Conference item
On the feasibility of fine-grained TLS security configurations in web browsers based on the requested domain name
- Abstract:
- Most modern web browsers today sacrifice optimal TLS security for backward compatibility. They apply coarse-grained TLS configurations that support (by default) legacy versions of the protocol that have known design weaknesses, and weak ciphersuites that provide fewer security guarantees (e.g. non Forward Secrecy), and silently fall back to them if the server selects to. This introduces various risks including downgrade attacks such as the POODLE attack [15] that exploits the browsers silent fallback mechanism to downgrade the protocol version in order to exploit the legacy version flaws. To achieve a better balance between security and backward compatibility, we propose a mechanism for fine-grained TLS configurations in web browsers based on the sensitivity of the domain name in the HTTPS request using a whitelisting technique. That is, the browser enforces optimal TLS configurations for connections going to sensitive domains while enforcing default configurations for the rest of the connections. We demonstrate the feasibility of our proposal by implementing a proof-of-concept as a Firefox browser extension. We envision this mechanism as a built-in security feature in web browsers, e.g. a button similar to the “Bookmark” button in Firefox browsers and as a standardised HTTP header, to augment browsers security.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Accepted manuscript, pdf, 453.9KB, Terms of use)
-
- Publisher copy:
- 10.1007/978-3-030-01704-0_12
Authors
- Publisher:
- Springer, Cham
- Host title:
- SecureComm 2018: Security and Privacy in Communication Networks
- Journal:
- 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018 More from this journal
- Volume:
- 255
- Pages:
- 213-228
- Series:
- Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
- Publication date:
- 2018-12-29
- Acceptance date:
- 2018-04-07
- DOI:
- ISBN:
- 9783030017040
- Pubs id:
-
pubs:844820
- UUID:
-
uuid:818122b8-aa5c-4a4e-8c56-14cd8cf270e1
- Local pid:
-
pubs:844820
- Source identifiers:
-
844820
- Deposit date:
-
2018-04-29
Terms of use
- Copyright holder:
- Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
- Copyright date:
- 2018
- Notes:
- © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018. This is the accepted manuscript version of the article. The final version is available online from Springer at: https://doi.org/10.1007/978-3-030-01704-0_12
If you are the owner of this record, you can report an update to it here: Report update to this record