Unlock instant, AI-driven research and patent intelligence for your innovation.

A sslstrip defense method based on historical information

A technology of historical information and rules, applied in the field of network security, can solve problems such as difficult to unify and affect wide-scale use, and achieve the effect of improving security and reliability

Active Publication Date: 2019-05-03
NANJING UNIV OF POSTS & TELECOMM
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Scoring standards are highly subjective and difficult to unify, which affects the possibility of wide-scale use

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A sslstrip defense method based on historical information
  • A sslstrip defense method based on historical information
  • A sslstrip defense method based on historical information

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0058] The specific implementation of the invention is described in further detail below in conjunction with the accompanying drawings:

[0059] Step 1: Establish detection rules, which include dangerous modifications to each typical sensitive data structure. Before being sent back to the user, every page from the Internet will be checked and compared with strict rules. The HTTP Moved message detection rule checks whether the conversion of HTTP and HTTPS requests is allowed;

[0060] Establish JS detection rules through the JS preprocessor to check whether the loaded JavaScript code has been maliciously modified; the Iframe tags rule is used to prohibit additional Iframes from overwriting the original page; the HTTP Forms rule records the form information of the page, and does not allow modification that may reveal the user Information form.

[0061] Step 2: Configuration file generation. Such as figure 2 As shown, the web page analyzer identifies key data and their attributes and...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a defense method aiming at SSL strip attack and based on historical information. The defense method includes: establishing detection rules, and creating configuration files of all safe sites browsed by a user through the detection rules, wherein each configuration file contains accurate using status of the corresponding site; defaulting that an attacker successfully realizes MITM (man in the middle), establishing a MITM detector, and using the configuration file and the detection rules, wherein once a page is tampered maliciously by the MITM, a system can recognize and inform the user of a network attack while stopping connection of the attacker; establishing a private data tracking module, inserting JavaScript code into a login page, and detecting whether a login request contains plaintext private information or not to completely eradicate leakage of private information. By detecting client requests and server response content, the user can be protected from the SSL strip attack, and certificate of the user can be protected from being stolen by illegal means, so that safety and reliability when the user accesses websites are improved.

Description

Technical field [0001] The invention relates to a defense method against SSLstrip attacks based on historical information, and belongs to the technical field of network security. Background technique [0002] The SSL protocol works on top of TCP / IP, and can provide information encryption, identity authentication, and authentication services for the upper-layer applications, so that the communication between the user and the server can be transmitted on a reliable and secure channel. In addition, because it is independent of upper-layer applications, it can be used in a wide range. All WEB-based applications can be reliably transmitted through the SSL protocol, which is very convenient. [0003] The SSL / TLS protocol has always been considered to have cryptographic security. However, their deployment and implementation and the use of them by ordinary users make this protocol tend to be insecure. This insecurity is likely to make network users receive extremely Threatening network at...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0281H04L63/1416H04L63/1441H04L63/166
Inventor 陈丹伟别宜东
Owner NANJING UNIV OF POSTS & TELECOMM
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com