Verifying Public Terminals to Avoid Man-in-the-Middle Attacks⋆
نویسندگان
چکیده
An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that (a) all communications are indeed carried out with the intended terminal, (b) such communications are confidential, and (c) the terminal’s integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping. We have analysed several existing transaction schemes and concluded that they tend not to meet all requirements during the entire transaction. We propose a new, generic protocol that provides (a) optional terminal identification, (b) key establishment, and (c) customisable integrity assurance.
منابع مشابه
Avoiding Man-in-the-Middle Attacks When Verifying Public Terminals
An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that (a) all communications are indeed carried out with the intended terminal, (b) such communications are confidential, and (c) the terminal’s integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping. We have analysed several exis...
متن کاملBamboozling Certificate Authorities with BGP
The Public Key Infrastructure (PKI) protects users from malicious man-in-the-middle attacks by having trusted Certificate Authorities (CAs) vouch for the identity of servers on the internet through digitally signed certificates. Ironically, the mechanism CAs use to issue certificates is itself vulnerable to man-in-the-middle attacks by network-level adversaries. Autonomous Systems (ASes) can ex...
متن کاملA Privacy-preserving Architecture for Ubiquitous Public Transport Systems based on E-ticketing
In this paper, we present a privacy-preserving architecture for a public transport system. The Transport Authority (TA) is prevented from learning e-ticket IDs and operates only on pseudonyms created by a trusted third party (TTP). Furthermore, the widely distributed terminals are prevented from tracking valid e-tickets during validation. Mutual authentication between terminals and e-tickets is...
متن کاملUsing Description Logics for Man in the Middle Attack Analysis
The emerging size and complexity of computer networks and also various services provided by them makes the networks vulnerable to numerous attacks. Although in the last few years a more logical approach to TCP/IP network security problem has been followed, a complete and sound formal approach to this problem is lacking. In this paper, we propose using Description Logics as a formal model to ana...
متن کاملMitigating the attacks of malicious terminals
Smart cards, having no user interface, are unable to communicate with the user directly. Communication is only possible with the aid of a terminal, which leads to several security problems. For example, if the terminal is untrusted (which is a very typical scenario), it may perform a man-in-the middle attack. I have created a formal model for dealing with untrusted terminals, and developed math...
متن کامل