Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017, Article ID 9479476, 15 pages
https://doi.org/10.1155/2017/9479476
Research Article

Enc-DNS-HTTP: Utilising DNS Infrastructure to Secure Web Browsing

1Cluster and Grid Computing Lab, Services Computing Technology and System Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China
2University of Basrah, Basrah, Iraq
3Southern Technical University, Basrah, Iraq

Correspondence should be addressed to Hai Jin; nc.ude.tsuh@nijh

Received 6 August 2016; Revised 31 October 2016; Accepted 15 November 2016; Published 3 April 2017

Academic Editor: Pascal Lorenz

Copyright © 2017 Mohammed Abdulridha Hussain et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. Z. Ye, S. Smith, and D. Anthony, “Trusted paths for browsers,” ACM Transactions on Information and System Security, vol. 8, no. 2, pp. 153–186, 2005. View at Publisher · View at Google Scholar · View at Scopus
  2. A. Herzberg and A. Jbara, “Security and identification indicators for browsers against spoofing and phishing attacks,” ACM Transactions on Internet Technology (TOIT), vol. 8, no. 4, pp. 16:1–16:36, 2008. View at Publisher · View at Google Scholar · View at Scopus
  3. B. A. Forouzan, TCP/IP Protocol Suite, McGraw-Hill, 4th edition, 2010.
  4. J. Du and G. Nie, “Design and implementation of security reverse data proxy server based on SSL,” in Proceedings of the Proceedings of International Conference on Communications in Computer and Information Science (ICCIC '11), pp. 523–528, Wuhan, China, 2011.
  5. K. Bhargavan, C. Fournet, R. Corin, and E. Zǎlinescu, “Verified cryptographic implementations for TLS,” ACM Transactions on Information and System Security, vol. 15, no. 1, article no. 3, 2012. View at Publisher · View at Google Scholar · View at Scopus
  6. A. Bates, J. Pletcher, T. Nichols, B. Hollembaek, D. Tian, and K. R. B. Butler, “Securing SSL certificate verification through dynamic linking,” in Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS '14), pp. 394–405, ACM, Scottsdale, Ariz, USA, November 2014. View at Publisher · View at Google Scholar · View at Scopus
  7. H. Lee, T. Malkin, and E. Nahum, “Cryptographic strength of SSL/TLS servers: current and recent practices,” in Proceedings of the 7th ACM SIGCOMM conference on Internet measurement (IMC '07), pp. 83–92, ACM, San Diego, USA, Calif, USA, 2007.
  8. C. Castelluccia, E. Mykletun, and G. Tsudik, “Improving secure server performance by Re-balancing SSL/TLS handshakes,” in Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS '06), pp. 26–34, IEEE, Taipei, Taiwan, March 2006. View at Publisher · View at Google Scholar · View at Scopus
  9. J. GroBschadl and I. Kizhvatov, “Performance and security aspects of client-side SSL/TLS processing on mobile devices,” in Proceedings of the 9th International Conference on Cryptology and Network Security (CANS '10), pp. 44–61, Springer, Kuala Lumpur, Malaysia, December 2010.
  10. T. Saito, K. Sekiguchi, and R. Hatsugai, “Authentication binding between TLS and HTTP,” in Proceedings of the 2nd International Conference on Network-Based Information Systems (NBiS '08), pp. 252–262, Springer, Turin, Italy, September 2008.
  11. H. Yang, E. Osterweil, D. Massey, S. Lu, and L. Zhang, “Deploying cryptography in internet-scale systems: a case study on DNSSEC,” IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 5, pp. 656–669, 2011. View at Publisher · View at Google Scholar · View at Scopus
  12. C. Shue and A. Kalafut, “Resolvers revealed: characterizing DNS resolvers and their clients,” ACM Transactions on Internet Technology (TOIT), vol. 12, no. 4, pp. 14:1–14:17, 2013. View at Google Scholar
  13. R. van Rijswijk-Deij, A. Sperotto, and A. Pras, “DNSSEC and its potential for DDoS attacks: a comprehensive measurement study,” in Proceedings of the ACM Internet Measurement Conference (IMC '14), pp. 449–460, ACM, Vancouver, Canada, November 2014. View at Publisher · View at Google Scholar · View at Scopus
  14. H. Wu, X. Dang, L. Zhang, and L. Wang, “Kalman filter based DNS cache poisoning attack detection,” in Proceedings of the 11th IEEE International Conference on Automation Science and Engineering (CASE '15), pp. 1594–1600, August 2015. View at Publisher · View at Google Scholar · View at Scopus
  15. D. Gollmann, “Secure applications without secure infrastructures,” in Proceedings of the 5th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS '10), pp. 21–31, Petersburg, Russia, 2010.
  16. R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, “DNS security introduction and requirements,” RFC Editor RFC4033, 2005. View at Publisher · View at Google Scholar
  17. A. Herzberg, H. Shulman, and B. Crispo, “Less is more: cipher-suite negotiation for DNSSEC,” in Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC '14), pp. 346–355, ACM, New Orleans, La, USa, December 2014. View at Publisher · View at Google Scholar · View at Scopus
  18. P. Hoffman and J. Schlyter, “The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA,” Internet Engineering Task Force, RFC 6698, 2012. View at Publisher · View at Google Scholar
  19. P. Hallam-Baker and R. Stradling, DNS Certification Authority Authorization (CAA) Resource Record, Internet Engineering Task Force, RFC 6844, 2013.
  20. O. Levillain, A. Ebalard, B. Morin, and H. Debar, “One year of SSL internet measurement,” in Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12), pp. 11–20, ACM, Orlando, Fla, USA, December 2012.
  21. B. Sugavanesh, R. Hari Prasath, and S. Selvakumar, “SHS-HTTPS enforcer: enforcing HTTPS and preventing MITM attacks,” ACM SIGSOFT Software Engineering Notes, vol. 38, no. 6, pp. 1–4, 2013. View at Publisher · View at Google Scholar
  22. S. Puangpronpitag and N. Sriwiboon, “Simple and lightweight HTTPS enforcement to protect against SSL striping attack,” in Proceedings of the 4th International Conference on Computational Intelligence, Communication Systems and Networks (CICSyN '12), pp. 229–234, Phuket, Thailand, July 2012. View at Publisher · View at Google Scholar · View at Scopus
  23. A. P. H. Fung and K. W. Cheung, “HTTPSLock: enforcing HTTPS in unmodified browsers with cached Javascript,” in Proceedings of the 4th International Conference on Network and System Security (NSS '10), pp. 269–274, IEEE, Melbourne, Australia, September 2010. View at Publisher · View at Google Scholar · View at Scopus
  24. A. P. H. Fung and K. W. Cheung, “SSLock: sustaining the trust on entities brought by SSL,” in Proceedings of the 5th ACM Symposium on Information, Computer and Communication Security (ASIACCS '10), pp. 204–213, ACM, Beijing, China, April 2010. View at Publisher · View at Google Scholar · View at Scopus
  25. J. Hodges, C. Jackson, and A. Barth, HTTP Strict Transport Security (HSTS), Internet Engineering Task Force, RFC 6797, 2012.
  26. N. Aziz, N. Udzir, and R. Mahmod, “Extending TLS with mutual attestation for platform integrity assurance,” Journal of Communications, vol. 9, no. 1, pp. 63–72, 2014. View at Publisher · View at Google Scholar · View at Scopus
  27. A. Elgohary, T. S. Sobh, and M. Zaki, “Design of an enhancement for SSL/TLS protocols,” Computers and Security, vol. 25, no. 4, pp. 297–306, 2006. View at Publisher · View at Google Scholar · View at Scopus
  28. Linux Ubuntu, http://www.ubuntu.com/.
  29. W. Stallings, Cryptography and Network Security: Principles and Practice, Prentice Hall, 5th edition, 2011.
  30. OpenSSL, https://www.openssl.org/.
  31. Kali Linux, https://www.kali.org/.
  32. Apache Web Server, https://httpd.apache.org/.
  33. Curl https://curl.haxx.se/.
  34. Wireshark, https://www.wireshark.org/.
  35. A. Eldewahi, T. Sharfi, A. Mansor, N. Mohamed, and S. Alwahbani, “SSL/TLS attacks: analysis and evaluation,” in Proceedings of the International Conference on Computing, Control, Networking, Electronics and Embedded Systems Engineering (ICCNEEE '15), pp. 203–208, IEEE, Khartoum, Sudan, 2015.
  36. Y. Jia, Y. Chen, X. Dong, P. Saxena, J. Mao, and Z. Liang, “Man-in-the-browser-cache: persisting HTTPS attacks via browser cache poisoning,” Computers and Security, vol. 55, no. 1, pp. 62–80, 2015. View at Publisher · View at Google Scholar · View at Scopus
  37. M. Prandini and M. Ramilli, “A browser-based distributed system for the detection of HTTPS stripping attacks against web pages,” in Proceedings of the 27th IFIP TC 11 Conference on Information Security and Privacy (SEC '12), pp. 549–554, Springer, Heraklion, Greece, June 2012.
  38. J. Du, X. Li, and H. Huang, “A study of man-in-the-middle attack based on SSL certificate interaction,” in Proceedings of the 1st International Conference on Instrumentation, Measurement, Computer, Communication and Control (IMCCC '11), pp. 445–448, IEEE, Beijing, China, October 2011. View at Publisher · View at Google Scholar · View at Scopus
  39. D. Berbecaru and A. Lioy, “On the robustness of applications based on the SSL and TLS security protocols,” in Proceedings of the 4th European PKI Workshop on Public Key Infrastructure (EuroPKI '07), pp. 248–264, Springer, Palma de Mallorca, Spain, 2007.
  40. K. Cheng, M. Gao, and R. Guo, “Analysis and research on HTTPS hijacking attacks,” in Proceedings of the 2nd International Conference on Networks Security Wireless Communications and Trusted Computing (NSWCTC '10), pp. 223–226, IEEE, Wuhan, China, April 2010.
  41. M. S. Fallah, “A puzzle-based defense strategy against flooding attacks using game theory,” IEEE Transactions on Dependable and Secure Computing, vol. 7, no. 1, pp. 5–19, 2010. View at Publisher · View at Google Scholar · View at Scopus
  42. H. Wang, D. Zhang, and K. G. Shin, “Change-point monitoring for the detection of DoS attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 4, pp. 193–208, 2004. View at Publisher · View at Google Scholar · View at Scopus
  43. J. Mirkovic and P. Reiher, “D-WARD: a source-end defense against flooding denial-of-service attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 2, no. 3, pp. 216–232, 2005. View at Publisher · View at Google Scholar · View at Scopus