During the SA3-31 meeting in Munich, it was decided that the Bluetooth link between peripheral devices did not require integrity protection (see section 6.1.1 of [1]). This contribution indicates that a man-in-the-middle attack may be possible on the bluetooth link in a WLAN in-terworking environment. The attacker lures the victim to connect to a malicious WLAN access point. The attack does not...

Increased focus on the Universal Serial Bus (USB) attack surface of devices has recently resulted in a number of new vulnerabilities. Much of this advance has been aided by the advent of hardware-based USB emulation techniques. However, existing tools and methods are far from ideal, requiring a significant investment of time, money, and effort. In this work, we present a USB testing framework t...

Phone features, e.g., 911 call, voicemail, and Do Not Disturb, are critical and necessary for all deployed VoIP systems. In this paper, we empirically investigate the security of these phone features. We have implemented a number of attacks and experimented with VoIP services by leading VoIP service providers Vonage, AT&T and Gizmo. Our experimental results demonstrate that a man-in-the-middle ...

This paper describes a declarative framework for representing and reasoning about truthfulness of agents using Answer Set Programming. The paper illustrates how, starting from observations, knowledge about the actions of the agents, and the normal behavior of agents, one can evaluate the statements made by agents against a set of observations over time. The paper presents an ASP program for com...

Unconditionally secure authentication codes with arbitration (A 2-codes) protect against deceptions from the transmitter and the receiver as well as that from the opponent. We rst show that an optimal A 2-code implies an orthogonal array and an aane-resolvable design. Next we deene a new design, an aane-resolvable + BIBD, and prove that optimal A 2-codes are equivalent to this new design. From ...

Video chat systems such as Chatroulette have become increasingly popular as a way to meet and converse one-onone via video and audio with other users online in an open and interactive manner. At the same time, security and privacy concerns inherent in such communication have been little explored. This paper presents one of the first investigations of the privacy threats found in such video chat...

Open Shortest Path First (OSPF) is the most widely deployed interior gateway routing protocol on the Internet. We present two new attacks on OSPF that expose design vulnerabilities in the protocol specification. These new attacks can affect routing advertisements of routers not controlled by the attacker while evading the OSPF self-defense “fight-back” mechanism. By exploiting these vulnerabili...

An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that (a) all communications are indeed carried out with the intended terminal, (b) such communications are confidential, and (c) the terminal’s integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping. We have analysed several exis...

Security providing devices that are used to protect against multiple threats like man-in-the-middle attack and phishing are known as ―security keys‖. With the help of security keys, user can register himself with any kind of online services that works with this protocol. If we install these security keys in some devices, deployment, implementation and use becomes very easy. We can also see the ...