A COMPUTER SYSTEM’S security can be compromised in many ways— a denial-of-service attack can make a server inoperable, a worm can destroy a user’s private data, or an eavesdropper can reap fi nancial rewards by inserting himself in the communication link between a customer and her bank through a man-in-the-middle (MITM) attack. What all these scenarios have in common is that the adversary is an...

Most SSL/TLS-based e-commerce applications employ conventional mechanisms for user authentication. These mechanisms—if decoupled from SSL/TLS session establishment—are vulnerable to manin-the-middle (MITM) attacks. In this paper, we elaborate on the feasibility of MITM attacks, survey countermeasures, introduce the notion of SSL/TLS session-aware user authentication (TLS-SA), and present a proo...

We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs in time 2 for finding preimages, and 2 for second-preimages. Both have memory requirement of orde...

This paper describes two novel methods for active detection and prevention of ARP-poisoning-based Man-inthe-Middle (MitM) attacks on switched Ethernet LANs. As a stateless and inherently insecure protocol, ARP has been used as a relatively simple means to launch Denial-of-Service (DoS) and MitM attacks on local networks and multiple solutions have been proposed to detect and prevent these types...

Different countries issue an electronic passport embedding a contactless chip that stores the holder data (ePassport). To prevent unauthorized reading of the sensitive information present on such chip an access control mechanism based on symmetric cryptography, the Basic Access Control (BAC), has been introduced. In this work we present the flaws we have found out in some implementations of the...

The Address Resolution Protocol (ARP), has proved to work well under regular circumstances, but it is not equipped to cope with malicious hosts. Several methods to mitigate, detect and prevent these attacks do exist for the gateways/routers and nodes. This work is focused towards developing our own tailor made Intrusion Detection technique at the subnet level and we present an algorithm that de...

To filter SSL/TLS-protected traffic, some antivirus and parental-control applications interpose a TLS proxy in the middle of the host’s communications. We set out to analyze such proxies as there are known problems in other (more matured) TLS processing engines, such as browsers and common TLS libraries. Compared to regular proxies, client-end TLS proxies impose several unique constraints, and ...

Blockchains and other public ledger structures promise a new way to create globally consistent event logs and other records. We make use of this consistency property to detect and prevent man-in-the-middle attacks in a key exchange such as Diffie-Hellman or ECDH. Essentially, the MitM attack creates an inconsistency in the world views of the two honest parties, and they can detect it with the h...

OBJECTIVES/HYPOTHESIS To introduce a simple and alternative surgical technique, minimally invasive transcanal myringotomy (MITM), for early stage congenital cholesteatoma in children and to evaluate the feasibility and results of MITM for management of early stage congenital cholesteatoma with respect to its effectiveness and safety. STUDY DESIGN Retrospective review. METHODS Between August...

We propose hPIN/hTAN, a low-cost token-based e-banking protection scheme when the adversary has full control over the user’s computer. Compared with existing hardware-based solutions, hPIN/hTAN depends on neither second trusted channel, nor secure keypad, nor computationally expensive encryption module. Due to the rapid progress of the Internet, e-banking has become more and more popular all ov...