TCP is the main transport protocol over the Internet, ensuring reliable and efficient connections. TCP is trivially vulnerable to man-in-the-middle (MitM) attackers; they can intercept, modify and inject TCP traffic [Joncheray 1995]. Despite significant possible threats, a common assumption is that MitM capabilities are difficult to obtain; this assumption is demonstrated by OWASP’s list of top...

Presented herein is a User-SpecificKey Scheme based on Elliptic Curve Cryptography that defeats man-inthe-middle attacks cryptocurrency exchange accounts. In this scheme, separate public and private key pair assigned to every account the shifted either forward or backward elliptic curve by difference of user’s password. When user logs into his account, server sends account. The computes actual ...

We present a new type of clogging DoS attacks, with the highest amplification factors achieved by off-path attackers, using only puppets, i.e., sandboxed malware on victim machines. Specifically, we present off-path variants of the Opt-ack, Ackstorm and Coremelt DoS attacks, achieving results comparable to these achieved previously achieved by eavesdropping/MitM attackers and (unrestricted) mal...

Security of financial transactions in E-Commerce is difficult to implement and there is a risk that user’s confidential data over the internet may be accessed by hackers. Unfortunately, interacting with an online service such as a banking web application often requires certain degree of technical sophistication that not all Internet users possess. For the last couple of year such naive users ha...

The address resolution protocol (ARP) is one of the most important communication protocols in a local area network (LAN). However, since there no authentication procedure, ARP vulnerable to cyberattack such as spoofing. Since spoofing can be connected critical attacks, including man-in-the-middle (MITM) attack, detecting initially without returning false-positive alarms important. In general, h...

In May 2012, a highly advanced malware for espionage dubbed Flame was found targeting the Middle-East. As it turned out, it used a forged signature to infect Windows machines by MITM-ing Windows Update. Using counter-cryptanalysis, Stevens found that the forged signature was made possible by a chosen-prefix attack on MD5 [Ste13]. He uncovered some details that prove that this attack differs fro...

Khudra is a lightweight block cipher designed for Field Programmable Gate Array (FPGA) based platforms. The cipher has an 18-round generalized type-2 Feistel structure with 64-bit block size. The key schedule takes 80-bit master key and produces 32-bit round keys performing very simple operations. In this work, we analyze the security of Khudra. We first show that the effective round key length...

With the development of more types of devices which have bluetooth as a primary option to communicate, the importance of secure communication is growing. Bluetooth provides a short range wireless communication between devices making convenient for users and thus eliminating the need for messy cables. The proliferation of the Bluetooth devices in the workplace exposes organizations to security r...

Deep Neural Networks (DNNs) are vulnerable to deliberately crafted adversarial examples. In the past few years, many efforts have been spent on exploring query-optimisation attacks find examples of either black-box or white-box DNN models, as well defending countermeasures against those attacks. this article, we explore vulnerabilities models under umbrella Man-in-the-Middle (MitM) attacks, whi...

At Crypto 2015, Blondeau, Peyrin and Wang proposed a truncated-differential-based known-key attack on full PRESENT, a nibble oriented lightweight blockcipher with a SPN structure. The truncated difference they used is derived from the existing multidimensional linear characteristics. An innovative technique of their work is the design of a MITM layer added before the characteristic that covers ...