Man-in-the-Middle Attacks Evolved... but Our Security Models Didn't
نویسندگان
چکیده
The security community seems to be thoroughly familiar with man-in-the-middle attacks. However, the common perception of this type of attack is outdated. It originates from when network connections were fixed, not mobile, before 24/7 connectivity became ubiquitous. The common perception of this attack stems from an era before the vulnerability of the protocol’s context was realised. Thanks to revelations by Snowden and by currently available man-in-the-middle tools focused on protocol meta-data (such as so-called “Stingrays” for cellphones), this view is no longer tenable. Security protocols that only protect the contents of their messages are insufficient. Contemporary security protocols must also take steps to protect their context: who is talking to whom, where is the sender located, etc. In short: the attacker has evolved. It’s high time for our security models and requirements to catch up.
منابع مشابه
A TESLA-based mutual authentication protocol for GSM networks
The widespread use of wireless cellular networks has made security an ever increasing concern. GSM is the most popular wireless cellular standard, but security is an issue. The most critical weakness in the GSM protocol is the use of one-way entity authentication, i.e., only the mobile station is authenticated by the network. This creates many security problems including vulnerability against m...
متن کاملTrusted-HB: a low-cost version of HB+ secure against Man-in-The-Middle attacks
Since the introduction at Crypto’05 by Juels and Weis of the protocol HB, a lightweight protocol secure against active attacks but only in a detection based-model, many works have tried to enhance its security. We propose here a new approach to achieve resistance against Man-in-The-Middle attacks. Our requirements – in terms of extra communications and hardware – are surprisingly low.
متن کاملDistributed Secure Intrusion - Detection System for Wireless Sensor Network
Invention of wireless network has brought up drastic change in networking. Mobile Ad hoc NETwork (MANET) has been evolved as one of the promising technology based on implementation of wireless network. Providing mobility, flexible infrastructure, fast and low cost deplyoment are the key features of MANET. MANET is being most widely used wireless technology has limited security against network a...
متن کاملThe Role of Authentication Tokens in Preventing Man-in-the-Middle Attacks
Security threats and potential breaches can stem from a wide variety of vulnerabilities, ranging from simple password theft or spyware to Trojan horses, keyword sniffers and more. But the tactic that combines high levels of deception, great potential risk of loss and broad distribution is a new form of “man-in-themiddle” attack—real-time phishing. Man-in-the-middle attacks are not new—they’ve b...
متن کاملNew Fixed Point Attacks on GOST2 Block Cipher
GOST block cipher designed in the 1970s and published in 1989 as the Soviet and Russian standard GOST 28147-89. In order to enhance the security of GOST block cipher after proposing various attacks on it, designers published a modified version of GOST, namely GOST2, in 2015 which has a new key schedule and explicit choice for S-boxes. In this paper, by using three exactly identical portions of ...
متن کامل