Fingerprints
Farhan Ishraque
Allen ISD STEAM Center
Advanced Computer Science II
Mr. Ben Yaakov
August 25th
The two primary functions of HTTPS connections are security and privacy. It enhances the user's security and privacy more than standard HTTP. S in HTTPS stands for secure and the information sent back and forth over connections is highly regulated (Gibson, n.d.).
HTTPS Proxy Appliance is a proxy that uses the HTTP protocol over SSL. It gives better protection, and the data from the site and the connections are encrypted with better security, making it harder to be spoofed and hacked. Private institutions have started using this due to everyone using HTTPS nowadays which makes it harder for institutions to see their actions ( Gibson, n.d.).
MITM means man-in-the-middle and is a cyberattack in which a person intercepts the connection of two parties.MITM is risky because the attacker can get valuable information like credit card numbers or confidential information that was only supposed to be shared between the parties who were sending information back and forth (Man-in-the-middle, 2002).
Hashes are complex algorithms that process every single bit of data to make sure websites are not getting intercepted by SSL connection by checking its fingerprints. An SSL interception cannot spoof a site's real fingerprints so hashes can check if the site has been spoofed or not depending if the fingerprints match or not. The qualities that make a hash good are using all input data to match fingerprints and being efficiently used and having keys distributed uniformly (Hash Funtions, n.d.)
Certificate Authorities also called CA are entities that verify a site's legitimacy. Websites trying to connect to browsers have to first go through CA’s verification and show with sufficient information that it is reliable. After checking the website’s reliability, CA signs the site's security certificate and the browser has a list of the security certificates the CA has signed so it knows if the website is legitimate or not.
SSL interceptions cannot be prevented since it spoofs the web server’s certificate and impersonates it making it hard to notice but they can be detected through hashes because they cannot duplicate the private key of the original website (Kirjazovas, 2020).
False positive is a mistake in thinking that certificate names are different therefore they might be intercepted by SSL but in reality, it is the same website but has a different certificate name because of a different URL link. False negative is thinking that there is no SSL interception when in reality there is because of different fingerprints.
My school/government/ISP has no right to eavesdrop on my communications because it violates my privacy and it is illegal to do it.
References:
SparkNotes. (n.d.). Sparknotes. Retrieved August 25, 2022, from
https://www.sparknotes.com/cs/searching/hashtables/section2/
Wikimedia Foundation. (2022, August 12). Man-in-the-middle attack. Wikipedia.
Retrieved August 25, 2022, from https://en.wikipedia.org/wiki/Man-in-the-middle_attack
Steve Gibson, G. I. B. S. O. N. R. E. S. E. A. R. C. H. C. O. R. P. O. R. A. T. I. O. N. (n.d.).
GRC : SSL TLS HTTPS web server certificate fingerprints . GRC | SSL TLS HTTPS Web
Server Certificate Fingerprints . Retrieved August 25, 2022, from
https://www.grc.com/fingerprints.htm#top
Kirjazovas, V. (2020, April 16). What is an SSL proxy and how does it work? Oxylabs.
Retrieved August 25, 2022, from
https://oxylabs.io/blog/what-is-an-ssl-proxy-and-benefits