In this paper, we present a systematic study of browser cache poisoning (BCP) attacks, wherein a network attacker performs a one-time Man-In-The-Middle (MITM) attack on a user’s HTTPS session, and substitutes cached resources with malicious ones. We investigate the feasibility of such attacks on five mainstream desktop browsers and 16 popular mobile browsers. We find that browsers are highly in...

Information has always been very valuable. Computers are entrusted to maintain and process massive amounts of information. This makes them valuable targets to attackers. One of the most devastating forms of attack is when an attacker gains access to the information without the victim even being aware of it. This paper explores some of the means by which this surreptitious access to information ...

One of the most common attacks is man-in-the-middle (MitM) which, due to its complex behaviour, difficult detect by traditional cyber-attack detection systems. MitM on internet things systems take advantage special features protocols and cause system disruptions, making them invisible legitimate elements. In this work, an intrusion (IDS), where intelligent models can be deployed, approach type ...

More and more Internet traffic is encrypted. While this protects the confidentiality integrity of communication, it prevents network monitoring systems (NMS) from effectively analyzing now encrypted payloads. Many enterprise networks have deployed man-in-the-middle (MitM) proxies that intercept TLS connections at border to examine packet payloads regain visibility. However, interception via Mit...

Meet-in-the-Middle (MitM) fault analysis is a kind of powerful cryptanalytic approach suitable for various block ciphers. When applying the method to analyze the security of block ciphers, it is very crucial to find effective MitM characteristics based on some fault models. In this paper, we investigate the security of word-oriented SPN block ciphers by means of MitM fault analysis, and observe...

Presented herein is a User-SpecificKey Scheme based on Elliptic Curve Cryptography that defeats man-inthe-middle attacks cryptocurrency exchange accounts. In this scheme, separate public and private key pair assigned to every account the shifted either forward or backward elliptic curve by difference of user’s password. When user logs into his account, server sends account. The computes actual ...

We revisit meet-in-the-middle (MITM) attacks on block ciphers. Despite recent significant improvements of the MITM attack, its application is still restrictive. In other words, most of the recent MITM attacks work only on block ciphers consisting of a bit permutation based key schedule such as KTANTAN, GOST, IDEA, XTEA, LED and Piccolo. In this paper, we extend the MITM attack so that it can be...

In this paper, we present a higher order key partitioning meet-in-the-middle attack. Our attack is inspired by biclique cryptanalysis combined with higher order partitioning of the key. More precisely, we employ more than two equally sized disjoint sets of the key and drop the restrictions on the key partitioning process required for building the initial biclique structure. In other words, we s...

The AES block cipher has a 128-bit block length and a user key of 128, 192 or 256 bits, released by NIST for data encryption in the USA; it became an ISO international standard in 2005. In 2008, Demirci and Selçuk gave a meet-in-the-middle attack on 7-round AES under 192 key bits. In 2009, Demirci et al. (incorrectly) described a new meetin-the-middle attack on 7-round AES under 192 key bits. S...