An official website of the United States government
- Home
- Search Results
- Page 1 of 1
Search for: All records
-
Total Resources4
- Resource Type
-
0004000000000000
- More
- Availability
-
40
- Author / Contributor
- Filter by Author / Creator
-
-
Chau, Sze Yiu (4)
-
Chowdhury, Omar (4)
-
Debnath, Joyanta (4)
-
Hoque, Endadul (2)
-
Hue, Man Hong (2)
-
Li, Li (2)
-
Ip, Sheung Chiu (1)
-
Leung, Kin Man (1)
-
Li, Chun Ngai (1)
-
Mazhar, M. Hammad (1)
-
Minaei, Mohsen (1)
-
Xian, Kailiang (1)
-
Yahyazadeh, Moosa (1)
-
#Tyler Phillips, Kenneth E. (0)
-
#Willis, Ciara (0)
-
& Abreu-Ramos, E. D. (0)
-
& Abramson, C. I. (0)
-
& Abreu-Ramos, E. D. (0)
-
& Adams, S.G. (0)
-
& Ahmed, K. (0)
-
- Filter by Editor
-
-
Conti, Mauro (1)
-
Spognardi, Angelo (1)
-
Zhou, Jianying (1)
-
& Spizer, S. M. (0)
-
& . Spizer, S. (0)
-
& Ahn, J. (0)
-
& Bateiha, S. (0)
-
& Bosch, N. (0)
-
& Brennan K. (0)
-
& Brennan, K. (0)
-
& Chen, B. (0)
-
& Chen, Bodong (0)
-
& Drown, S. (0)
-
& Ferretti, F. (0)
-
& Higgins, A. (0)
-
& J. Peters (0)
-
& Kali, Y. (0)
-
& Ruiz-Arias, P.M. (0)
-
& S. Spitzer (0)
-
& Sahin. I. (0)
-
-
Have feedback or suggestions for a way to improve these results?
!
Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
Yahyazadeh, Moosa; Chau, Sze Yiu; Li, Li; Hue, Man Hong; Debnath, Joyanta; Ip, Sheung Chiu; Li, Chun Ngai; Hoque, Endadul; Chowdhury, Omar (, the 2021 ACM SIGSAC Conference on Computer and Communications Security)
-
Hue, Man Hong; Debnath, Joyanta; Leung, Kin Man; Li, Li; Minaei, Mohsen; Mazhar, M. Hammad; Xian, Kailiang; Hoque, Endadul; Chowdhury, Omar; Chau, Sze Yiu (, the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS ’21))
-
Debnath, Joyanta; Chau, Sze Yiu; Chowdhury, Omar (, Lecture notes in computer science)Conti, Mauro; Zhou, Jianying; Spognardi, Angelo (Ed.)Increasingly more mobile browsers are developed to use proxies for traffic compression and censorship circumvention. While these browsers can offer such desirable features, their security implications are, however, not well understood, especially when tangled with TLS in the mix. Apart from vendor-specific proprietary designs, there are mainly 2 models of using proxies with browsers: TLS interception and HTTP tunneling. To understand the current practices employed by proxy-based mobile browsers, we analyze 34 Android browser apps that are representative of the ecosystem, and examine how their deployments are affecting communication security. Though the impacts of TLS interception on security was studied before in other contexts, proxy-based mobile browsers were not considered previously. In addition, the tunneling model requires the browser itself to enforce certain desired security policies (e.g., validating certificates and avoiding the use of weak cipher suites), and it is preferable to have such enforcement matching the security level of conventional desktop browsers. Our evaluation shows that many proxy-based mobile browsers downgrade the overall quality of TLS sessions, by for example allowing old versions of TLS (e.g., SSLv3.0 and TLSv1.0) and accepting weak cryptographic algorithms (e.g., 3DES and RC4) as well as unsatisfactory certificates (e.g., revoked or signed by untrusted CAs), thus exposing their users to potential security and privacy threats. We have reported our findings to the vendors of vulnerable proxy-based browsers and are waiting for their response.more » « less
