MAN-IN-THE-MIDDLE-ATTACK: UNDERSTANDING IN SIMPLE WORDS
Abstract
Keywords
Full Text:
PDFReferences
Meyer, Ulrike, and Susanne Wetzel. "A man-in-the-middle attack on UMTS." In Proceedings of the 3rd ACM workshop on Wireless security, pp. 90-97. ACM, 2004.
Kish, Laszlo B. "Protection against the man-in-the-middle-attack for the Kirchhoff-loop-Johnson (-like)-noise cipher and expansion by voltage-based security." Fluctuation and Noise Letters 6, no. 01 (2006): L57-L63.
Hypponen, Konstantin, and Keijo MJ Haataja. "“Nino†man-in-the-middle attack on bluetooth secure simple pairing." In Internet, 2007. ICI 2007. 3rd IEEE/IFIP International Conference in Central Asia on, pp. 1-5. IEEE, 2007.
Ouafi, Khaled, Raphael Overbeck, and Serge Vaudenay. "On the security of HB# against a man-in-the-middle attack." In International Conference on the Theory and Application of Cryptology and Information Security, pp. 108-124. Springer, Berlin, Heidelberg, 2008.
Callegati, Franco, Walter Cerroni, and Marco Ramilli. "Man-in-the-Middle Attack to the HTTPS Protocol." IEEE Security & Privacy 7, no. 1 (2009): 78-81.
Joshi, Yogesh, Debabrata Das, and Subir Saha. "Mitigating man in the middle attack over secure sockets layer." In Internet Multimedia Services Architecture and Applications (IMSAA), 2009 IEEE International Conference on, pp. 1-5. IEEE, 2009.
Desmedt, Yvo. "Man-in-the-middle attack." In Encyclopedia of cryptography and security, pp. 759-759. Springer, Boston, MA, 2011.
Sounthiraraj, David, Justin Sahs, Garret Greenwood, Zhiqiang Lin, and Latifur Khan. "Smv-hunter: Large scale, automated detection of ssl/tls man-in-the-middle vulnerabilities in android apps." In In Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS’14. 2014.
Khader, Aqeel Sahi, and David Lai. "Preventing man-in-the-middle attack in Diffie-Hellman key exchange protocol." In 22nd International Conference on Telecommunications: ICT 2015, p. 204. Engineers Australia, 2015.
Tung, Yu-Chih, Kang G. Shin, and Kyu-Han Kim. "Analog man-in-the-middle attack against link-based packet source identification." In Proceedings of the 17th ACM International Symposium on Mobile Ad Hoc Networking and Computing, pp. 331-340. ACM, 2016.
Wallace, Brian Michael, and Jonathan Wesley Miller. "Endpoint-based man in the middle attack detection using multiple types of detection tests." U.S. Patent 9,680,860, issued June 13, 2017.
Conti, Mauro, Nicola Dragoni, and Viktor Lesyk. "A survey of man in the middle attacks." IEEE Communications Surveys & Tutorials 18, no. 3 (2016): 2027-2051.
Li, Xiaohong, Shuxin Li, Jianye Hao, Zhiyong Feng, and Bo An. "Optimal Personalized Defense Strategy Against Man-In-The-Middle Attack." In AAAI, pp. 593-599. 2017.
Rahim, Robbi. "Man-in-the-middle-attack prevention using interlock protocol method." ARPN J. Eng. Appl. Sci 12, no. 22 (2017): 6483-6487.
Fei, Yang-Yang, Xiang-Dong Meng, Ming Gao, Hong Wang, and Zhi Ma. "Quantum man-in-the-middle attack on the calibration process of quantum key distribution." Scientific reports 8, no. 1 (2018): 4283.
Howell, Christopher, Robert Statica, and Kara Lynn Coppa. "In-band identity verification and man-in-the-middle defense." U.S. Patent 9,906,506, issued February 27, 2018.
Sun, Da-Zhi, Yi Mu, and Willy Susilo. "Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5. 0 and its countermeasure." Personal and Ubiquitous Computing22, no. 1 (2018): 55-67.
Usman, Karim, Awuhe T. Richard, Aboho D. Moses, and Ugba T. Pius. "A Novel Approach to Enhance the Security of Keys Shared by Users in WLAN Environments Using 3DES Algorithm." International Journal of Advanced Studies in Computers, Science and Engineering 7, no. 2 (2018): 1-7.
Valluri, Maheswara Rao. "Cryptanalysis of Xinyu et al.'s NTRU-lattice based key exchange protocol." Journal of Information and Optimization Sciences 39, no. 2 (2018): 475-479.
Kuo, En-Chun, Ming-Sang Chang, and Da-Yu Kao. "User-side evil twin attack detection using time-delay statistics of TCP connection termination." In Advanced Communication Technology (ICACT), 2018 20th International Conference on, pp. 211-216. IEEE, 2018.
Saif, Sohail, Rajni Gupta, and Suparna Biswas. "Implementation of Cloud-Assisted Secure Data Transmission in WBAN for Healthcare Monitoring." In Advanced Computational and Communication Paradigms, pp. 665-674. Springer, Singapore, 2018.
‘MAN IN THE MIDDLE (MITM) ATTACK’ (Incapsula Co.), 2016, Retrieved from: https://www.incapsula.com/web-application-security/man-in-the-middle-mitm.html
‘Man-in-the-middle attack’ (Wikipedia), 2018, Retrieved from: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
‘man-middle-attack’ (CA Tech.), 2018, Retrieved from: https://www.veracode.com/security/man-middle-attack
‘man-in-the-middle-attack-mitm’ (Techpedia), 2018, Retrieved from: https://www.techopedia.com/definition/4018/man-in-the-middle-attack-mitm
“man-in-the-middle-attack†(Rapid Web Ser.), Blog Post, 2017, Retrieved from: https://www.thesslstore.com/blog/man-in-the-middle-attack/
‘What is a Man In The Middle attack?’ (Symantec Corp.), Norton Security Blog, 2018, Retrieved from: https://us.norton.com/internetsecurity-wifi-what-is-a-man-in-the-middle-attack.html
‘What is UMTS?’ (Tech Target Web), Blog Post, 2018, Retrieved from: https://searchmobilecomputing.techtarget.com/definition/UMTS
‘Flaw in Windows DNS client exposed millions of users to hacking’ (SC Mag. UK), News Article, 2017, Retrieved from: https://www.scmagazineuk.com/flaw-in-windows-dns-client-exposed-millions-of-users-to-hacking/article/699416/
Fatima, Amtul. "E-Banking Security Issues-Is There A Solution in Biometrics?." Journal of Internet Banking and Commerce16, no. 2 (2011): 1.
Kozaczuk, Wladyslaw. Enigma: How the German Machine Cipher was Broken, and How it was Read by the Allies in World War Two (Foreign Intelligence Book Series). Lanham, MD: University Publications of America, 1984.
Hudaib, Adam Ali Zare. "Comprehensive Social Media Security Analysis & XKeyscore Espionage Technology." International Journal of Computer Science and Security (IJCSS) 8, no. 4 (2014): 97.
Conti, Mauro, Nicola Dragoni, and Viktor Lesyk. "A survey of man in the middle attacks." IEEE Communications Surveys & Tutorials 18, no. 3 (2016): 2027-2051.
A. Ornaghi and M. Valleri, “Man in the middle attacks,†in Blackhat Conference Europe, 2003.
Senie, D., and P. Ferguson. "Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing." Network (1998).
Humphreys, Todd E., Brent M. Ledvina, Mark L. Psiaki, Brady W. O'Hanlon, and Paul M. Kintner. "Assessing the spoofing threat: Development of a portable GPS civilian spoofer." In Radionavigation Laboratory Conference Proceedings. 2008.
Scott, Logan. "Anti-spoofing & authenticated signal architectures for civil navigation systems." In Proceedings of the 16th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GPS/GNSS 2003), pp. 1543-1552. 2001.
Schuckers, Stephanie AC. "Spoofing and anti-spoofing measures." Information Security technical report 7, no. 4 (2002): 56-62.
Oh, Myeongjin, Y-G. Kim, Seungpyo Hong, and S. Cha. "ASA: agent-based secure ARP cache management." IET communications 6, no. 7 (2012): 685-693.
Ataullah, Md, and Naveen Chauhan. "ES-ARP: an efficient and secure address resolution protocol." In Electrical, Electronics and Computer Science (SCEECS), 2012 IEEE Students' Conference on, pp. 1-5. IEEE, 2012.
Altunbasak, Hayriye, Sven Krasser, Henry Owen, Joachim Sokol, and Jochen Grimminger. "Addressing the weak link between layer 2 and layer 3 in the Internet architecture." In Local Computer Networks, 2004. 29th Annual IEEE International Conference on, pp. 417-418. IEEE, 2004.
Subashini, Subashini, and Veeraruna Kavitha. "A survey on security issues in service delivery models of cloud computing." Journal of network and computer applications 34, no. 1 (2011): 1-11.
Alabady, Salah. "Design and Implementation of a Network Security Model for Cooperative Network." Int. Arab J. e-Technol. 1, no. 2 (2009): 26-36.
Caceres, Ramon, and Venkata N. Padmanabhan. "Fast and scalable wireless handoffs in support of mobile Internet audio." Mobile Networks and Applications 3, no. 4 (1998): 351-363.
Ford, Mat. "New internet security and privacy models enabled by ipv6." In Applications and the Internet Workshops, 2005. Saint Workshops 2005. The 2005 Symposium on, pp. 2-5. IEEE, 2005.
Pansa, Detchasit, and Thawatchai Chomsiri. "Architecture and protocols for secure LAN by using a software-level certificate and cancellation of ARP protocol." In Convergence and Hybrid Information Technology, 2008. ICCIT'08. Third International Conference on, vol. 2, pp. 21-26. IEEE, 2008.
Chomsiri, Thawatchai. "Sniffing packets on LAN without ARP spoofing." In Third 2008 International Conference on Convergence and Hybrid Information Technology, pp. 472-477. IEEE, 2008.
Salim, Haider, Zhitang Li, Hao Tu, and Zhengbiao Guo. "Preventing ARP spoofing attacks through gratuitous decision packet." In Distributed Computing and Applications to Business, Engineering & Science (DCABES), 2012 11th International Symposium on, pp. 295-300. IEEE, 2012.
T. Demuth and A. Leitner, “Arp spoofing and poisoning: Traffic tricks,†Linux magazine, vol. 56, pp. 26–31, 2005.
Z. Trabelsi and W. El-Hajj, “Preventing arp attacks using a fuzzy-based stateful arp cache,†in IEEE International Conference on Communications (ICC’07). IEEE, 2007, pp. 1355–1360.
R. Philip, “Securing wireless networks from arp cache poisoning,†Masters Thesis, San Jose State University, 2007.
M. Oh, Y.-G. Kim, S. Hong, and S. Cha, “Asa: agent-based secure arp cache management,†IET communications, vol. 6, no. 7, pp. 685–693, 2012.
T. Komori and T. Saito, “The secure dhcp system with user authentication,†in 27th Annual IEEE Conference on Local Computer Networks (LCN). IEEE, 2002, pp. 123–131.
H. Ju and J. Han, “Dhcp message authentication with an effective key management,†World Academy of Science, Engineering and Technology, vol. 8, pp. 570–574, 2007
Z. Duan, X. Yuan, and J. Chandrashekar, “Constructing inter-domain packet filters to control ip spoofing based on bgp updates.†in INFOCOM, 2006.
D. G. Andersen, H. Balakrishnan, N. Feamster, T. Koponen, D. Moon, and S. Shenker, “Accountable internet protocol (aip),†in ACM SIGCOMM Computer Communication Review, vol. 38, no. 4. ACM, 2008, pp. 339–350.
SAMSUNG ELECTRONICS SUSTAINABILITY REPORT 2017 (https://images.samsung.com/is/content/samsung/p5/global/ir/docs/Samsung_Electronics_Sustainability_Report_2017.pdf )
Su, Z., W. Timmermans, Y. Zeng, J. Schulz, V. O. John, R. A. Roebeling, P. Poli et al. "An overview of European efforts in generating climate data records." Bulletin of the American Meteorological Society 99, no. 2 (2018): 349-359.
Hardin, Nicole Valdes. "UNCOVERING THE SECRECY OF STINGRAYS: What Every Practitioner Needs to Know." Criminal Justice 32, no. 4 (2018): 20-24.
Su, Xin, Ziyu Wang, Xiaofeng Liu, Chang Choi, and Dongmin Choi. "Study to Improve Security for IoT Smart Device Controller: Drawbacks and Countermeasures." Security and Communication Networks 2018 (2018).
Z. Chen, S. Guo, K. Zheng, and Y. Yang, “Modeling of man-in-the middle attack in the wireless networks,†in Wireless Communications, Networking and Mobile Computing. IEEE, 2007, pp. 2255–2258.
Feher, Ben, Lior Sidi, Asaf Shabtai, Rami Puzis, and Leonardas Marozas. "WebRTC security measures and weaknesses." International Journal of Internet Technology and Secured Transactions 8, no. 1 (2018): 78-102.
M. Paik, “Stragglers of the herd get eaten: Security concerns for gsm mobile banking applications,†in 11th Workshop on Mobile Computing Systems & Applications. ACM, 2010, pp. 54–59.
OpenBTS.org. Openbts — open source cellular infrastruture. [Online]. Available: http://openbts.org
A. N. I. C. Ettus Research. Ettus research - the leader in software defined radio (sdr). [Online]. Available: http://www.ettus.com
H. H. Ou, M. S. Hwang, and J. K. Jan, “A cocktail protocol with the authentication and key agreement on the umts,†Journal of Systems and Software, vol. 83, no. 2, pp. 316–325, 2010.
Y. L. Huang, C. Y. Shen, and S. W. Shieh, “S-aka: a provable and secure authentication key agreement protocol for umts networks,†IEEE Transactions on Vehicular Technology, vol. 60, no. 9, pp. 4509–4519,2011.
Hwang, Tzonelih, and Prosanta Gope. "Provably secure mutual authentication and key exchange scheme for expeditious mobile communication through synchronously one-time secrets." Wireless personal communications 77, no. 1 (2014): 197-224.
Saxena, Neetesh, and Narendra S. Chaudhari. "NS-AKA: An improved and efficient AKA protocol for 3G (UMTS) networks." In International conference on advances in computer science and electronics engineering (CSEE’14), Kuala Lampur, Malaysia, pp. 220-224. 2014.
Saxena, Neetesh, and Narendra S. Chaudhari. "Secure-AKA: An efficient AKA protocol for UMTS networks." Wireless personal communications 78, no. 2 (2014): 1345-1373.
Ju, Yong Wan, Kwan Ho Song, Eung Jae Lee, and Yong Tae Shin. "Cache poisoning detection method for improving security of recursive DNS." In Advanced Communication Technology, The 9th International Conference on, vol. 3, pp. 1961-1965. IEEE, 2007.
Chopra, Alexander, and Michael Kaufman. "Man In the Middle (MITM) DNS Spoofing Explained." (2014).
Naqash, Talha, Faisal Bin Ubaid, and Abubakar Ishfaq. "Protecting DNS from cache poisoning attack by using secure proxy." In Emerging Technologies (ICET), 2012 International Conference on, pp. 1-5. IEEE, 2012.
Kaminsky, Dan. "Black ops 2008: It’s the end of the cache as we know it." Black Hat USA (2008).
Lindell, Yehuda. "The Security of Intel SGX for Key Protection and Data Privacy Applications." (2018).
Xiang, Lin, Derrick Wing Kwan Ng, Robert Schober, and Vincent WS Wong. "Cache-enabled physical layer security for video streaming in backhaul-limited cellular networks." IEEE Transactions on Wireless Communications 17, no. 2 (2018): 736-751.
Zhang, Di, Yuezhi Zhou, and Yaoxue Zhang. "A Multi-Level Cache Framework for Remote Resource Access in Transparent Computing." IEEE Network 32, no. 1 (2018): 140-145.
Stiansen, Tommy. "Systems and platforms for intelligently monitoring risky network activities." U.S. Patent 9,923,914, issued March 20, 2018.
Vidal, Chaz, and Kim-Kwang Raymond Choo. "Situational Crime Prevention and the Mitigation of Cloud Computing Threats." In Security and Privacy in Communication Networks: SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings 13, pp. 218-233. Springer International Publishing, 2018.
Stiansen, Tommy, Alfred Perlstein, and Sheldon Foss. "Network appliance for dynamic protection from risky network activities." U.S. Patent 9,942,250, issued April 10, 2018.
Mitseva, Asya, Andriy Panchenko, and Thomas Engel. "The State of Affairs in BGP Security: A Survey of Attacks and Defenses." Computer Communications (2018).
Preneel, Bart, and Frederik Vercauteren. "Applied Cryptography and Network Security."
Shulman, Haya. "Implications of Vulnerable Internet Infrastructure." In Digital Marketplaces Unleashed, pp. 921-935. Springer, Berlin, Heidelberg, 2018.
Flores, Marcel, Alexander Wenzel, Kevin Chen, and Aleksandar Kuzmanovic. "Fury Route: Leveraging CDNs to Remotely Measure Network Distance." In International Conference on Passive and Active Network Measurement, pp. 87-99. Springer, Cham, 2018.
Fernà ndez-València, Ramsès, Juan Caubet, and Aleix Vila. "Cryptography Working Group Introduction to Blockchain Technology." (2018).
Hanna, Dalal, Prakash Veeraraghavan, and Eric Pardede. "PrECast: An Efficient Crypto-Free Solution for Broadcast-Based Attacks in IPv4 Networks." Electronics 7, no. 5 (2018): 65.
Xie, Michael, Robert A. May, and Jinhai Yang. "Automated configuration of endpoint security management." U.S. Patent 9,894,034, issued February 13, 2018.
Karina, Arellano, Diego Avila-Pesántez, Leticia Vaca-Cárdenas, Alberto Arellano, and Carmen Mantilla. "Towards a Security Model against Denial of Service Attacks for SIP Traffic." World Academy of Science, Engineering and Technology, International Journal of Social, Behavioral, Educational, Economic, Business and Industrial Engineering12, no. 1: 82-87.
Nath, Ujjual, Gaurav Sharma, and William Fletcher. "User interface for control of personal information privacy." U.S. Patent 9,992,192, issued June 5, 2018.
Hossain, Md Shohrab, Arnob Paul, Md Hasanul Islam, and Mohammed Atiquzzaman. "Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks." Network Protocols and Algorithms 10, no. 1 (2018): 83-108.
Sinor, Dale. "Field level data protection for cloud services using asymmetric cryptography." U.S. Patent 9,965,645, issued May 8, 2018.
Weiser, Samuel, Raphael Spreitzer, and Lukas Bodner. "Single Trace Attack Against RSA Key Generation in Intel SGX SSL." In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 575-586. ACM, 2018.
Gunawan, D., E. H. Sitorus, R. F. Rahmat, and A. Hizriadi. "SSL/TLS Vulnerability Detection Using Black Box Approach." In Journal of Physics: Conference Series, vol. 978, no. 1, p. 012121. IOP Publishing, 2018.
Gramegna, M., I. Ruo Berchera, S. Kueck, G. Porrovecchio, C. J. Chunnilall, I. P. Degiovanni, M. Lopez et al. "European coordinated metrological effort for quantum cryptography." In Quantum Technologies 2018, vol. 10674, p. 106741K. International Society for Optics and Photonics, 2018.
Anagreh, Mohammad Fawaz, Anwer Mustafa Hilal, and Tarig Mohamed Ahmed. "Encrypted Fingerprint into VoIP Systems using Cryptographic Key Generated by Minutiae Points." INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS 9, no. 1 (2018): 151-154.
Huang, Ling Wei, Hsuan Ling Hsu, and Hsiu Ting Kao. "Method and system for providing tokenless secure login by visual cryptography." U.S. Patent 9,984,225, issued May 29, 2018.
Goodman, Jonathan Lloyd, Hampton Boone Maher, Ravi Komanduri, and Rashmi Kumar Raj. "Multi-processor system and operations to drive display and lighting functions of a software configurable luminaire." U.S. Patent Application 15/211,272, filed January 18, 2018.
Wang, Xiaofeng, Huan Zhou, Jinshu Su, Baosheng Wang, Qianqian Xing, and Pengkun Li. "T-IP: A self-trustworthy and secure Internet protocol." China Communications 15, no. 2 (2018): 1-14.
Li, Y., D. Eastlake 3rd, L. Dunbar, R. Perlman, and M. Umair. Transparent Interconnection of Lots of Links (TRILL): ARP and Neighbor Discovery (ND) Optimization. No. RFC 8302. 2018.
MAHESWARI, D., A. KAUSHIKA, and A. JENIFER. "A STUDY ON DATA ENCRYPTION AND DECRYPTION USING HILL CIPHER ALGORITHM."
Truedsson, Marc, and Viktor Hjelm. "Situation-aware Adaptive Cryptography." (2018).
Siergiejczyk, Mirosław, and Adam Rosiński. "Analysis of Information Transmission Security in the Digital Railway Radio Communication System." In International Conference on Dependability and Complex Systems, pp. 420-429. Springer, Cham, 2018.
Nayak, Nayaneeka, and Rohit Sharma. "Designing security and Surveillance System Using GSM Technology." Journal of Network Communications and Emerging Technologies (JNCET) www. jncet. org 8, no. 4 (2018).
Firdous, G. Shaheen, and R. Sandeep Kumar. "SUPPORT DATA ACCESS ORGANIZE MECHANISM OF RELEASE ENCRYPTION PRIVACY AND SECURITY PROTECTION." IJITR 6, no. 2 (2018): 7937-7939.
Hasan, Shiza, Muhammad Awais, and Munam Ali Shah. "Full Disk Encryption: A Comparison on Data Management Attributes." In Proceedings of the 2nd International Conference on Information System and Data Mining, pp. 39-43. ACM, 2018.
Jadhao, Ms MM, Mrs SM Gothe, and Mrs SV Nimkarde. "Specific Location Based Privacy protecting Access Control System."
Klink, Jerod, and Herb Little. "Secure access to physical resources using asymmetric cryptography." U.S. Patent Application 15/332,057, filed April 26, 2018.
Lan, Pang-Chang, Tze-Ping Low, and Jangwook Moon. "Precoding-codebook-based secure uplink in LTE." U.S. Patent 9,876,655, issued January 23, 2018.
Rupprecht, David, Adrian Dabrowski, Thorsten Holz, Edgar Weippl, and Christina Pöpper. "On Security Research towards Future Mobile Network Generations." IEEE Communications Surveys & Tutorials (2018).
Mallem, Saliha, and Chafia Yahiaoui. "A Secure, Green and Optimized Authentication and Key Agreement Protocol for IMS Network." In World Conference on Information Systems and Technologies, pp. 1108-1118. Springer, Cham, 2018.
Mallem, Saliha, and Chafia Yahiaoui. "A Secure, Green and Optimized Authentication and Key Agreement Protocol for IMS Network." In World Conference on Information Systems and Technologies, pp. 1108-1118. Springer, Cham, 2018.
Parne, Balu L., Shubham Gupta, and Narendra S. Chaudhari. "ESAP: Efficient and secure authentication protocol for roaming user in mobile communication networks." SÄdhanÄ43, no. 6 (2018): 89.
Hiltunen, Matti A., Emiliano Miluzzo, and Abhinav Srivastava. "Secure multi-party device pairing using sensor data." U.S. Patent Application 15/729,821, filed February 15, 2018.
Kurose, James F. Computer networking: A top-down approach featuring the internet, 3/E. Pearson Education India, 2005.
DOI: http://dx.doi.org/10.22373/cj.v2i2.3453
Refbacks
- There are currently no refbacks.
Copyright (c) 2019 Avijit Mallik
except where otherwise noted.