Https

From LinuxReviews
Jump to navigationJump to search

https is a protocol identical to normal http:// which uses a different port (443, not http's port 80) and an additional encryption/authentication layer between HTTP and TCP.

Security

https provides an additional encryption layer between HTTP and TCP, and that's it.

  • http will fetch many resources pr. request. (the HTML page, stylesheet, images, etc).
  • https does not disturb timing much. It does not hide the lenght of request.

Attacks

  • Visit SSL websites and profile the requests. Make a list of the requests, retrieved resources and their lenghts.
  • Then observe the sequence of retrieved resource lenghts of the victim. Compare it to the profiles and you can make a relatively good guess about which page they match.

This can further be used by looking at the links on the web-pages on a https protected website. Guess which pages a user are likely to go to from other pages, and you're able to make a good guess at the sequence.

Additional security

Tor is a network security tool which protects against traffic analysis. Tor is a excellent way of adding additional protection to protocols such as https and SSH.