Avoiding Man-in-the-Middle Attacks When Verifying Public Terminals
نویسندگان
چکیده
An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that (a) all communications are indeed carried out with the intended terminal, (b) such communications are confidential, and (c) the terminal’s integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping. We have analysed several existing transaction schemes and concluded that they tend not to meet all requirements during the entire transaction. We propose a new, generic protocol that provides (a) optional terminal identification, (b) key establishment, and (c) customizable integrity assurance.
منابع مشابه
Verifying Public Terminals to Avoid Man-in-the-Middle Attacks⋆
An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that (a) all communications are indeed carried out with the intended terminal, (b) such communications are confidential, and (c) the terminal’s integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping. We have analysed several exis...
متن کاملBamboozling Certificate Authorities with BGP
The Public Key Infrastructure (PKI) protects users from malicious man-in-the-middle attacks by having trusted Certificate Authorities (CAs) vouch for the identity of servers on the internet through digitally signed certificates. Ironically, the mechanism CAs use to issue certificates is itself vulnerable to man-in-the-middle attacks by network-level adversaries. Autonomous Systems (ASes) can ex...
متن کاملA Privacy-preserving Architecture for Ubiquitous Public Transport Systems based on E-ticketing
In this paper, we present a privacy-preserving architecture for a public transport system. The Transport Authority (TA) is prevented from learning e-ticket IDs and operates only on pseudonyms created by a trusted third party (TTP). Furthermore, the widely distributed terminals are prevented from tracking valid e-tickets during validation. Mutual authentication between terminals and e-tickets is...
متن کاملExpires in six months
Additional discussion of when a server should and should not advertise the STARTTLS extension (section 5) Changed the requirements on SMTP clients after receiving a 220 response. Added a requirement to understand Client Hello messages for earlier versions of SSL. More discussion of the man-in-the-middle attacks (sections 5 and 7) Clarified section 5.1 on verifying certificates Added section 5.3...
متن کاملInternet Draft Expires in Six Months Smtp Service Extension for Secure Smtp over Tls
Additional discussion of when a server should and should not advertise the STARTTLS extension (section 5) More discussion of the man-in-the-middle attacks (sections 5 and 7) Clarified section 5.1 on verifying certificates Added section 5.3, STARTTLS on the Submission Port Bug fix in the example in section 6 to indicate that the client needs to issue a new EHLO command, as already is described i...
متن کامل