CN106161453B - A kind of SSLstrip defence method based on historical information - Google Patents
A kind of SSLstrip defence method based on historical information Download PDFInfo
- Publication number
- CN106161453B CN106161453B CN201610579448.2A CN201610579448A CN106161453B CN 106161453 B CN106161453 B CN 106161453B CN 201610579448 A CN201610579448 A CN 201610579448A CN 106161453 B CN106161453 B CN 106161453B
- Authority
- CN
- China
- Prior art keywords
- page
- user
- configuration file
- request
- webpage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The defence method for SSLstrip attack that the invention discloses a kind of based on historical information, initially set up detected rule, the configuration file for the secure site that all users browsed is created by detected rule, and the accurate service condition of the website is contained in configuration file.Then default attacker successfully realizes MITM, establishes go-between's detector, and using this configuration file and detected rule, once the page is distorted by go-between's malice, system can identify and notify user that there are the connections for preventing attacker while network attack.Finally establish private data tracking module, be inserted into JavaScript code into login page, detect in logging request whether include plaintext private information, prevent the leakage of private information with this.The present invention can protect user and attacked from SSLstrip by the detection to client request and server response contents, and the certificate of user is protected to steal from means, improve safety and reliability when user accesses website.
Description
Technical field
The defence method for SSLstrip attack that the present invention relates to a kind of based on historical information, belongs to network security skill
Art field.
Background technique
Ssl protocol works on TCP/IP, and information encryption, authentication can be provided for the application program on upper layer and is disappeared
The identification service whether breath is modified, so that the communication between user and server can upload in reliable, safe channel
It is defeated, additionally, due to it independently of the application program on upper layer, so that its range used is also very extensive, it is all based on WEB's
Application program can carry out reliable transmission by ssl protocol, very convenient.
SSL/TLS agreement has always been considered as the safety with password grade, however to their deployment realization and ordinary user
To their usage behavior but to tend to this agreement dangerous, it is this it is dangerous be likely to the network user is allowed to receive it is great
The network attack of threat, wherein man-in-the-middle attack is exactly a kind of attack pattern of great risk, to the safety band of SSL/TLS
Carry out serious destruction.
Man-in-the-middle attack is a kind of indirect Network Intrusion, and this attack mode is by various technological means by invader
One computer virtual of control is placed between two communication computers in network connection, and the computer that this is controlled is just
Referred to as " go-between ".Then invader is " go-between " computer simulation Cheng Yitai or two primitive compuers, enable with
Computer in real session establishes the information for being flexibly connected and read or distort transmitting, the primitive compuer user of actual communication
But think that they are communicated with legal terminal, this attack pattern is difficult to be found.Nowadays, hacking technique increasingly
When mostly applying to obtain economic interests, attack becomes most dangerous to Internetbank, network game, online transaction etc. and most destructive
A kind of attack pattern.The technologies such as ARP deception, DNS deception are all typical attack means.
The common man-in-the-middle attack method for HTTPS agreement has:
1. key forgery attack SSLsniff:
HTTPS session based on WEB uses ssl protocol, any to have signature card due to the defects of SSL verification process
The go-between of book and corresponding private key can cheat other any users, to discover in client browser and server nothing
In the case where, realize the server authentication distorted and pass through SSL to server certificate.
It is a kind of commonplace man-in-the-middle attack that key, which is forged and attacked, intercepts and captures client request in gateway, pretends to be server
The request for responding user sends the certificate of forgery, while it can pretend to be user end to server to send request message again, in
Between people set up a bridge between clients and servers.All communication is all forwarded by go-between's host.And it takes
It is engaged in there is no direct communication truly between device, client, server, client can not all know internuncial deposit
?.Go-between can not only eavesdrop server, the communication of client can also be transmitted to again other side to the change of information, thus real
Now further attack.
2. downgrade attacks SSLstrip:
The attack is not based on any program-sensitive error but whole system and application method based on security website.Cause
It is all directly to knock in URL and seldom add protocol type in front when using browser for majority of network user, even if originally
It should be secure connection also not prefixing.From the plaintext page toward the transition of the encryption page often by the redirection of server.Such as
Fruit attacker attacks, so that it may pass through the agreement or page stripping from plaintext before these information are forwarded to user there
This transition is prevented from these transitional links.Due to having removed all information, all data that should originally encrypt are existing
It can be all presented in face of attacker in the form of plaintext the browser of user, such as the email accounts of user, bank's account
Family and credit clip pin for on-line payment.
It is Publication No. CN103685298A, entitled " a kind of based on deep-packet detection for the above man-in-the-middle attack
The invention of SSL man-in-the-middle attack discovery method " is by carrying out feature inspection to user and the received http header of server
It surveys to judge whether attack occurs, and issues attack alarm in time, prevent user from further being lost.But this method is related to
Http message is analyzed, and sets standards of grading, is then repeatedly surveyed respectively under normal condition and by attack condition
Examination, scores, in this, as the standard of judgement attack.The standard of scoring is subjective, is difficult unification, affects a wide range of
A possibility that use.
Summary of the invention
Present invention aims at the deficiencies for being directed to existing defense technique, propose a kind of being directed to based on historical information
The defence method of SSLstrip attack.The characteristics of this method is attacked for SSLstrip constructs a kind of server end of not needing
Cooperate the mean of defense also not dependent on Third Party Authentication.This method constructs a Client Agent module, the proxy module
Create the configuration file for the secure site that all users browsed.The accurate use of the website is contained in configuration file
Situation.Using this configuration file and a set of detected rule, once the page is distorted by go-between's malice, system can be identified
Come and notifies user that there are the connections for preventing attacker while network attack.
The technical scheme adopted by the invention is that a kind of defence method for SSLstrip attack based on historical information,
Include the following steps:
Step 1) establishes detected rule;
Step 1.1) establishes HTTP Moved message detection rule;
Step 1.2) establishes JavaScript safety detection rule;
Step 1.3) establishes Iframe tags detected rule;
Step 1.4) establishes Http Form detected rule;
Step 2) generates configuration file;
Step 2.1) user accesses common normal website by proxy module;
Step 2.2) proxy module obtains the response of browse request and server;
Step 2.3) page analyzer analyzes the key component of webpage, identifies data and attribute, generates current web page
Configuration file;
If step 2.4) webpage is to access for the first time, 2.5 are gone to step, otherwise goes to step 3;
Step 2.5) JavaScript pretreatment is done identical JS request twice, and is compared to data block twice,
Create the template of a constant part for data block different piece and record position and the length of dynamic part, by information record into
Webpage configuration file;
The configuration file of the webpage is inputted configuration files database by step 2.6);
Step 2.7) the configuration file is transmitted to user as the initial configuration file of the page;
Step 3) establishes go-between's detector;
Step 3.1) default attacker successfully realizes MITM, has attacked a wireless network and has become the net of the network
It closes, on this basis, all requests and response of any host are all checked or modified by it in wireless network;
Step 3.2) user accesses server using browser from wireless network;
If step 3.3) logging request goes to step 4.4, otherwise goes to step 3.4;
Step 3.4) browser makes suitable information and forwards the information to gateway;
Step 3.5) attacker checks this information and recognizes that the user intends to carry out a behaviour with destination server
Make, has forwarded the information to destination server;
Step 3.6) server whole station uses SSL, server response response message to gateway;
Step 3.7) attacker has intercepted the information, and decrypts the content responded, is transmitted to user after modification;
Step 3.8) proxy module has received the response of server and is checked;
Step 3.9) proxy module compares the initial configuration file of webpage and the configuration file that page analyzer is newly-generated, sentences
Whether suspension page is tampered;
If step 3.10) inspection passes through, webpage is not tampered with, and is gone to step 4, is otherwise gone to step 3.11;
Step 3.11) proxy module abandons this request, notifies user's local network exists to attack and provide report;
Step 4) establishes private data tracking module;
Whether step 4.1) detection response webpage includes secure log frame;
Step 4.2) webpage does not include secure log frame, and the page is shown to user, and primary request terminates;
Step 4.3) webpage includes secure log frame, JS program is added in webpage, by page presentation to user;
Step 4.4) marking of web pages sends logging request, and whether detection request includes clear-text passwords, if is SSL transmission;
If step 4.5) request is comprising clear-text passwords or is non-SSL transmission, request dangerous, goes to step 3.11;
If step 4.6) request safety, goes to step 3.4.
It is above-mentioned to establish detected rule, be based on original configuration file based on the page and contain possibly be present at it is every
Dangerous modification in a page, is described in detail the risk of webpage steering, and the page for each carrying out automatic network is being sent back to
It can all be compared by the stringent detection of rule before to user there.
Above-mentioned generation configuration file is to analyze and identify the request and server that browser issues by detected rule
Response message identifies the attribute of crucial data and data, is then recorded in the current configuration file of the page.It is described to build
Vertical go-between's detector is to be carried out pair by detected rule by what the existing configuration file of the page and page analyzer were created
Than so that whether a page is tampered by attacker to make decision.Any variation that page analyzer is found, if rule
It is then upper to be confirmed again, it will be considered as a mark of attack, so that this page would not be transmitted to user.
It is above-mentioned to establish private data tracking module, it is to identify user by being inserted into JavaScript code in the page
Private information allows and goes to prevent it when the leakage of the private data of user, when go-between's detector mistake is by page
Face variation can prevent the leakage of user's private data when being considered safe.
Compared with prior art, the beneficial effects of the present invention are:
1. the present invention by the detection to client request and server response contents, can protect user from
SSLstrip is attacked and the certificate of user is protected to steal from following means: turning to prevention, unsafe list, method and note
Enter, improves safety and reliability when user accesses website.
2. the present invention is the broker program based on historical information.Utilize the request and response of the website for creating configuration file
It is trained, creates configuration file by the security feature of a website rather than based on web site contents.It can make this in this way
Invention is correctly disposed and is worked on static website and most of dynamic website.
3. the present invention is used as Client Agent, the configuration file for the secure site that all users browsed is created, no
It needs the cooperation of server end also not dependent on the mean of defense of Third Party Authentication, real-time protection can be provided for client.
Detailed description of the invention
Fig. 1 is system architecture diagram of the invention.
Fig. 2 is the flow chart that configuration file of the present invention generates.
Fig. 3 is go-between's overhaul flow chart of the present invention.
Fig. 4 is private data trace flow figure of the present invention.
Fig. 5 is present system work overall flow figure.
Specific embodiment
The specific implementation of the invention is described in further details with reference to the accompanying drawing:
Step 1: establishing detected rule, detected rule contains the danger modification to each typical susceptible data structure.
The page for each carrying out automatic network can be compared before being sent back to user there by the stringent detection of rule, and HTTP Moved disappears
Whether the conversion of breath detected rule detection HTTP and HTTPS request are allowed to;
JS detected rule is established by JS preprocessor, checks whether the JavaScript code of load is maliciously repaired
Change;Iframe tags rule is for forbidding the Iframe additionally added to cover original page;The HTTP Forms regular record page
Form information, do not allow to modify the list that may reveal user information.
Step 2: configuration file generates.As shown in Fig. 2, page analyzer identifies that the attribute of critical data and they is right
It is recorded in the current configuration file of the page afterwards.If some page is to access for the first time, it can be registered to configuration text
In part database, and become the initial configuration file of the page, is then forwarded to user.If not for the first time, configuration is literary
Part can check the initial configuration file of the page by go-between's detector.
Step 3: go-between's detection.As shown in figure 3, detector judges to obtain whether request is logging request, if so, inspection
It surveys device and gives request to private data tracking module.If it is not, detector will use detected rule for the existing configuration of the page
File is compared with the configuration file that page analyzer is created, and judges whether the page is tampered by attacker.Web page analysis
Any variation that device is found, if rule is upper and is confirmed, as soon as it will be considered as the mark of attack, this page
User will not be transmitted to.
Step 4: private data tracking.As shown in figure 4, first determining whether the page is login page, if it is not, then not
Carry out private data tracking.Otherwise it modifies to each page for including secure log frame and increases a JavaScript
Program, once user inputs password, which will be sent to proxy module password, which will be recorded.It removes
Except this, as soon as it, which returns each frame, increases the hiding field for including location information, we can be identified later in this way
It is which page issues request out.Private data tracking module checks whether close comprising having stored in the data sent out
Code, if password appears in the data, rather than passes through SSL traffic, it is meant that attacker has successfully bypassed go-between
Detector just sends password to the outside now.In this case, it will not allow to establish such connection and user is notified to receive
Attack.
The defence method for SSLstrip attack that the invention proposes a kind of as shown in Figure 5 based on historical information, and
Using the method achieve a proxy module, which creates the security station that all users browsed by detected rule
The configuration file of point contains the accurate service condition of the website in configuration file.Use this configuration file and detection rule
Then, once the page is distorted by go-between's malice, system can identify and notify user that there are resistances while network attack
The only connection of user.Meanwhile a private data tracking module is established, JavaScript code is inserted into login page,
Detect logging request in whether include plaintext private information, prevent the leakage of private information with this.Implementation step are as follows:
Step 1) establishes detected rule;
Step 1.1) establishes HTTP Moved message detection rule;
Step 1.2) establishes JavaScript safety detection rule;
Step 1.3) establishes Iframe tags detected rule;
Step 1.4) establishes Http Form detected rule;
The generation of step 2) configuration file;
Step 2.1) user accesses common normal website by proxy module;
Step 2.2) proxy module obtains the response of browse request and server;
Step 2.3) page analyzer analyzes the key component of webpage, identifies data and attribute, generates current web page
Configuration file;
If step 2.4) webpage is to access for the first time, 2.5 are gone to step, otherwise goes to step 3;
Step 2.5) JavaScript pretreatment is done identical JS request twice, and is compared to data block twice.
Create the template of a constant part for data block different piece and record position and the length of dynamic part, by information record into
Webpage configuration file.
The configuration file of the webpage is inputted configuration files database by step 2.6);
Step 2.7) the configuration file is transmitted to user as the initial configuration file of the page;
Step 3) go-between detection;
Step 3.1) default attacker successfully realizes MITM, has attacked a wireless network and has become the net of the network
It closes.On this basis, all requests and response of any host are all checked or are modified by him in wireless network.
Step 3.2) user accesses server using browser from wireless network;
If step 3.3) logging request goes to step 4.4, otherwise goes to step 3.4;
Step 3.4) browser makes suitable information and forwards the information to gateway.
Step 3.5) attacker checks this information and recognizes that the user intends to carry out a behaviour with destination server
Make, has forwarded the information to destination server.
Step 3.6) server whole station uses SSL, server response response message to gateway.
Step 3.7) attacker intercepts the information, and decrypts the content responded, is transmitted to user after modification.
Step 3.8) proxy module has received the response of server and is checked.
Step 3.9) proxy module compares the initial configuration file of webpage and the configuration file that page analyzer is newly-generated, sentences
Whether suspension page is tampered.
If step 3.10) inspection passes through, webpage is not tampered with, and is gone to step 4, is otherwise gone to step 3.11;
Step 3.11) proxy module abandons this request, notifies user's local network exists to attack and provide report.
The tracking of step 4) private data;
Whether step 4.1) detection response webpage includes secure log frame;
Step 4.2) webpage does not include secure log frame, and the page is shown to user, and primary request terminates;
Step 4.3) webpage includes secure log frame, JS program is added in webpage, by page presentation to user;
Step 4.4) marking of web pages sends logging request, and whether detection request includes clear-text passwords, if is SSL transmission;
If step 4.5) request is comprising clear-text passwords or is non-SSL transmission, request dangerous, abandon this request,
Notify user's local network exists to attack and provide report;
If step 4.6) request safety, goes to step 3.4.
Claims (5)
1. a kind of defence method for SSLstrip attack based on historical information, includes the following steps:
Step 1) establishes detected rule;
Step 1.1) establishes HTTP Moved message detection rule;
Step 1.2) establishes JavaScript safety detection rule;
Step 1.3) establishes Iframe tags detected rule;
Step 1.4) establishes Http Form detected rule;
Step 2) generates configuration file;
Step 2.1) user accesses common normal website by proxy module;
Step 2.2) proxy module obtains the response of browse request and server;
Step 2.3) page analyzer analyzes the key component of webpage, identifies data and attribute, generates the configuration of current web page
File;
If step 2.4) webpage is to access for the first time, 2.5 are gone to step, otherwise goes to step 3;
Step 2.5) JavaScript pretreatment is done identical JavaScript request twice, and is carried out to data block twice
Compare, is that the different piece of data block creates the template of a dynamic part, and records position and the length of dynamic part, will believe
Breath record network access page configuration file;
The configuration file of the webpage is inputted configuration files database by step 2.6);
Step 2.7) the configuration file is transmitted to user as the initial configuration file of the page;
Step 3) establishes go-between's detector;
Step 3.1) default attacker successfully realizes MITM, has attacked a wireless network and has become the gateway of the network,
On the basis of this, all requests and response of any host are all checked or are modified by it in wireless network;
Step 3.2) user accesses server using browser from wireless network;
If step 3.3) logging request goes to step 4.4, otherwise goes to step 3.4;
Step 3.4) browser makes suitable information and forwards the information to gateway;
Step 3.5) attacker checks this information and recognizes that the user intends to be carried out an operation with destination server,
Destination server is forwarded the information to;
Step 3.6) server whole station uses SSL, server response response message to gateway;
Step 3.7) attacker has intercepted the information, and decrypts the content responded, is transmitted to user after modification;
Step 3.8) proxy module has received the response of server and is checked;
Step 3.9) proxy module compares the initial configuration file of webpage and the configuration file that page analyzer is newly-generated, judges net
Whether page is tampered;
If step 3.10) inspection passes through, webpage is not tampered with, and is gone to step 4, is otherwise gone to step 3.11;
Step 3.11) proxy module abandons this request, notifies user's local network exists to attack and provide report;
Step 4) establishes private data tracking module;
Whether step 4.1) detection response webpage includes secure log frame;
Step 4.2) webpage does not include secure log frame, and the page is shown to user, and primary request terminates;
Step 4.3) webpage includes secure log frame, JS program is added in webpage, by page presentation to user;
Step 4.4) marking of web pages sends logging request, and whether detection request includes clear-text passwords, if is SSL transmission;
If step 4.5) request is comprising clear-text passwords or is non-SSL transmission, request dangerous, goes to step 3.11;
If step 4.6) request safety, goes to step 3.4;
Terminate.
2. a kind of defence method for SSLstrip attack based on historical information according to claim 1, feature
Be: it is described to establish detected rule, be based on original configuration file based on the page and contain possibly be present at it is each
Dangerous modification in the page, is described in detail the risk of webpage steering, and the page for each carrying out automatic network is being sent back to
It can all be compared by the stringent detection of rule before user there.
3. a kind of defence method for SSLstrip attack based on historical information according to claim 1, feature
Be: the generation configuration file is the sound for analyzing and identifying request and server that browser issues by detected rule
Information is answered, the attribute of crucial data and data is identified, is then recorded in the current configuration file of the page.
4. a kind of defence method for SSLstrip attack based on historical information according to claim 1, feature
It is: it is described to establish go-between's detector, it is to be created the existing configuration file of the page with page analyzer by detected rule
That builds compares, so that whether a page is tampered by attacker to make decision, page analyzer is found any
Variation is confirmed again if rule is upper, will be considered as a mark of attack, so that this page would not be transmitted to
User.
5. a kind of defence method for SSLstrip attack based on historical information according to claim 1, feature
It is: it is described to establish private data tracking module, it is to identify the private of user by being inserted into JavaScript code in the page
Confidential information allows and goes to prevent it when the leakage of the private data of user, when go-between's detector mistake is by page
Variation can prevent the leakage of user's private data when being considered safe.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610579448.2A CN106161453B (en) | 2016-07-21 | 2016-07-21 | A kind of SSLstrip defence method based on historical information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610579448.2A CN106161453B (en) | 2016-07-21 | 2016-07-21 | A kind of SSLstrip defence method based on historical information |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106161453A CN106161453A (en) | 2016-11-23 |
CN106161453B true CN106161453B (en) | 2019-05-03 |
Family
ID=58060435
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610579448.2A Active CN106161453B (en) | 2016-07-21 | 2016-07-21 | A kind of SSLstrip defence method based on historical information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106161453B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106899579B (en) * | 2017-02-08 | 2019-12-06 | 北京网康科技有限公司 | detection method and device for man-in-the-middle attack |
CN107133519B (en) * | 2017-05-15 | 2019-07-05 | 华中科技大学 | Privacy compromise detection method and system in a kind of communication of Android application network |
CN107634967B (en) * | 2017-10-19 | 2021-06-25 | 南京大学 | CSRFtoken defense system and method for CSRF attack |
CN108650236B (en) * | 2018-04-13 | 2021-04-16 | 上海连尚网络科技有限公司 | Method and equipment for detecting ssl man-in-the-middle attack |
US10855723B2 (en) | 2018-05-11 | 2020-12-01 | Cisco Technology, Inc. | Enforcing a secure transport protocol with dynamically updated stored data |
CN110929129B (en) * | 2018-08-31 | 2023-12-26 | 阿里巴巴集团控股有限公司 | Information detection method, equipment and machine-readable storage medium |
WO2021002013A1 (en) * | 2019-07-04 | 2021-01-07 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ | Abnormality detection device, and abnormality detection method |
CN110535886B (en) * | 2019-09-30 | 2022-09-16 | 中国工商银行股份有限公司 | Method, apparatus, system, device and medium for detecting man-in-the-middle attacks |
CN112671753B (en) * | 2020-12-18 | 2023-05-23 | 福建中信网安信息科技有限公司 | Information security integration level protection system |
CN115567426A (en) * | 2022-09-23 | 2023-01-03 | 北京中睿天下信息技术有限公司 | Method for rapidly capturing local area network HTTPS data packet by using ARP |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102111410A (en) * | 2011-01-13 | 2011-06-29 | 中国科学院软件研究所 | Agent-based single sign on (SSO) method and system |
CN102571770A (en) * | 2011-12-27 | 2012-07-11 | 北京神州绿盟信息安全科技股份有限公司 | Man-in-the-middle attack detection method, device, server and system |
CN102902934A (en) * | 2011-09-27 | 2013-01-30 | 微软公司 | Integration and interactive operation system for unknowable host |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3479742B2 (en) * | 2000-05-08 | 2003-12-15 | 株式会社アイディーエス | Carrier-free terminal authentication system by mail back method |
-
2016
- 2016-07-21 CN CN201610579448.2A patent/CN106161453B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102111410A (en) * | 2011-01-13 | 2011-06-29 | 中国科学院软件研究所 | Agent-based single sign on (SSO) method and system |
CN102902934A (en) * | 2011-09-27 | 2013-01-30 | 微软公司 | Integration and interactive operation system for unknowable host |
CN102571770A (en) * | 2011-12-27 | 2012-07-11 | 北京神州绿盟信息安全科技股份有限公司 | Man-in-the-middle attack detection method, device, server and system |
Also Published As
Publication number | Publication date |
---|---|
CN106161453A (en) | 2016-11-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106161453B (en) | A kind of SSLstrip defence method based on historical information | |
EP3219068B1 (en) | Method of identifying and counteracting internet attacks | |
US8843516B2 (en) | Internet security | |
Banu et al. | A comprehensive study of phishing attacks | |
US7313691B2 (en) | Internet site authentication service | |
Chitrey et al. | A comprehensive study of social engineering based attacks in india to develop a conceptual model | |
Shetty et al. | Are you dating danger? An interdisciplinary approach to evaluating the (in) security of android dating apps | |
EP3885946A1 (en) | Method of monitoring and protecting access to an online service | |
Maksutov et al. | Detection and prevention of DNS spoofing attacks | |
US20180302437A1 (en) | Methods of identifying and counteracting internet attacks | |
Jain et al. | Session hijacking: threat analysis and countermeasures | |
EP4068125B1 (en) | Method of monitoring and protecting access to an online service | |
EP3885945B1 (en) | Method of monitoring and protecting access to an online service | |
Cuzme-Rodríguez et al. | Offensive Security: Ethical Hacking Methodology on the Web | |
Singh et al. | A survey on phishing and anti-phishing techniques | |
Mirdula et al. | Security vulnerabilities in web application-An attack perspective | |
Wang et al. | A framework for formal analysis of privacy on SSO protocols | |
Shan et al. | Heuristic systematic model based guidelines for phishing victims | |
Narula et al. | Novel Defending and Prevention Technique for Man‐in‐the‐Middle Attacks in Cyber‐Physical Networks | |
EP3885947A1 (en) | Method of monitoring and protecting access to an online service | |
Modi et al. | Design and implementation of RESTFUL API based model for vulnerability detection and mitigation | |
CN107294994A (en) | A kind of CSRF means of defences and system based on cloud platform | |
Amin et al. | Facebook: A comprehensive analysis of phishing on a social system | |
CN107682371A (en) | A kind of malice AP detection method and device | |
Devi et al. | Security Analysis on Remote Authentication against Man-in-the-Middle Attack on Secure Socket Layer |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |