Man-in-the-Middle Attack to the HTTPS Protocol

被引:179
|
作者
Callegati, Franco [1 ]
Cerroni, Walter [1 ]
Ramilli, Marco
机构
[1] Univ Bologna, Commun Networks, I-40126 Bologna, Italy
来源
IEEE SECURITY & PRIVACY | 2009年 / 7卷 / 01期
关键词
Address Resolution Protocol; ARP poisoning; DNS spoofing; Domain Name System; HTTPS; Man in the middle; MITM; Self-signed certificate; WEB security;
D O I
10.1109/MSP.2009.12
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
As defenders, it is extremely dangerous to be ignorant of how attackers can disrupt our systems. Without a good understanding of the relative ease of certain attacks, it's easy to adopt poor policies and procedures. A good example of this is the tendency for some organizations to use invalid or "self-signed" certifications for SSL, an approach that both trains the user to ignore certificate warnings displayed by the browser and leaves connections vulnerable to man in the middle attacks. In this article, we illustrate how easy such attacks are to execute; we hope this will serve as an incentive to adopt defenses that not only seem secure, but actually are! © 2009 IEEE.
引用
收藏
页码:78 / 81
页数:4
相关论文
共 50 条
  • [31] Implementation and Analysis of Penetration Techniques Using the Man-In-The-Middle Attack
    Arnaldy, Defiana
    Perdana, Audhika Rahmat
    2019 2ND INTERNATIONAL CONFERENCE OF COMPUTER AND INFORMATICS ENGINEERING (IC2IE 2019): ARTIFICIAL INTELLIGENCE ROLES IN INDUSTRIAL REVOLUTION 4.0, 2019, : 188 - 192
  • [32] Nino Man-In-The-Middle attack on Bluetooth Secure Simple Pairing
    Hypponen, Konstantin
    Haataja, Keijo M. J.
    2007 THIRD IEEE/IFIP INTERNATIONAL CONFERENCE IN CENTRAL ASIA ON INTERNET, 2007, : 64 - 68
  • [33] Principle of and Protection of Man-in-the-middle Attack Based on ARP Spoofing
    Hao, Guo
    Tao, Guo
    JOURNAL OF INFORMATION PROCESSING SYSTEMS, 2009, 5 (03): : 131 - 134
  • [34] A self-confirming engine for preventing man-in-the-middle attack
    Kanamori, M
    Kobayashi, T
    Yamaguchi, S
    IEICE TRANSACTIONS ON COMMUNICATIONS, 2004, E87B (03) : 530 - 538
  • [35] Research on User Authentication Scheme against the Man-in-the-Middle Attack
    Zhou, Xiancun
    Xiong, Yan
    Liu, Renjin
    INFORMATION COMPUTING AND APPLICATIONS, PT 2, 2012, 308 : 1 - 8
  • [36] Research on Man-in-the-Middle Denial of Service Attack in SIP VoIP
    Chen, Zhe
    Guo, Shize
    Zheng, Kangfeng
    Li, Haitao
    NSWCTC 2009: INTERNATIONAL CONFERENCE ON NETWORKS SECURITY, WIRELESS COMMUNICATIONS AND TRUSTED COMPUTING, VOL 2, PROCEEDINGS, 2009, : 263 - +
  • [37] Comprehensive Demonstration of Man-in-the-Middle Attack in PDC and PMU Network
    Swain, Kamakshi Prashadini
    Tiwari, Amit
    Sharma, Ankush
    Chakrabarti, Saikat
    Karkare, Amey
    2022 22ND NATIONAL POWER SYSTEMS CONFERENCE, NPSC, 2022,
  • [38] Live Demonstration: Man-in-the-Middle Attack on Edge Artificial Intelligence
    Hu, Bowen
    He, Weiyang
    Wang, Si
    Liu, Wenye
    Chang, Chip-Hong
    2024 IEEE INTERNATIONAL SYMPOSIUM ON CIRCUITS AND SYSTEMS, ISCAS 2024, 2024,
  • [39] Different Flavours of Man-In-The-Middle Attack, Consequences and Feasible Solutions
    Nayak, Gopi Nath
    Samaddar, Shefalika Ghosh
    PROCEEDINGS OF 2010 3RD IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY (ICCSIT 2010), VOL 5, 2010, : 491 - 495
  • [40] VULNERABILITY OF "A NOVEL PROTOCOL-AUTHENTICATION ALGORITHM RULING OUT A MAN-IN-THE-MIDDLE ATTACK IN QUANTUM CRYPTOGRAPHY"
    Abidin, Aysajan
    Larsson, Jan-Ake
    INTERNATIONAL JOURNAL OF QUANTUM INFORMATION, 2009, 7 (05) : 1047 - 1052
12345