Abstract: In this research a utilization of SSL stripping attacks is analyzed, which represents big security exploitation issue for the network as it can intercept HTTP traffic that should go over encrypted communication set under SSL/TLS protocol. The types of attack the study describes are hardly new to experts in network and session security, but it helps them see what vulnerabilities they exploit. In order to protect the UCB, we present a new type of hybrid cryptosystem called ECC-GCM based on Optimal Asymmetric Encryption Padding (OAEP), Elliptic Curve Cryptography (ECC) and Advanced Encryption Standard in Galois/Counter Mode(AES GCM). ECC has been selected because of its computational efficiency to reduce bandwidth and computational overhead hence making it suitable for resource-constrained environments like mobile, IoT devices. Authenticated encryption: to guarantee the confidentiality and integrity of data in transit used AES-GCM.
The ECC and AES-GCM into a hybrid cryptosystem for ultimate security both in the secure key exchange using ECC method against SSL stripping attack, as well symmetric encryption likeAES-GCM. The speed and lower computational requirements of ECC can also be combined with the strong encryption in AES-GCM to create a secure data transfer. We implemented the system and empirically evaluated its performance, demonstrating it is practical at providing cryptographic security even against MITM attacks over multiple network infrastructures. It also highlights the importance of using modern cryptographic mechanisms such as ECC and AEAD AES to defend against emerging types of threats, in order for digital communications between systems or software components can succeed.
Keywords: SSL Stripping Attacks, Elliptic Curve Cryptography (ECC), Advanced Encryption Standard (AES), Authenticated Encryption, Key Exchange, Data Integrity
| DOI: 10.17148/IJARCCE.2024.13713