This paper is the result of a study which analyzes the characteristics of mobile data with regard to both amount and content of the data collected. It will be shown what information is revealed through a man-in-the-middle attack on an unjailbroken iPhone 3GS within one week of internet usage. The results will reveal that the average transfer size of a datastream is very small in comparison to t...

Since the introduction at Crypto’05 by Juels and Weis of the protocol HB, a lightweight protocol secure against active attacks but only in a detection based-model, many works have tried to enhance its security. We propose here a new approach to achieve resistance against Man-in-The-Middle attacks. Our requirements – in terms of extra communications and hardware – are surprisingly low.

In this paper we show how to break the most recent version of EC-RAC with respect to privacy. We show that both the ID-Transfer and ID&PWD-Transfer schemes from EC-RAC do not provide the claimed privacy levels by using a man-in-the-middle attack. The existence of these attacks voids the presented privacy proofs for EC-RAC.

In 2003, Novikov and Kiselev proposed an authentication of the user from the remote autonomous object. In this article, we shall show that the Novikov-Kiselev scheme cannot against a man-in-the-middle attack.

Since the Middle Ages the Jews have been engaged primarily in urban, skilled occupations, such as crafts, trade, Þnance, and medicine. This distinctive occupational selection occurred between the seventh and the ninth centuries in the Muslim Empire and then it spread to other locations. We argue that this transition was the outcome of the widespread literacy among Jews prompted by an educationa...

Distance Bounding (DB) is designed to mitigate relay attacks. This paper provides a complete study of the DB protocol of Kleber et al. based on Physical Unclonable Functions (PUFs). We contradict the claim that it resists to Terrorist Fraud (TF). We propose some slight modifications to increase the security of the protocol and formally prove TF-resistance, as well as resistance to Distance Frau...

Web users are shown an invalid certificate warning when their browser cannot validate the identity of the websites they are visiting. While these warnings often appear in benign situations, they can also signal a man-in-the-middle attack. We conducted a survey of over 400 Internet users to examine their reactions to and understanding of current SSL warnings. We then designed two new warnings us...

In 2013, Althobaiti et al. proposed an efficient biometricbased user authentication scheme for wireless sensor networks. We analyze their scheme for the security against known attacks. Though their scheme is efficient in computation, in this paper we show that their scheme has some security pitfalls such as (1) it is not resilient against node capture attack, (2) it is insecure against imperson...

Recent attacks on the German identity card show that a compromised client computer allows for PIN compromise and man-inthe-middle attacks on eID cards. We present a selection of new solutions to that problem which do not require changes in the card specification. All presented solutions protect against PIN compromise attacks, some of them additionally against man-in-the-middle attacks.