Related papers: HTTP Request Synchronization Defeats Discrepancy A…
HTTP/1.1 parsing discrepancies have been the basis for numerous classes of attacks against web servers. Previous techniques for discovering HTTP parsing discrepancies have focused on blackbox differential testing of HTTP gateway servers,…
If two or more identical HTTPS clients, located at different geographic locations (regions), make an HTTPS request to the same domain (e.g. example.com), on the same day, will they receive the same HTTPS security guarantees in response? Our…
Web Application Firewalls (WAFs) have been introduced as essential and popular security gates that inspect incoming HTTP traffic to filter out malicious requests and provide defenses against a diverse array of web-based threats. Evading…
High-precision time synchronization is a vital prerequisite for many modern applications and technologies, including Smart Grids, Time-Sensitive Networking (TSN), and 5G networks. Although the Precision Time Protocol (PTP) can accomplish…
HTTP/2 video streaming has caught a lot of attentions in the development of multimedia technologies over the last few years. In HTTP/2, the server push mechanism allows the server to deliver more video segments to the client within a single…
Modern multi-core processors share cache resources for maximum cache utilization and performance gains. However, this leaves the cache vulnerable to side-channel attacks, where timing differences in shared cache behavior are exploited to…
A sequence number checking technique is proposed to improve the performance of TCP connections in mobile ad hoc networks. While a TCP connection is initialized, a routing protocol takes the responsibility for checking the hop count between…
Clock synchronization has become essential to modern societies since many critical infrastructures depend on a precise notion of time. This paper analyzes security aspects of high-precision clock synchronization protocols, particularly…
Revelations of large scale electronic surveillance and data mining by governments and corporations have fueled increased adoption of HTTPS. We present a traffic analysis attack against over 6000 webpages spanning the HTTPS deployments of 10…
Applications over the Web primarily rely on the HTTP protocol to transmit web pages to and from systems. There are a variety of application layer protocols, but among all, HTTP is the most targeted because of its versatility and ease of…
With the popularity of mobile devices, such as smartphones, tablets, users prefer visiting Web pages on mobile devices. Meanwhile, HTTP(S) plays as the major protocol to deliver Web contents, and has served the Web well for more than 15…
Distributed denial-of-service attacks on public servers have recently become a serious problem. To assure that network services will not be interrupted and more effective defense mechanisms to protect against malicious traffic, especially…
Over the years, with the advancement of technology, Web technology has many improvements. In the early days, the web was one-way communication, and only the customer was able to see the content of the site and could not enter information.…
Implementing a security mechanism on top of APIs requires clear understanding of the semantics of each API, to ensure that security entitlements are enforced consistently and completely across all APIs that could perform the same function…
Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only off-path and cannot intercept traffic; hence, challenge-response mechanisms…
HTTPS is quickly rising alongside the need of Internet users to benefit from security and privacy when accessing the Web, and it becomes the predominant application protocol on the Internet. This migration towards a secure Web using HTTPS…
Replicating data across multiple data centers not only allows moving the data closer to the user and, thus, reduces latency for applications, but also increases the availability in the event of a data center failure. Therefore, it is not…
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the…
With the development of e-commerce, ssl protocol is more and more widely applied to various network services. It is one of key technologies to keep user's data in secure transmission via internet. This document majorly focuses on "SSLStrip"…
Denial-of-Service attacks continue to be a serious problem for the Internet community despite the fact that a large number of defense approaches has been proposed by the research community. In this paper we introduce IP Fast Hopping, easily…