The Role of Authentication Tokens in Preventing Man-in-the-Middle Attacks
ثبت نشده
چکیده
Security threats and potential breaches can stem from a wide variety of vulnerabilities, ranging from simple password theft or spyware to Trojan horses, keyword sniffers and more. But the tactic that combines high levels of deception, great potential risk of loss and broad distribution is a new form of “man-in-themiddle” attack—real-time phishing. Man-in-the-middle attacks are not new—they’ve been used in various contexts (such as password snatching) for years. However, combined with social engineering attacks and web spyware, the man-in-the-middle attack is now a more powerful type of phishing. The Role of Authentication Tokens in Preventing Man-in-the-Middle Attacks
منابع مشابه
A TESLA-based mutual authentication protocol for GSM networks
The widespread use of wireless cellular networks has made security an ever increasing concern. GSM is the most popular wireless cellular standard, but security is an issue. The most critical weakness in the GSM protocol is the use of one-way entity authentication, i.e., only the mobile station is authenticated by the network. This creates many security problems including vulnerability against m...
متن کاملIntercepting Tokens: The Empire Strikes Back in the Clone Wars
We discuss interception attacks on cryptographic protocols which rely on trustworthy hardware like one-time memory tokens (Goldwasser et al., Crypto 2008). In such attacks the adversary can mount man-in-the-middle attacks and access, or even substitute, transmitted tokens. We show that many of the existing token-based protocols are vulnerable against this kind of attack, which typically lies ou...
متن کاملSSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle
Man-in-the-middle attacks pose a serious threat to SSL/TLSbased electronic commerce applications, such as Internet banking. In this paper, we argue that most deployed user authentication mechanisms fail to provide protection against this type of attack, even when they run on top of SSL/TLS. As a possible countermeasure, we introduce the notion of SSL/TLS session-aware user authentication, and p...
متن کاملSSL/TLS session-aware user authentication revisited
Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, and there are only a few technologies available to mitigate the risks. In [OHB05], we introduced the notion of SSL/TLS session-aware user authentication to protect SSL/TLSbased e-commerce applications against MITM attacks, and we proposed an implementation based on impersonal authentication tokens. ...
متن کاملHMAC-Based Authentication Protocol: Attacks and Improvements
As a response to a growing interest in RFID systems such as Internet of Things technology along with satisfying the security of these networks, proposing secure authentication protocols are indispensable part of the system design. Hence, authentication protocols to increase security and privacy in RFID applications have gained much attention in the literature. In this study, security and privac...
متن کامل