Can internet users protect themselves? Challenges and techniques of automated protection of HTTP communication
作者: Lars Völker , Marcel Noe , Oliver P. Waldhorst , Christoph Werle , Christoph Sorge
DOI: 10.1016/J.COMCOM.2010.06.016
关键词:
摘要: HTTPS enables secure access to web content and web-based services. Although supported by many service providers, is oftentimes not enabled default, as pointed out in an open letter sent Google security experts. In this article, we discuss if how users can protect themselves using instead of HTTP. We show that websites allow for accessing However, must be manually configured or requested the user, impossible at all, e.g., embedded objects. For reason, explore transparently automatically whenever possible. order enable approach, one needs determine whether yields same HTTP, even presence dynamic incorporating advertisements news. decision possible entire like amazon.com short time combining a fast comparison algorithm, result caching, observations on structure website. Besides concrete HTTP use case considered our results are independent interest any setting which accessed various means. Finally, present different approaches implementing automated protection connections.
acm.org
elsevier.com
sci-hub.se 参考文章(17)
Alma Whitten, J. D. Tygar, Why Johnny can't encrypt: a usability evaluation of PGP 5.0 usenix security symposium. pp. 14- 14 ,(1999)
Claude Castelluccia, Gabriel Montenegro, Julien Laganier, Christoph Neumann, Hindering Eavesdropping via IPv6 Opportunistic Encryption Computer Security – ESORICS 2004. pp. 309- 321 ,(2004) , 10.1007/978-3-540-30108-0_19
Michael C. Richardson, Nicolas Williams, Better-Than-Nothing Security: An Unauthenticated Mode of IPsec RFC. ,vol. 5386, pp. 1- 11 ,(2008)
V. I. Levenshtein, Binary codes capable of correcting deletions, insertions, and reversals Soviet physics. Doklady. ,vol. 10, pp. 707- 710 ,(1966)
R. Canetti, H. Krawczyk, M. Bellare, HMAC: Keyed-Hashing for Message Authentication RFC. ,vol. 2104, pp. 1- 11 ,(1997)
P. Hoffman, SMTP Service Extension for Secure SMTP over Transport Layer Security RFC. ,vol. 3207, pp. 1- 9 ,(2002)
Laura Falk, Atul Prakash, Kevin Borders, Analyzing websites for user-visible security design flaws Proceedings of the 4th symposium on Usable privacy and security - SOUPS '08. pp. 117- 126 ,(2008) , 10.1145/1408664.1408680
Gonzalo Navarro, A guided tour to approximate string matching ACM Computing Surveys. ,vol. 33, pp. 31- 88 ,(2001) , 10.1145/375360.375365
Bryan D. Payne, W. Keith Edwards, A Brief Introduction to Usable Security IEEE Internet Computing. ,vol. 12, pp. 13- 21 ,(2008) , 10.1109/MIC.2008.50
L. Volker, D. Martin, I. El Khayat, C. Werle, M. Zitterbart, A Node Architecture for 1000 Future Networks international conference on communications. pp. 1- 5 ,(2009) , 10.1109/ICCW.2009.5207996