Abstract
The transactional websites and services on the cloud, have actually become the most used browsers, thanks to their portability and ease of use, with a significant increase in the development of cloud solutions, implementing digital contexts under the 4.0 web, which generated an increase of possibilities for transactions of different types. However, every time more security issues arise. Due to this problem, the computer security is a rising trend, generating new possibilities to mitigate vulnerabilities when handling the information in a transactional web site; an analysis is made of performance, weaknesses and strengths of the HSTS standard, as a security complement of the SSL/TLS protocol.
Different tests scenarios are verified under a man attack in the MITM environment, to intercept or capture the traffic sent and received during web transactions. That is how we identify if the standard can prevent that intrusion, which is of vital importance for the different transactional environments actually used, such as bank entities or online purchases; vulnerabilities of the standard are verified upon making the first request to a website, which strengthens and secures transactions done from the beginning of the transaction to its ending, in an encrypted way. Browsers analyzed - Mozilla Firefox, Google Chrome and internet Explorer, under controlled corporate and personal environments; The security importance of the browser is outlined, Google Chrome being the best one in performance under an internet hacking. The other browsers present some shortcomings during the first interconnection request, during some milliseconds under the point to point model, for the initial phase of information interchange.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Fernandes, D.A.B., Soares, L.F.B., Gomes, J.V., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13(2), 113–170 (2013). https://doi.org/10.1007/s10207-013-0208-7
Kiljan, S., Simoens, K., Cock, D.D., Eekelen, M.V., Vranken, H.: A survey of authentication and communications security in online banking. ACM Comput. Surv. (CSUR) 49(4), 61 (2017)
Wang, Y.Q.: Discussion on the security and reliability in network transactions. Appl. Mech. Mater. 427–429, 2321–2324 (2013).
Jarauta Sánchez, J., Prado Montes, Á.: Seguridad en sistemas de comunicación (2017)
Cenci, K.M., Matteis, L.D., Ardenghi, J.R.: Arquitectura en capas para acceso remoto sad. In: XVIII Congreso Argentino de Ciencias de la Computación (2013)
Cenci, K.M., Matteis, L.D., Ardenghi, J.R.: Tiered architecture for remote access to data sources. J. Comput. Sci. Technol. 14, 67–72 (2014)
Trejo Alfaro, Y.G.: Prueba de penetración de la caja gris realizada a la solución Redborder versión cloud (2017)
Vázquez Sanisidro, A.: Optimización de Páginas Web: Visión teórica y análisis práctico (2017)
Hodges, J., Jackson, C., Barth, A.: Http strict transport security (hsts) (No. RFC 6797) (2012)
Hodges, J., Jackson, C., Barth, A.: Rfc 6797: Http strict transport security (hsts). IETF (2012). https://tools.Ietf.org/html/rfc6797
Selvi, J.: Bypassing HTTP strict transport security. Black Hat Europe (2014)
Cajiao, G., Fabricio, E.: Método para la detección y prevención de ataques web mediante la parametrización de un proxy reverso basado en software libre (Master’s thesis, Escuela Superior Politécnica de Chimborazo) (2018)
Raharjo, W.S., Bajuadji, A.A.: Analisa Implementasi Protokol HTTPS pada Situs Web Perguruan Tinggi di Pulau Jawa. J. ULTIMATICS 8(2), 102–111 (2017). https://doi.org/10.31937/ti.v8i2.518
Ortega, M., Santiago, A.: Metodología de hacking ético para instituciones financieras, aplicación de un caso práctico (Master’s thesis) (2017)
Winter, P., Köwer, R., Mulazzani, M., Huber, M., Schrittwieser, S., Lindskog, S., Weippl, E.: Spoiled onions: exposing malicious Tor exit relays. In: De Cristofaro, E., Murdoch, S.J. (eds.) Privacy Enhancing Technologies: 14th International Symposium, PETS 2014, Amsterdam, The Netherlands, July 16-18, 2014. Proceedings, pp. 304–331. Springer International Publishing, Cham (2014). https://doi.org/10.1007/978-3-319-08506-7_16
Muñoz, A., Guzmán, A., Santos, S.D.L.: Contramedidas en la suplantación de autoridades de certificación. Certificate pinning (2014)
Sivakorn, S., Polakis, I., Keromytis, A.D.: The cracked cookie jar: HTTP cookie hijacking and the exposure of private information. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 724–742. IEEE (May 2016)
Kalyanam, R., Yang, B.: Try-CybSI: an extensible cybersecurity learning and demonstration platform. In: Proceedings of the 18th Annual Conference on Information Technology Education, pp. 41–46. ACM (September 2017)
Bujlow, T., Carela-español, V., Solé-Pareta, J., Barlet-Ros, P.: Web tracking: mechanisms, implications, and defenses. arXiv preprint arXiv:1507.07872 (2015)
Bujlow, T., Carela-español, V., Sole-Pareta, J., Barlet-Ros, P.: A survey on web tracking: Mechanisms, implications, and defenses. Proc. IEEE 105(8), 1476–1510 (2017)
Raúl, B.G., Sevillano, A.M.L.: Services cloud under HSTS, Strengths and weakness before an attack of man in the middle MITM. In: 2017 Congreso Internacional de Innovación y Tendencias en Ingeniería (CONIITI), pp. 1–5. IEEE (October 2017)
Evans, C., Palmer, C., Sleevi, R.: Public key pinning extension for HTTP (No. RFC 7469) (2015)
Parmar, H., Gosai, A.: Analysis and study of network security at transport layer. Int. J. Comput. Appl. 121(13), 35–40 (2015). https://doi.org/10.5120/21604-4716
Sullivan, N.T., Sharma, R.D., Lackey, R., Lin, Z.: U.S. Patent Application No. 14/967,156 (2017)
Sugavanesh, B., Hari Prasath, R., Selvakumar, S.: SHS-HTTPS enforcer: enforcing HTTPS and preventing MITM attacks. ACM SIGSOFT Softw. Eng. Notes 38(6), 1–4 (2013)
Vikan, D.E.: TLS and the future of authentication (master’s thesis, NTNU) (2015)
Buchanan, W.J., Helme, S., Woodward, A.: Analysis of the adoption of security headers in HTTP. IET Information Security (2017)
Adeloye, B.: HTTP man-in-the-middle code execution (2013)
Swanink, R., Poll, E., Schwabe, P.: Persistent Effects of Man-in-the-Middle Attacks, pp. 1–43. Radboud University (2016)
Park, S., Park, S., Yun, I., Kim, D., Kim, Y.: Analyzing security of Korean USIM-based PKI certificate service. In: Rhee, K.-H., Yi, J.H. (eds.) Information Security Applications, pp. 95–106. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15087-1_8
Kranch, M., Bonneau, J.: Upgrading HTTPS in mid-air: an empirical study of strict transport security and key pinning. In: NDSS (February 2015)
Dolnák, I., Litvik, J.: Introduction to HTTP security headers and implementation of HTTP strict transport security (HSTS) header for HTTPS enforcing. In: 2017 15th International Conference on Emerging eLearning Technologies and Applications (ICETA), pp. 1–4. IEEE (October 2017)
de los Santos, S., Torrano, C., Rubio, Y., Brezo, F.: Implementation state of HSTS and HPKP in both browsers and servers. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 192–207. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48965-0_12
Pineda, S., Matta, J., Torres, J., Díaz-Piraquive, F.N.: Blockchain: Estrategia en la Seguridad e Integridad de los Sistemas de Información de la Policía Nacional. In: Desafíos en Ingeniería: Investigación Aplicada. Ediciones Fundación Tecnológica Antonio Arévalo TECNAR (2019)
De La Espriella, L., García, J., Díaz-Piraquive, F.N.: La Sextorsión: Prácticas de Ingeniería Social en las Redes Sociales. In: Desafíos en Ingeniería: Investigación Aplicada. Ediciones Fundación Tecnológica Antonio Arévalo TECNAR (2019)
Bautista, V., López, A., Díaz-Piraquive, F.N.: Modelo ISO/IEC 25010 en el Proceso de Evaluación de la Calidad del Software en la Empresa Obras Civiles de Bogotá en el Área de Tecnología de la Información y Comunicación. In: Desafíos en Ingeniería: Investigación Aplicada. Ediciones Fundación Tecnológica Antonio Arévalo TECNAR (2019)
Zubieta, K., López, A., Díaz-Piraquive, F.N.: Auditoría para los Procesos de Pruebas y Calidad del Software del Proyecto Comisiones Callidus Accenture Colombia basada en la Norma ISO 9001:2015. In: Desafíos en Ingeniería: Investigación Aplicada. Ediciones Fundación Tecnológica Antonio Arévalo TECNAR (2019)
Pisso, A., López, A., Díaz-Piraquive, F.N.: Plan de mejoramiento para el fortalecimiento de competencias del auditor mediante el uso de tecnologías de la información. In: Desafíos en Ingeniería: Investigación Aplicada. Ediciones Fundación Tecnológica Antonio Arévalo TECNAR (2019)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Bareño-Gutiérrez, R., Sevillano, A.M.L., Díaz-Piraquive, F.N., González-Crespo, R. (2021). Analysis of WEB Browsers of HSTS Security Under the MITM Management Environment. In: Uden, L., Ting, IH., Wang, K. (eds) Knowledge Management in Organizations. KMO 2021. Communications in Computer and Information Science, vol 1438. Springer, Cham. https://doi.org/10.1007/978-3-030-81635-3_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-81635-3_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-81634-6
Online ISBN: 978-3-030-81635-3
eBook Packages: Computer ScienceComputer Science (R0)