Securing e-voting against MITM attacks
نویسندگان
چکیده
Man in the middle attacks involve the interception and retransmission of electronic messages in a way that the original parties will presume that their communication is secure. Such an attack could be a threat to any electronic voting scenario. This paper proposes a novel method for preventing this kind of attacks by including in the transaction a challenge-response test. The human end-user is asked to vote through an image-based challenge that will foil a typical automated software-based attack. The image is crafted so as to include multiple challenge nonces as a way to select the user’s vote. The approach’s strength is based on the difficulty of malicious software to falsify the image or emulate the user’s response.
منابع مشابه
A Proof of concept Implementation of SSL/TLS Session-Aware User Authentication
Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, such as Internet banking. SSL/TLS session-aware user authentication can be used to mitigate the risks and to protect users against MITM attacks in an SSL/TLS setting. In this paper, we further delve into SSL/TLS session-aware user authentication and possibilities to implement it. More specifically, ...
متن کاملCollaborative approach to mitigating ARP poisoning-based Man-in-the-Middle attacks
In this paper, we propose a new mechanism for counteracting ARP (Address Resolution Protocol) poisoning-based Man-in-the-Middle (MITM) attacks in a subnet, where wired and wireless nodes can coexist. The key idea is that even a new node can be protected from an ARP cache poisoning attack if the mapping between an IP and the corresponding MAC addresses is resolved through fair voting among neigh...
متن کاملMitigating ARP Poisoning-based Man-in-the-Middle Attacks in Wired or Wireless LAN
In this article, an enhanced version of address resolution protocol (ARP) is proposed to prevent ARP poisoningbased man-in-the-middle (MITM) attacks in wired or wireless LAN environments. The proposed mechanism is based on the idea that when a node knows the correct MAC address for a given IP address, if it does not delete the mapping while the machine is alive, then MITM attack is not possible...
متن کاملOptimal Personalized Defense Strategy Against Man-In-The-Middle Attack
The Man-In-The-Middle (MITM) attack is one of the most common attacks employed in the network hacking. MITM attackers can successfully invoke attacks such as denial of service (DoS) and port stealing, and lead to surprisingly harmful consequences for users in terms of both financial loss and security issues. The conventional defense approaches mainly consider how to detect and eliminate those a...
متن کاملA Off-Path TCP Injection Attacks
TCP is the main transport protocol over the Internet, ensuring reliable and efficient connections. TCP is trivially vulnerable to man-in-the-middle (MitM) attackers; they can intercept, modify and inject TCP traffic [Joncheray 1995]. Despite significant possible threats, a common assumption is that MitM capabilities are difficult to obtain; this assumption is demonstrated by OWASP’s list of top...
متن کامل