AN INSECURE WILD WEB: A LARGE-SCALE STUDY OF EFFECTIVENESS OF WEB SECURITY MECHANISMS
Journal Title: ICTACT Journal on Communication Technology - Year 2017, Vol 8, Issue 1
Abstract
This research work presents a large-scale study of the problems in real-world web applications and widely-used mobile browsers. Through a large-scale experiment, we find inconsistencies in Secure Socket Layer (SSL) warnings among popular mobile web browsers (over a billion users download). The majority of popular mobile browsers on the Google Play Store either provide incomplete information in SSL warnings shown to users or failed to provide SSL warnings in the presence of security certificate errors, thus making it a difficult task even for a security savvy user to make an informed decision. In addition, we find that 28% of websites are using mixed content. Mixed content means a secure website (https) loads a sub resource using insecure HTTP protocol. The mixed content weakens the security of entire website and vulnerable to man-in-the-middle (MITM) attacks. Furthermore, we inspected the default behavior of mobile web browsers and report that majority of mobile web browsers allow execution of mixed content in web applications, which implies billions of mobile browser users are vulnerable to eavesdropping and MITM attacks. Based on our findings, we make recommendations for website developers, users and browser vendors.
Authors and Affiliations
Kailas Patil
Keywords
Related Articles
- EP ID EP372653
- DOI 10.21917/ijct.2017.0217
- Views 92
- Downloads 0
PROVISIONING RESTORABLE VIRTUAL PRIVATE NETWORKS USING BARABASI AND WAXMAN TOPOLOGY GENERATION MODEL
As internet usage grows exponentially, network security issues become increasingly important. Network security measures are needed to protect data during transmission. Various security controls are used to prevent the ac...
CERTIFICATE REVOCATION SCHEME BASED ON WEIGHTED VOTING GAME AND RATIONAL SECURE MULTIPARTY COMPUTING
The Mobile Adhoc Network consists of deployed mobile nodes which lead to the frequent changes in network topology. Due to topology changes, required infrastructure is unavailable for communication. Moreover, malicious no...
A REVIEW ON OVERVIEW OF WORLDWIDE INTEROPERABILITY FOR MICROWAVE ACCESS (WIMAX) INNOVATION AND ITS FUTURE UTILIZATIONS
This paper introduces the elements of the Worldwide Interoperability for Microwave Access (WiMAX) innovation and future utilizations of WiMAX. It is a connection oriented wireless network that assures Quality of Service...
DIRECTIONAL ANTENNA BASED EFFICIENT LOCATION AWARE ROUTING IN MOBILE ADHOC NETWORK
Mobile Adhoc Network (MANET) also called as wireless ad hoc network is a self-organizing, self-configuring infrastructure less network containing a group of mobile nodes communicating wirelessly. As the hosts move often...
ADAPTIVE GOSSIP BASED PROTOCOL FOR ENERGY EFFICIENT MOBILE ADHOC NETWORK
In Gossip Sleep Protocol, network performance is enhanced based on energy resource. But energy conservation is achieved with the reduced throughput. In this paper, it has been proposed a new Protocol for Mobile Ad hoc Ne...