RÉSUMÉ. Le ciel européen est surchargé ; le contrôle aérien (ATC) est dépassé par la demande et les conséquences sont graves aussi bien pour les compagnies aériennes que pour les passagers. L’organisme européen de régulation du trafic (CFMU) qui est chargé d’allouer les créneaux de départs des vols afin de respecter les charges admissibles des centres de contrôles en route (ATCC) n’est pas en m...

The innovative HB protocol of Juels and Weis [10] extends device authentication to low-cost RFID tags. However, despite the very simple on-tag computation there remain some practical problems with HB and despite an elegant proof of security against some limited active attacks, there is a simple man-in-the-middle attack due to Gilbert et al. [8]. In this paper we consider improvements to HB in t...

Transparency is crucial in security-critical applications that rely on authoritative information, as it provides a robust mechanism for holding these authorities accountable for their actions. A number of solutions have emerged in recent years that provide transparency in the setting of certificate issuance, and Bitcoin provides an example of how to enforce transparency in a financial setting. ...

An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that (a) all communications are indeed carried out with the intended terminal, (b) such communications are confidential, and (c) the terminal’s integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping. We have analysed several exis...

The Man-in-the-Middle (MiM ) attack is used by attackers to perform sniffing activities in switched LAN networks. The potential damage to a network from sniffing activities can be very significant. This paper proposes a mechanism for detecting malicious hosts performing MiM attack in switched LAN networks. The proposed mechanism consists of sending trap and spoofed packets to the network’s host...

This paper presents a novel framework to substantiate selfsigned certificates in the absence of a trusted certificate authority. In particular, we aim to address the problem of web-based SSL man-in-themiddle attacks. This problem originates from the fact that public keys are distributed through insecure channels prior to encryption. Therefore, a man-in-the-middle attacker may substitute an arbi...

This paper provides the first analytical and practical treatment of entity authentication and authenticated key exchange in the framework of Tree Parity Machines (TPMs). The interaction of TPMs has been discussed as an alternative concept for secure symmetric key exchange. Several attacks have been proposed on the non-authenticated principle. Adding and some extra entity authentication method i...

Efficient Cryptographic Protocols Preventing “Man-in-the-Middle” Attacks

This paper introduces a significant new multi-disciplinary collection of studies of poverty dynamics, presenting the reader with the latest thinking by a group of researchers who are leaders in their respective disciplines. It argues that there are three main fronts on which progress must be made if we are to dramatically deepen the understanding of why poverty occurs, and significantly improve...

In this paper we consider TLS Man-In-The-Middle (MITM) attacks in the context of web applications, where the attacker is able to successfully impersonate the legitimate server to the user, with the goal of impersonating the user to the server and thus compromising the user’s online account and data. We describe in detail why the recently proposed client authentication protocols based on TLS Cha...