Can Internet Users Protect Themselves? Challenges and Techniques of Automated Protection of HTTP Communication

Date Added: Jun 2010
Format: PDF

HTTPS enables secure access to web content and web-based services. Although supported by many content and service providers, HTTPS is oftentimes not enabled by default, as pointed out in an open letter sent to Google by security experts. In this paper, the authors discuss if and how web users can protect themselves by using HTTPS instead of HTTP. They show that many websites allow for accessing content by HTTPS instead of HTTP. However, HTTPS access must be manually configured or requested by the user, or is impossible at all, e.g., for embedded objects. For this reason, they explore how to protect users transparently by automatically using HTTPS whenever possible.