Man-in-the-Middle Attack to the HTTPS Protocol

被引:179
|
作者
Callegati, Franco [1 ]
Cerroni, Walter [1 ]
Ramilli, Marco
机构
[1] Univ Bologna, Commun Networks, I-40126 Bologna, Italy
来源
IEEE SECURITY & PRIVACY | 2009年 / 7卷 / 01期
关键词
Address Resolution Protocol; ARP poisoning; DNS spoofing; Domain Name System; HTTPS; Man in the middle; MITM; Self-signed certificate; WEB security;
D O I
10.1109/MSP.2009.12
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
As defenders, it is extremely dangerous to be ignorant of how attackers can disrupt our systems. Without a good understanding of the relative ease of certain attacks, it's easy to adopt poor policies and procedures. A good example of this is the tendency for some organizations to use invalid or "self-signed" certifications for SSL, an approach that both trains the user to ignore certificate warnings displayed by the browser and leaves connections vulnerable to man in the middle attacks. In this article, we illustrate how easy such attacks are to execute; we hope this will serve as an incentive to adopt defenses that not only seem secure, but actually are! © 2009 IEEE.
引用
收藏
页码:78 / 81
页数:4
相关论文
共 50 条
  • [1] Taxonomy of Man-in-the-Middle Attacks on HTTPS
    Stricot-Tarboton, Shaun
    Chaisiri, Sivadon
    Ko, Ryan K. L.
    2016 IEEE TRUSTCOM/BIGDATASE/ISPA, 2016, : 527 - 534
  • [2] Strengthening Megrelishvili Protocol Against Man-in-The-Middle Attack
    Arzaki, Muhammad
    2018 6TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY (ICOICT), 2018, : 274 - 280
  • [3] RFID Authentication Protocol Resistant to the Man-in-the-Middle Attack
    Zhai, Li
    Wu, ChuanKun
    INTERNATIONAL CONFERENCE ON SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2014, PT II, 2015, 153 : 41 - 47
  • [4] Deniable Authentication Protocol Resisting Man-in-the-Middle Attack
    Han, Song
    Liu, Wanquan
    Chang, Elizabeth
    PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY, VOL 3, 2005, 3 : 161 - 164
  • [5] Revisiting man-in-the-middle attacks against HTTPS
    Kampourakis V.
    Kambourakis G.
    Chatzoglou E.
    Zaroliagis C.
    Network Security, 2022, 2022 (03)
  • [6] Advanced Protocol to Prevent Man-in-the-middle Attack in SCADA System
    Oh, Sangkyo
    Chung, Hyunji
    Lee, Sangjin
    Lee, Kyungho
    INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2014, 8 (02): : 1 - 8
  • [7] Man-in-the-middle Attack on BB84 Protocol and its Defence
    Wang Yong
    Wang Huadeng
    Li Zhaohong
    Huang Jinxiang
    2009 2ND IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY, VOL 3, 2009, : 433 - 434
  • [8] Covert Channel using Man-In-The-Middle over HTTPS
    Johnson, Matthew
    Lutz, Peter
    Johnson, Daryl
    2016 INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE & COMPUTATIONAL INTELLIGENCE (CSCI), 2016, : 917 - 922
  • [9] Man-in-the-Middle Attack in HTTP/2
    Patni, Parth
    Iyer, Kartik
    Sarode, Rohan
    Mali, Amit
    Nimkar, Anant
    PROCEEDINGS OF 2017 INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTING AND CONTROL (I2C2), 2017,
  • [10] Optimal Man-In-The-Middle Stealth Attack
    Faramondi, Luca
    Oliva, Gabriele
    Setola, Roberto
    CRITICAL INFORMATION INFRASTRUCTURES SECURITY, CRITIS 2021, 2021, 13139 : 44 - 59
12345