In this paper we describe two novel methods for active detection and prevention of ARPpoisoning-based Man-in-the-Middle (MitM) attacks on switched Ethernet LANs. As a stateless and inherently insecure protocol, ARP has been used as a relatively simple means to launch Denial-of-Service (DoS) and MitM attacks on local networks and multiple solutions have been proposed to detect and prevent these ...

The meet-in-the-middle (MITM) attack has prove to be efficient in analyzing the AES block cipher. Its efficiency has been increasing with the introduction of various techniques such as differential enumeration, key-dependent sieve, super-box etc. The recent MITM attack given by Li and Jin has successfully mounted to 10-round AES-256. Crypton is an AES-like block cipher. In this paper, we apply ...

Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, such as Internet banking. SSL/TLS session-aware user authentication can be used to mitigate the risks and to protect users against MITM attacks in an SSL/TLS setting. In this paper, we further delve into SSL/TLS session-aware user authentication and possibilities to implement it. More specifically, ...

This paper presents ongoing work towards extensions of meetin-the-middle (MITM) attacks on block ciphers. Exploring developments in MITM attacks in hash analysis such as: (i) the splice-and-cut technique; (ii) the indirect-partial-matching technique. Our first contribution is that we show corrections to previous cryptanalysis and point out that the key schedule is more vulnerable to MITM attack...

With the recent revelations about pervasive surveillance on the Internet, there is renewed interest in techniques that protect against passive eavesdropping without relying on a Public Key Infrastructure (PKI). An ephemeral Diffie-Hellman (DH) key agreement can provide such protection, but (without authentication) the exchange is vulnerable to a Man in the Middle (MitM) attack. An example of a ...

Meet-in-the-Middle (MitM) fault analysis is a kind of powerful cryptanalytic approach suitable for various block ciphers. When applying the method to analyze the security of block ciphers, it is very crucial to find effective MitM characteristics based on some fault models. In this paper, we investigate the security of word-oriented SPN block ciphers by means of MitM fault analysis, and observe...

Wired networks are prone to the same attacks as wireless ones, including sniffing, spoofing and Man-in-the-middle attacks (MITM). In this paper we show how wireless networks are particularly vulnerable to a simple MITM that can make even rudimentary web surfing dangerous. We describe how we performed the attack and its ramifications. We argue why it is essential to have a VPN tunnel from the cl...

in this paper, the security of a distance bounding protocol is analyzed which has been recently proposed by jannati and falahati (so-called jf). we prove that an adversary can recover key bits of jf protocol with probability of “1” while the complexity of attack is “2n” runs of protocol. in addition, we propose an improved protocol and prove that the improved protocol is resistant to mafia frau...

This paper presents a new generic technique, named sievein-the-middle, which improves meet-in-the-middle attacks in the sense that it provides an attack on a higher number of rounds. Instead of selecting the key candidates by searching for a collision in an intermediate state which can be computed forwards and backwards, we look for the existence of valid transitions through some middle sbox. C...

We present a protocol enabling two legitimate partners sharing an initial secret to mutually authenticate and to exchange an encryption session key. The opponent is an active Man In The Middle (MITM) with unlimited calculation and storage capacities. The resistance to unlimitedly powered MITM is obtained through the combined use of Deep Random secrecy, formerly introduced [9] and proved as unco...