Results 1 to 4 of 4
  1. #1
    pavan528 is offline Member
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    0

    Lightbulb Securing Client Server HTTPS Connection

    I have a https connection from Client to Server and a malware in client. The malware modifies the message and compromises its integrity. I am using a proxy to check the Integrity of the message after the malware has changed the message and before sending it over the internet to the server.

    Now, How can I check the Integrity of the message (Sure that it has not been modified by any Man in the Middle) for the second half of my communication channel(Which is from Client to the Server over the internet).

    I see few conventional approaches of CRC or Checksum will help. But I am looking for some non traditional or upcoming approaches. I am new to this area and want to take expert advise about the direction I need to search for answer to my question.

    Ideally SSL Data shouldn't be able to be decrypted by any MIM. But my assumption is that any Protocol is subjected to attack and compromised in real world and few recent studies are proving that https is breakable. Thus, I am trying to perform a What if analysis? On the client side, lets say malware is not more powerful than just modifies the transaction amount and destination account number in a typical online Baking transaction.

    Any pointers would be of great help.

  2. #2
    jashburn is offline Senior Member
    Join Date
    Feb 2014
    Posts
    219
    Rep Power
    1

    Default Re: Securing Client Server HTTPS Connection

    Appears to be a follow up of Modify or read https message before sending to server within a client..

    Quote Originally Posted by pavan528 View Post
    Now, How can I check the Integrity of the message (Sure that it has not been modified by any Man in the Middle) for the second half of my communication channel(Which is from Client to the Server over the internet).

    I see few conventional approaches of CRC or Checksum will help. But I am looking for some non traditional or upcoming approaches. I am new to this area and want to take expert advise about the direction I need to search for answer to my question.
    Checksum generation is indeed the conventional approach. Why are you looking for non-traditional or new approaches to this? In general, what's the background behind your research on this?

  3. #3
    pavan528 is offline Member
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    0

    Default Re: Securing Client Server HTTPS Connection

    HI Jasburn,
    Ohh yeah..Sorry that I forgot that I already posted a post related to this in this forum.
    Yes, Check sum is a Traditional Approach. But I am trying to find Security failure Tolerant Services ( Services how can we detect the discrepancies of data provided that they are always broken in real time) fr a Security sensitive position like Banking Transaction or any System. Thats the reason I am assuming https and that traditional Approaches are assumed to be broken. Hope I am clear now and let me know if I am not.

  4. #4
    jashburn is offline Senior Member
    Join Date
    Feb 2014
    Posts
    219
    Rep Power
    1

    Default Re: Securing Client Server HTTPS Connection

    Sorry, mate. This looks like a question more suited for a security forum rather than a "New To Java" forum.

    The only thing I can say is you're perhaps referring to the paper mentioned at IEEE Xplore Abstract - Threat Modeling for Security Failure-Tolerant Requirements. If that's the case (and even if not), you might want to purchase the paper to fully understand the threat modelling (if you have not already done so) as it may give you better ideas on how to progress further with this.

Similar Threads

  1. Replies: 8
    Last Post: 02-26-2014, 01:57 PM
  2. Replies: 1
    Last Post: 04-28-2012, 03:11 PM
  3. Replies: 0
    Last Post: 11-27-2011, 03:41 PM
  4. Replies: 6
    Last Post: 07-18-2007, 04:15 PM
  5. Replies: 1
    Last Post: 07-14-2007, 06:15 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •