0949\tc024.htm
Liang, J., Jiang, J., Duan, H., Li, K., Wan, T., Wu, J.: When HTTPS meets CDN: a case of authentication in delegated service. In: 2014 IEEE Symposium on Security and Privacy. IEEE (2014). https://doi.org/10.1109/sp.2014.12
Wu, T., Li, J., Wu, N., Ou, T., Yang, B., Li, B.: Shutter: preventing information leakage based on domain gateway for social networks. In: 2014 IEEE International Conference on Ubiquitous Intelligence and Computing (2014). https://doi.org/10.1109/uic-atc-scalcom.2014.121. 978-1-4799-7646-1/14 © 2014 IEEE
Acknowledgment
The work described in this paper was supported by my mentor Mr. Kieran McLaughlin. The author pays gratitude for openhandedly giving his time and expertise, in helping on the challenges within cyber security to be viewed from a new standpoint, and in giving the insight into the investigation into cyber security monitoring as a psychological as well as a security question.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Khurana, M., Malik, P. (2020). A Survey on Omnipresent HTTPS and Its Impact on Network Security Monitoring. In: Karrupusamy, P., Chen, J., Shi, Y. (eds) Sustainable Communication Networks and Application. ICSCN 2019. Lecture Notes on Data Engineering and Communications Technologies, vol 39. Springer, Cham. https://doi.org/10.1007/978-3-030-34515-0_41
Download citation
DOI: https://doi.org/10.1007/978-3-030-34515-0_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34514-3
Online ISBN: 978-3-030-34515-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)