In this paper, we propose a new mechanism for counteracting ARP (Address Resolution Protocol) poisoning-based Man-in-the-Middle (MITM) attacks in a subnet, where wired and wireless nodes can coexist. The key idea is that even a new node can be protected from an ARP cache poisoning attack if the mapping between an IP and the corresponding MAC addresses is resolved through fair voting among neigh...

The innovative HB protocol of Juels and Weis [10] extends device authentication to low-cost RFID tags. However, despite the very simple on-tag computation there remain some practical problems with HB and despite an elegant proof of security against some limited active attacks, there is a simple man-in-the-middle attack due to Gilbert et al. [8]. In this paper we consider improvements to HB in t...

Transparency is crucial in security-critical applications that rely on authoritative information, as it provides a robust mechanism for holding these authorities accountable for their actions. A number of solutions have emerged in recent years that provide transparency in the setting of certificate issuance, and Bitcoin provides an example of how to enforce transparency in a financial setting. ...

An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that (a) all communications are indeed carried out with the intended terminal, (b) such communications are confidential, and (c) the terminal’s integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping. We have analysed several exis...

The Man-in-the-Middle (MiM ) attack is used by attackers to perform sniffing activities in switched LAN networks. The potential damage to a network from sniffing activities can be very significant. This paper proposes a mechanism for detecting malicious hosts performing MiM attack in switched LAN networks. The proposed mechanism consists of sending trap and spoofed packets to the network’s host...

This paper presents a novel framework to substantiate selfsigned certificates in the absence of a trusted certificate authority. In particular, we aim to address the problem of web-based SSL man-in-themiddle attacks. This problem originates from the fact that public keys are distributed through insecure channels prior to encryption. Therefore, a man-in-the-middle attacker may substitute an arbi...

This paper provides the first analytical and practical treatment of entity authentication and authenticated key exchange in the framework of Tree Parity Machines (TPMs). The interaction of TPMs has been discussed as an alternative concept for secure symmetric key exchange. Several attacks have been proposed on the non-authenticated principle. Adding and some extra entity authentication method i...

Efficient Cryptographic Protocols Preventing “Man-in-the-Middle” Attacks

In this paper we consider TLS Man-In-The-Middle (MITM) attacks in the context of web applications, where the attacker is able to successfully impersonate the legitimate server to the user, with the goal of impersonating the user to the server and thus compromising the user’s online account and data. We describe in detail why the recently proposed client authentication protocols based on TLS Cha...

In distance-bounding protocols, verifiers use a clock to measure the time elapsed in challenge-response rounds, thus upper-bounding their distance to the prover. This should prevent man-in-the-middle (MITM) relay attacks. Distance-bounding protocols may aim to prevent several attacks, amongst which terrorist fraud, where a dishonest prover helps the adversary to authenticate, but without passin...