Man-in-the-Middle Attack to the HTTPS Protocol

被引:179
|
作者
Callegati, Franco [1 ]
Cerroni, Walter [1 ]
Ramilli, Marco
机构
[1] Univ Bologna, Commun Networks, I-40126 Bologna, Italy
来源
IEEE SECURITY & PRIVACY | 2009年 / 7卷 / 01期
关键词
Address Resolution Protocol; ARP poisoning; DNS spoofing; Domain Name System; HTTPS; Man in the middle; MITM; Self-signed certificate; WEB security;
D O I
10.1109/MSP.2009.12
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
As defenders, it is extremely dangerous to be ignorant of how attackers can disrupt our systems. Without a good understanding of the relative ease of certain attacks, it's easy to adopt poor policies and procedures. A good example of this is the tendency for some organizations to use invalid or "self-signed" certifications for SSL, an approach that both trains the user to ignore certificate warnings displayed by the browser and leaves connections vulnerable to man in the middle attacks. In this article, we illustrate how easy such attacks are to execute; we hope this will serve as an incentive to adopt defenses that not only seem secure, but actually are! © 2009 IEEE.
引用
收藏
页码:78 / 81
页数:4
相关论文
共 50 条
  • [41] 论Man-in-the-Middle Attack对“云”资源威胁
    王天明
    网络安全技术与应用, 2012, (02) : 37 - 39
  • [42] On Man-in-the-Middle Attack Risks of the VPN Gate Relay System
    Sun, Yunxiao
    Wang, Bailing
    Wang, Chao
    Wei, Yuliang
    SECURITY AND COMMUNICATION NETWORKS, 2021, 2021
  • [43] Optimal Personalized Defense Strategy Against Man-In-The-Middle Attack
    Li, Xiaohong
    Li, Shuxin
    Hao, Jianye
    Feng, Zhiyong
    An, Bo
    THIRTY-FIRST AAAI CONFERENCE ON ARTIFICIAL INTELLIGENCE, 2017, : 593 - 599
  • [44] An HTTPS approach to resist Man In The Middle attack in secure SMS
    Khan, Muhammad Murad
    Bakhtiari, Majid
    Bakhtiari, Saeid
    JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2014, 9 (03): : 157 - 166
  • [45] The Man-in-the-Middle Defence
    Anderson, Ross
    Bond, Mike
    SECURITY PROTOCOLS, 2009, 5087 : 153 - 156
  • [46] Man-in-the-Middle Attack on "Quantum Dialogue with Authentication Based on Bell States"
    Lin, Tzu-Han
    Lin, Ching-Ying
    Hwang, Tzonelih
    INTERNATIONAL JOURNAL OF THEORETICAL PHYSICS, 2013, 52 (09) : 3199 - 3203
  • [47] Quantum man-in-the-middle attack on the calibration process of quantum key distribution
    Fei, Yang-Yang
    Meng, Xiang-Dong
    Gao, Ming
    Wang, Hong
    Ma, Zhi
    SCIENTIFIC REPORTS, 2018, 8
  • [48] AUTOMATED MAN-IN-THE-MIDDLE ATTACK AGAINST WI-FI NETWORKS
    Vondracek, Martin
    Pluskal, Jan
    Rysavy, Ondrej
    JOURNAL OF DIGITAL FORENSICS SECURITY AND LAW, 2018, 13 (01) : 59 - 80
  • [49] Man-in-the-Middle Attack and Its Countermeasure in Bluetooth Secure Simple Pairing
    Mutchukota, Thrinatha R.
    Panigrahy, Saroj Kumar
    Jena, Sanjay Kumar
    COMPUTER NETWORKS AND INTELLIGENT COMPUTING, 2011, 157 : 367 - 376
  • [50] Seeing the Unseen: The REVEAL Protocol to Expose the Wireless Man-in-the-Middle
    Ganji, Santosh
    Kumar, P. R.
    IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, 2024, 23 (11) : 17143 - 17156
12345