Man-in-the-Middle Attack to the HTTPS Protocol

Authors:
Franco Callegati;Walter Cerroni;Marco Ramilli
Affiliations:
University of Bologna;University of Bologna;University of Bologna
Venue:
IEEE Security and Privacy
Year:
2009

Citing 0
Cited 10

Mobile electronic identity: securing payment on mobile phones

WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Defense against DNS man-in-the-middle spoofing

WISM'11 Proceedings of the 2011 international conference on Web information systems and mining - Volume Part I
All your clouds are belong to us: security analysis of cloud management interfaces

Proceedings of the 3rd ACM workshop on Cloud computing security workshop
A new scheme with secure cookie against SSLStrip attack

WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
Cookie-proxy: a scheme to prevent SSLStrip attack

ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
RFID-based patient tracking for regional collaborative healthcare

International Journal of Computer Applications in Technology
Cloud-ECG for real time ECG monitoring and analysis

Computer Methods and Programs in Biomedicine
Secure inspection of web transactions

International Journal of Internet Technology and Secured Transactions
User requirements-aware security ranking in SSL protocol

The Journal of Supercomputing
Content-based control of HTTPs mail for implementation of IT-convergence security environment

Journal of Intelligent Manufacturing

Quantified Score

Hi-index	0.00

Visualization

Abstract

As defenders, it is extremely dangerous to be ignorant of how attackers can disrupt our systems. Without a good understanding of the relative ease of certain attacks, it's easy to adopt poor policies and procedures. A good example of this is the tendency for some organizations to use invalid or "self-signed" certifications for SSL, an approach that both trains the user to ignore certificate warnings displayed by the browser and leaves connections vulnerable to man in the middle attacks. In this article, we illustrate how easy such attacks are to execute; we hope this will serve as an incentive to adopt defenses that not only seem secure, but actually are!