This paper presents the first wireless pairing protocol that works in-band, with no pre-shared keys, and protects against MITM attacks. The main innovation is a new key exchange message constructed in a manner that ensures an adversary can neither hide the fact that a message was transmitted, nor alter its payload without being detected. Thus, any attempt by an adversary to interfere with the k...

In this paper we present and discuss a new approach for securing multimedia communication, which is based on three innovations. The first innovation is the integration of a challenge-response scheme for enhancing the Diffie-Hellman based ZRTP protocol. When being called, a callee must present the result of a computational puzzle (a “token”) within a short amount of time. A Man-in-the-Middle (Mi...

This paper presents a new generic technique, named sieve-in-the-middle, which improves meet-in-the-middle attacks in the sense that it provides an attack on a higher number of rounds. Instead of selecting the key candidates by searching for a collision in an intermediate state which can be computed forwards and backwards, we here look for the existence of valid transitions through some middle s...

In 2004, Molnar and Wagner introduced a very appealing scheme dedicated to the identification of RFID tags. Their protocol relies on a binary tree of secrets which are shared – for all nodes except the leaves – amongst the tags. Hence the compromise of one tag also has implications on the other tags with whom it shares keys. We describe a new man-in-the-middle attack against this protocol which...

This paper investigates cyber attacks on ICS which rely on IEC 60870-5-104 for telecontrol communications. The main focus of the paper is on man-in-the-middle attacks, covering modification and injection of commands, it also details capture and replay attacks. An initial set of attacks are preformed on a local software simulated laboratory. Final experiments and validation of a man-in-the-middl...

M an in the middle attacks are a significant threat to modern e-commerce and online communications, even when such transactions are protected by TLS. We intend to show that it is possible to detect man-in-the-middle attacks on SSL and TLS by detecting timing differences between a standard SSL session and an attack we created.

In light of the recent work of Micali and Reyzin on showing the subtleties and complexities of the soundness notions of zeroknowledge (ZK) protocols when the verifier has his public-key, we reinvestigate the Cramer-Damg̊ard intended-verifier identification scheme and show two man-in-the-middle attacks in some reasonable settings: one simple replaying attack and one ingenious interleaving attack....

—In this paper, we describe an attack against one of the Oblivious-Transfer-based blind signatures scheme, proposed in [1]. An attacker with a primitive capability of producing specific-range random numbers, while exhibiting a partial MITM behavior, is able to corrupt the communication between the protocol participants. The attack is quite efficient as it leads to a protocol communication corru...

In this paper, we show that the Nalla-Reddy’s one round IDbased tripartite authenticated key agreement protocols are still insecure against the man-in-the-middle attacks. We also break the Nalla’s IDbased tripartite authenticated key agreement protocol with signatures.

At EuroCrypt ’08, Gilbert, Robshaw and Seurin proposed HB to improve on HB in terms of transmission cost and security against man-in-the-middle attacks. Although the security of HB is formally proven against a certain class of man-in-the-middle adversaries, it is only conjectured for the general case. In this paper, we present a general man-in-the-middle attack against HB and Random-HB, which c...