Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, and there are only a few technologies available to mitigate the risks. In [OHB05], we introduced the notion of SSL/TLS session-aware user authentication to protect SSL/TLSbased e-commerce applications against MITM attacks, and we proposed an implementation based on impersonal authentication tokens. ...

Automated Social Engineering poses a serious information security threat to human communications on the Internet since the attacks can easily scale to a large number of victims. We present a new attack that instruments human conversations for social engineering, or spamming. The detection rate is low, which becomes manifest in link click rates of up to 76.1%. This new attack poses a challenge f...

We study Input Indistinguishable Computation (IIC), a security notion proposed by Micali, Pass, and Rosen in [14] and recently considered also by Garg, Goyal, Jain and Sahai in [9]. IIC aims at generalizing the notion of a Witness Indistinguishable (WI) proof system to general two-party functionalities and in its concurrent version (cIIC) also considers security against man-in-the-middle (MiM) ...

This paper presents a critical analysis of the AACS drive-host authentication scheme. A few weaknesses are identified which could lead to various attacks on the scheme. In particular, we observe that the scheme is susceptible to unknown key-share and man-in-the-middle attacks. Modifications of the scheme are suggested in order to provide better security. A proof of security of the modified sche...

It is well-known that protocols that satisfy a security property when executed in isolation do not necessarily satisfy the same security property when they are executed in an environment containing other protocols. We demonstrate this fact on a family of recently proposed RFID protocols by Lee, Batina, and Verbauwhede. We invalidate the authentication and untraceability claims made for several ...

This paper compares the popular quantum key distribution (QKD) protocol BB84 with the more recent Kak’s three-stage protocol and the latter is shown to be more secure. A theoretical representation of an authentication-aided version of Kak’s threestage protocol is provided that makes it possible to deal with man-in-the-middle attack.

This paper introduces a variation on Kak’s three-stage quanutm key distribution protocol which allows for defence against the man in the middle attack. In addition, we introduce a new protocol, which also offers similar resiliance against such an attack.

Computer systems security area has received increased attention from both academics and in industry. However, recent work indicates that substantial security gaps emerge when systems are deployed, even with the use of state-of-the-art security protocols. Our findings suggest that wide-spread security problems exist even when protocols such as SSL and SSH are deployed because systems today do no...

We construct a simple authentication protocol whose security is based solely on the problem of Learning Parity with Noise (LPN) that is secure against Man-in-the-Middle attacks. Our protocol is suitable for RFID devices, whose limited circuit size and power constraints rule out the use of more heavyweight operations such as modular exponentiation. The protocol is extremely simple: both parties ...

During the SA3-31 meeting in Munich, it was decided that the Bluetooth link between peripheral devices did not require integrity protection (see section 6.1.1 of [1]). This contribution indicates that a man-in-the-middle attack may be possible on the bluetooth link in a WLAN in-terworking environment. The attacker lures the victim to connect to a malicious WLAN access point. The attack does not...