Multipath verification defense against SSL stripping attack

Abstract

SSL stripping attack is a man- in- the- middle attack which poses a serious threat to the security of secure socket layer protocol. In SSL stripping attack the attacker has ability to downgrade security of SSL protected connection, and view web traffic of the user in clear text. The attack is based on the fact that user rarely request for secure connection explicitly but rely on the web server to redirect them to secure version of the particular website. An attacker, after becoming man- in- the- middle can suppress such messages and provide the user with stripped version of the requested website and forcing him to communicate over insecure HTTP channel.

There are several solutions recently proposed to solve the problem of SSL stripping attack, however all solutions have some limitations. In this thesis work we address the limitations of the existing solutions and proposed a new method using idea of multipath verification to detect SSL stripping attack. We establish multiple connection with the remote server using alternate paths, and compare security of them (server support HTTP or HTTPS). We accept the connection with the remote server if securities of the connection established over various paths match, otherwise we block the connection.