HTTPS: A phishing attack in a network

Diana Gabriela Noemí Benítez-Mejía; Alejandro Zacatenco-Santos; Linda Karina Toscano-Medina; Gabriel Sánchez-Pérez

doi:10.1145/3134383.3134389

HTTPS: A phishing attack in a network

Diana Gabriela Noemí Benítez-Mejía, Alejandro Zacatenco-Santos, Linda Karina Toscano-Medina, Gabriel Sánchez-Pérez

Escuela Superior de Ingeniería Mecánica y Eléctrica (ESIME), Unidad Culhuacán

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

In this paper, we discuss the possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate. This attack is not easy to detect due to the fact that it complies with security measures as a legitimate HTTPS connection. We perform the attack with a web server and a fake certificate authority. The web server hosts the phishing website, whereas the fake certificate authority, issues the certificates for the website. The success of this attack occurs when the victim or the attacker exports the certificates into the web browser. With this paper we prove that some web browsers are vulnerable to this attack, despite their having their own certificate authorities list.

Original language	English
Title of host publication	ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management
Publisher	Association for Computing Machinery
Pages	24-27
Number of pages	4
ISBN (Electronic)	9781450352796
DOIs	https://doi.org/10.1145/3134383.3134389
State	Published - 28 Aug 2017
Event	7th International Conference on Information Communication and Management, ICICM 2017 - Moscow, Russian Federation Duration: 28 Aug 2017 → 30 Aug 2017

Publication series

Name	ACM International Conference Proceeding Series
Volume	Part F131202

Conference

Conference	7th International Conference on Information Communication and Management, ICICM 2017
Country/Territory	Russian Federation
City	Moscow
Period	28/08/17 → 30/08/17

Keywords

Certificate authority
Certificates
HTTPS
Phishing
SSL
Web browser

Access to Document

10.1145/3134383.3134389

Cite this

Benítez-Mejía, D. G. N., Zacatenco-Santos, A., Toscano-Medina, L. K., & Sánchez-Pérez, G. (2017). HTTPS: A phishing attack in a network. In ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management (pp. 24-27). (ACM International Conference Proceeding Series; Vol. Part F131202). Association for Computing Machinery. https://doi.org/10.1145/3134383.3134389

@inproceedings{3e76ffbbd939450690a3309053770f5f,

title = "HTTPS: A phishing attack in a network",

abstract = "In this paper, we discuss the possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate. This attack is not easy to detect due to the fact that it complies with security measures as a legitimate HTTPS connection. We perform the attack with a web server and a fake certificate authority. The web server hosts the phishing website, whereas the fake certificate authority, issues the certificates for the website. The success of this attack occurs when the victim or the attacker exports the certificates into the web browser. With this paper we prove that some web browsers are vulnerable to this attack, despite their having their own certificate authorities list.",

keywords = "Certificate authority, Certificates, HTTPS, Phishing, SSL, Web browser",

author = "Ben{\'i}tez-Mej{\'i}a, {Diana Gabriela Noem{\'i}} and Alejandro Zacatenco-Santos and Toscano-Medina, {Linda Karina} and Gabriel S{\'a}nchez-P{\'e}rez",

note = "Publisher Copyright: {\textcopyright} 2017 Association for Computing Machinery.; 7th International Conference on Information Communication and Management, ICICM 2017 ; Conference date: 28-08-2017 Through 30-08-2017",

year = "2017",

month = aug,

day = "28",

doi = "10.1145/3134383.3134389",

language = "Ingl{\'e}s",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "24--27",

booktitle = "ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management",

}

Benítez-Mejía, DGN, Zacatenco-Santos, A, Toscano-Medina, LK & Sánchez-Pérez, G 2017, HTTPS: A phishing attack in a network. in ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management. ACM International Conference Proceeding Series, vol. Part F131202, Association for Computing Machinery, pp. 24-27, 7th International Conference on Information Communication and Management, ICICM 2017, Moscow, Russian Federation, 28/08/17. https://doi.org/10.1145/3134383.3134389

HTTPS: A phishing attack in a network. / Benítez-Mejía, Diana Gabriela Noemí; Zacatenco-Santos, Alejandro; Toscano-Medina, Linda Karina et al.
ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management. Association for Computing Machinery, 2017. p. 24-27 (ACM International Conference Proceeding Series; Vol. Part F131202).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - HTTPS

T2 - 7th International Conference on Information Communication and Management, ICICM 2017

AU - Benítez-Mejía, Diana Gabriela Noemí

AU - Zacatenco-Santos, Alejandro

AU - Toscano-Medina, Linda Karina

AU - Sánchez-Pérez, Gabriel

PY - 2017/8/28

Y1 - 2017/8/28

N2 - In this paper, we discuss the possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate. This attack is not easy to detect due to the fact that it complies with security measures as a legitimate HTTPS connection. We perform the attack with a web server and a fake certificate authority. The web server hosts the phishing website, whereas the fake certificate authority, issues the certificates for the website. The success of this attack occurs when the victim or the attacker exports the certificates into the web browser. With this paper we prove that some web browsers are vulnerable to this attack, despite their having their own certificate authorities list.

AB - In this paper, we discuss the possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate. This attack is not easy to detect due to the fact that it complies with security measures as a legitimate HTTPS connection. We perform the attack with a web server and a fake certificate authority. The web server hosts the phishing website, whereas the fake certificate authority, issues the certificates for the website. The success of this attack occurs when the victim or the attacker exports the certificates into the web browser. With this paper we prove that some web browsers are vulnerable to this attack, despite their having their own certificate authorities list.

KW - Certificate authority

KW - Certificates

KW - HTTPS

KW - Phishing

KW - SSL

KW - Web browser

UR - http://www.scopus.com/inward/record.url?scp=85033665131&partnerID=8YFLogxK

U2 - 10.1145/3134383.3134389

DO - 10.1145/3134383.3134389

M3 - Contribución a la conferencia

AN - SCOPUS:85033665131

T3 - ACM International Conference Proceeding Series

SP - 24

EP - 27

BT - ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management

PB - Association for Computing Machinery

Y2 - 28 August 2017 through 30 August 2017

ER -

HTTPS: A phishing attack in a network

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this