A. Amiruddin, Daffa Akbar Putra Yusa, Rizky Ainur Rofiq
{"title":"基于Bettercap工具的HTTP严格传输安全(HSTS)配置与实现符合性分析","authors":"A. Amiruddin, Daffa Akbar Putra Yusa, Rizky Ainur Rofiq","doi":"10.1109/ICIMCIS53775.2021.9699358","DOIUrl":null,"url":null,"abstract":"Currently, HTTPS is commonly used because it offers more protection when compared to HTTP. However, it does not rule out the possibility of attacks being carried out against HTTPS. One of the features that can improve HTTPS security is configuring HTTP strict transport security (HSTS). Unfortunately, not all HSTS is successfully configured and implemented correctly due to administrator ignorance. The purpose of this study is to provide an overview of what configurations need to be done to run HSTS properly to increase the functionality of existing features and improve security. Configuration conformity testing is done using three parameters, i.e., max-age, includeSubDomains, and preload. The attack attempts carried out in this exploratory study used Bettercap, which allows multiple types of attacks to be carried out simultaneously. The results obtained from this study include a list of parameters that need to be met as a condition of an adequately configured HSTS on a website, such as the max-age value, which has a minimum value of 31536000.","PeriodicalId":250460,"journal":{"name":"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Conformity Analysis of HTTP Strict Transport Security (HSTS) Configuration and Implementation Using Bettercap Tools\",\"authors\":\"A. Amiruddin, Daffa Akbar Putra Yusa, Rizky Ainur Rofiq\",\"doi\":\"10.1109/ICIMCIS53775.2021.9699358\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Currently, HTTPS is commonly used because it offers more protection when compared to HTTP. However, it does not rule out the possibility of attacks being carried out against HTTPS. One of the features that can improve HTTPS security is configuring HTTP strict transport security (HSTS). Unfortunately, not all HSTS is successfully configured and implemented correctly due to administrator ignorance. The purpose of this study is to provide an overview of what configurations need to be done to run HSTS properly to increase the functionality of existing features and improve security. Configuration conformity testing is done using three parameters, i.e., max-age, includeSubDomains, and preload. The attack attempts carried out in this exploratory study used Bettercap, which allows multiple types of attacks to be carried out simultaneously. The results obtained from this study include a list of parameters that need to be met as a condition of an adequately configured HSTS on a website, such as the max-age value, which has a minimum value of 31536000.\",\"PeriodicalId\":250460,\"journal\":{\"name\":\"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIMCIS53775.2021.9699358\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIMCIS53775.2021.9699358","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Conformity Analysis of HTTP Strict Transport Security (HSTS) Configuration and Implementation Using Bettercap Tools
Currently, HTTPS is commonly used because it offers more protection when compared to HTTP. However, it does not rule out the possibility of attacks being carried out against HTTPS. One of the features that can improve HTTPS security is configuring HTTP strict transport security (HSTS). Unfortunately, not all HSTS is successfully configured and implemented correctly due to administrator ignorance. The purpose of this study is to provide an overview of what configurations need to be done to run HSTS properly to increase the functionality of existing features and improve security. Configuration conformity testing is done using three parameters, i.e., max-age, includeSubDomains, and preload. The attack attempts carried out in this exploratory study used Bettercap, which allows multiple types of attacks to be carried out simultaneously. The results obtained from this study include a list of parameters that need to be met as a condition of an adequately configured HSTS on a website, such as the max-age value, which has a minimum value of 31536000.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
