Abstract
With the ever-growing use of the Internet in our daily lives, an increase of potentially sensitive data being shared and accessed online is observed. Web apps and browsers are the main tools used by Internet users, so being able to guarantee secure browsing is a key point. In this context, this paper explores key aspects of web security and privacy in two of the most widely used browsers worldwide - Google Chrome and Microsoft Edge, running in different operating systems - Windows and Linux. Whilst emulating a browsing routine of a common web user for navigating through heterogeneous services, the aim is to verify if the content being shared online is properly secure. For this purpose, a comparative analysis based on collected web-browsing traffic, protocols in use, cookies and related policies is carried out, being the main browsers’ vulnerabilities identified and discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Elgohary, A., Sobh, T.S., Zaki, M.: Design of an enhancement for SSL/TLS protocols. Comput. Secur. 25, 297–306 (2006)
Stallings, W.: Cryptography and Network Security: Principles and Practices, 8th edn. Pearson (2020)
Liu, C., Han, J., Wei, Q.: browser identification based on encrypted traffic. In: International Conference on Communications, Information Management and Network Security (CIMNS) (2016)
Satapathy, A., Livingston, J.: A comprehensive survey on SSL/TLS and their vulnerabilities. Int. J. Comput. Appl. (2016)
Muehlstein, J., Zion, Y., Bahumi, M., Kirshenboim, I., Dubin, R., Dvir, A., Pele, O.: Analyzing HTTPS encrypted traffic to identify user’s operating system, browser and application. IEEE Access (2017)
Husák, M., Cermák, M., Jirsík, T., Čeleda, P.: HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting. EURASIP J. Inf. Secur. 2016, 6 (2016)
Felt, A.P., Barnes, R., King, A., Palmer, C., Bentzel, C., Tabriz, P.: Measuring HTTPS adoption on the web. In: 26th USENIX Security Symposium (2017)
Kausar, F., Aljumah, S., Alzaydi, S., Alroba, R.: Traffic Analysis Attack for Identifying Users’ Online Activities. IEEE Computer Society (2019)
Al Khater, N., Overill, R.E.: Network traffic classification techniques and challenges. In: The 10th International Conference on Digital Information Management (ICDIM) (2016)
Hu, Q., Asghar, M.R., Brownlee, N.: A large-scale analysis of HTTPS deployments: challenges, solutions, and recommendations. J. Comput. Secur. 29(1), 1–26 (2021)
Calzavara, S., Focardi, R., Nemec, M., Rabitti, A., Squarcina, M.: Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. In: Proceedings - IEEE Symposium on Security and Privacy, vol. 2019 (2019)
Kwon, H., Nam, H., Lee, S., Hahn, C., Hur, J.: (In-)Security of cookies in HTTPS: cookie theft by removing cookie flags. IEEE Trans. Inf. Forensics Secur. 15, 1204–1215 (2020)
Zhang, J., Yang, L., Gao, X., Tang, G., Zhang, J., Wang, Q.: Formal analysis of QUIC handshake protocol using symbolic model checking. IEEE Access 9 (2021)
Acknowledgments
This work has been supported by FCT - Fundação para a Ciência e Tecnologia within the R&D Units Project Scope: UIDB/00319/2020.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ramires, M., Machado, C., Gomes, A., Carvalho, P., Rito Lima, S. (2022). Is Web Browsing Secure?. In: Rocha, A., Adeli, H., Dzemyda, G., Moreira, F. (eds) Information Systems and Technologies. WorldCIST 2022. Lecture Notes in Networks and Systems, vol 468. Springer, Cham. https://doi.org/10.1007/978-3-031-04826-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-04826-5_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-04825-8
Online ISBN: 978-3-031-04826-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)