Survey of Attacks against HTTPS: Analysis, Exploitation, and Mitigation Strategies

3d8d135818d1675848a1b01 20240424013234126 beie:beie director@blueeyesintelligence.org WEB-FORM International Journal of Innovative Technology and Exploring Engineering IJITEE 22783075 10.35940/ijitee https://www.ijitee.org/ 03 30 2024 13 4 Survey of Attacks against HTTPS: Analysis, Exploitation, and Mitigation Strategies Department of Information Security, Carnegie Mellon University, San Jose, United States. Adithyan Arun Kumar https://orcid.org/0000-0001-9790-2657 Gowthamaraj Rajendran https://orcid.org/0000-0001-9422-3907 Department of Information Security, Carnegie Mellon University, San Jose, United States. Nitin Srinivasan https://orcid.org/0009-0001-6472-4441 Department of Computer Science, University of Massachusetts Amherst, Sunnyvale, United States. Praveen Kumar Sridhar https://orcid.org/0009-0001-6486-1614 Department of Data Science, Northeastern University, San Jose, United States. Kishore Kumar Perumalsamy https://orcid.org/0009-0009-5661-7644 Department of Computer Science, Carnegie Mellon University, San Jose, United States. This research paper aims to provide a comprehensive overview of known attacks against HTTPS, focusing on the SSL and TLS protocols. The paper begins by explaining the working of HTTPS, followed by detailed descriptions of SSL and TLS protocols. Subsequently, it explores common attacks against HTTPS, providing an in-depth analysis of each attack, along with proof-of-concept (PoC) demonstrations. Furthermore, the paper outlines mitigation strategies to address each attack, emphasizing the importance of proactive security measures. Finally, a conclusion is drawn, highlighting the evolving nature of HTTPS attacks and the continuous need for robust security practices. 03 30 2024 28 34 CC BY-NC-ND 4.0 10.35940/BEIESP.CrossMarkPolicy www.ijitee.org true 10.35940/ijitee.D9826.13040324 International Journal of Innovative Technology and Exploring Engineering (IJITEE) No, I did not receive. No conflicts of interest to the best of our knowledge. No, the article does not require ethical approval and consent to participate with evidence. Not relevant. All authors have equal participation in this article. 10.35940/ijitee.D9826.13040324 https://www.ijitee.org/portfolio-item/D982613040324/