HTTPS: A phishing attack in a network

Diana Gabriela Noemí Benítez-Mejía; Alejandro Zacatenco-Santos; Linda Karina Toscano-Medina; Gabriel Sánchez-Pérez

doi:10.1145/3134383.3134389

HTTPS: A phishing attack in a network

Diana Gabriela Noemí Benítez-Mejía, Alejandro Zacatenco-Santos, Linda Karina Toscano-Medina, Gabriel Sánchez-Pérez

Escuela Superior de Ingeniería Mecánica y Eléctrica (ESIME), Unidad Culhuacán

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

2 Citas (Scopus)

Resumen

In this paper, we discuss the possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate. This attack is not easy to detect due to the fact that it complies with security measures as a legitimate HTTPS connection. We perform the attack with a web server and a fake certificate authority. The web server hosts the phishing website, whereas the fake certificate authority, issues the certificates for the website. The success of this attack occurs when the victim or the attacker exports the certificates into the web browser. With this paper we prove that some web browsers are vulnerable to this attack, despite their having their own certificate authorities list.

Idioma original	Inglés
Título de la publicación alojada	ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management
Editorial	Association for Computing Machinery
Páginas	24-27
Número de páginas	4
ISBN (versión digital)	9781450352796
DOI	https://doi.org/10.1145/3134383.3134389
Estado	Publicada - 28 ago. 2017
Evento	7th International Conference on Information Communication and Management, ICICM 2017 - Moscow, Federación de Rusia Duración: 28 ago. 2017 → 30 ago. 2017

Serie de la publicación

Nombre	ACM International Conference Proceeding Series
Volumen	Part F131202

Conferencia

Conferencia	7th International Conference on Information Communication and Management, ICICM 2017
País/Territorio	Federación de Rusia
Ciudad	Moscow
Período	28/08/17 → 30/08/17

Acceder al documento

10.1145/3134383.3134389

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

Benítez-Mejía, D. G. N., Zacatenco-Santos, A., Toscano-Medina, L. K., & Sánchez-Pérez, G. (2017). HTTPS: A phishing attack in a network. En ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management (pp. 24-27). (ACM International Conference Proceeding Series; Vol. Part F131202). Association for Computing Machinery. https://doi.org/10.1145/3134383.3134389

@inproceedings{3e76ffbbd939450690a3309053770f5f,

title = "HTTPS: A phishing attack in a network",

abstract = "In this paper, we discuss the possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate. This attack is not easy to detect due to the fact that it complies with security measures as a legitimate HTTPS connection. We perform the attack with a web server and a fake certificate authority. The web server hosts the phishing website, whereas the fake certificate authority, issues the certificates for the website. The success of this attack occurs when the victim or the attacker exports the certificates into the web browser. With this paper we prove that some web browsers are vulnerable to this attack, despite their having their own certificate authorities list.",

keywords = "Certificate authority, Certificates, HTTPS, Phishing, SSL, Web browser",

author = "Ben{\'i}tez-Mej{\'i}a, {Diana Gabriela Noem{\'i}} and Alejandro Zacatenco-Santos and Toscano-Medina, {Linda Karina} and Gabriel S{\'a}nchez-P{\'e}rez",

note = "Publisher Copyright: {\textcopyright} 2017 Association for Computing Machinery.; 7th International Conference on Information Communication and Management, ICICM 2017 ; Conference date: 28-08-2017 Through 30-08-2017",

year = "2017",

month = aug,

day = "28",

doi = "10.1145/3134383.3134389",

language = "Ingl{\'e}s",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "24--27",

booktitle = "ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management",

}

Benítez-Mejía, DGN, Zacatenco-Santos, A, Toscano-Medina, LK & Sánchez-Pérez, G 2017, HTTPS: A phishing attack in a network. En ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management. ACM International Conference Proceeding Series, vol. Part F131202, Association for Computing Machinery, pp. 24-27, 7th International Conference on Information Communication and Management, ICICM 2017, Moscow, Federación de Rusia, 28/08/17. https://doi.org/10.1145/3134383.3134389

HTTPS: A phishing attack in a network. / Benítez-Mejía, Diana Gabriela Noemí; Zacatenco-Santos, Alejandro; Toscano-Medina, Linda Karina et al.
ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management. Association for Computing Machinery, 2017. p. 24-27 (ACM International Conference Proceeding Series; Vol. Part F131202).

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

TY - GEN

T1 - HTTPS

T2 - 7th International Conference on Information Communication and Management, ICICM 2017

AU - Benítez-Mejía, Diana Gabriela Noemí

AU - Zacatenco-Santos, Alejandro

AU - Toscano-Medina, Linda Karina

AU - Sánchez-Pérez, Gabriel

PY - 2017/8/28

Y1 - 2017/8/28

N2 - In this paper, we discuss the possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate. This attack is not easy to detect due to the fact that it complies with security measures as a legitimate HTTPS connection. We perform the attack with a web server and a fake certificate authority. The web server hosts the phishing website, whereas the fake certificate authority, issues the certificates for the website. The success of this attack occurs when the victim or the attacker exports the certificates into the web browser. With this paper we prove that some web browsers are vulnerable to this attack, despite their having their own certificate authorities list.

AB - In this paper, we discuss the possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate. This attack is not easy to detect due to the fact that it complies with security measures as a legitimate HTTPS connection. We perform the attack with a web server and a fake certificate authority. The web server hosts the phishing website, whereas the fake certificate authority, issues the certificates for the website. The success of this attack occurs when the victim or the attacker exports the certificates into the web browser. With this paper we prove that some web browsers are vulnerable to this attack, despite their having their own certificate authorities list.

KW - Certificate authority

KW - Certificates

KW - HTTPS

KW - Phishing

KW - SSL

KW - Web browser

UR - http://www.scopus.com/inward/record.url?scp=85033665131&partnerID=8YFLogxK

U2 - 10.1145/3134383.3134389

DO - 10.1145/3134383.3134389

M3 - Contribución a la conferencia

AN - SCOPUS:85033665131

T3 - ACM International Conference Proceeding Series

SP - 24

EP - 27

BT - ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management

PB - Association for Computing Machinery

Y2 - 28 August 2017 through 30 August 2017

ER -

HTTPS: A phishing attack in a network

Resumen

Serie de la publicación

Conferencia

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto