• Title/Summary/Keyword: Man-in-the-middle attack

Search Result 110, Processing Time 0.021 seconds

Timestamp based Key Exchange Protocol for Satellite Access Network (위성환경에서의 Timestamp 기반 키 교환 프로토콜)

  • Song, In-A;Lee, Young-seok
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.9 no.2
    • /
    • pp.162-170
    • /
    • 2016
  • The key exchange protocols are very important to provide the secure communication in broadband satellite access network. However key exchange protocol of ETSI(European Telecommunications Standards Institute) is vulnerable to man-in-the-middle-attack by using Diffie-Hellman algorithm. And the key exchange protocol using certification is not useful in satellite environment. We propose the key exchange protocol using Timestamp which have the resistant to man-in-the-middle-attack. Proposed protocol is able to prevent the man-in-the-middle-attack by calculated time value. Also showing experiment results, we prove that proposed protocol improve memory usage, communication amount and calculation amount than other protocols.

Secure modified AKE protocol against man-in-the-middle attack (Man-in-the-middle attack에 강한 변형된 AKE 프로토콜)

  • Chang, Sung-Ryul;Cho, Hyun-Ho;Rhee, Kyung-Hyune
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2003.05c
    • /
    • pp.2085-2088
    • /
    • 2003
  • 인터넷의 발전과 함께 사용자 인증 기술도 발전하였다. 이러한 사용자 인증 기술 중 패스워드 인증기술이 특정 컴퓨터 또는 통신 시스템 서버의 서비스를 요구하는 클라이언트의 신분을 확인하는 기술로 가장 널리 사용되고 있다. 그러나 일반적으로 사용되는 패스워드 인증의 약한 안전성으로 인한 보안 사고는 매년 증가하고 있고, 그 피해 또한 상당하다. 본 논문은 이런 패스워드 인증 방식 중 강한 인증으로 분류되는 AKE 프로토콜에 대해 분석하고, man-in-the-middle attack이 가능하다는 것을 보인 후, 이 취약점을 보완하여 제 3의 신뢰기관을 두지 않고 두 파티간의 상호인증이 가능한 변형된 AKE 프로토콜을 제안한다.

  • PDF

Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards (스마트 카드를 이용한 생체인식 기반 사용자 인증 스킴의 안전성 분석 및 개선)

  • An, Young-Hwa
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.2
    • /
    • pp.159-166
    • /
    • 2012
  • Many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2010, Chang et al. proposed an improved biometrics-based user authentication scheme without concurrency system which can withstand forgery attack, off-line password guessing attack, replay attack, etc. In this paper, we analyze the security weaknesses of Chang et al.'s scheme and we have shown that Chang et al.'s scheme is still insecure against man-in-the-middle attack, off-line biometrics guessing attack, and does not provide mutual authentication between the user and the server. And we proposed the improved scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result, the proposed scheme is secure for the user authentication attack, the server masquerading attack, the man-in-the-middle attack, and the off-line biometrics guessing attack, does provide the mutual authentication between the user and the remote server. And, in terms of computational complexities, the proposed scheme is more effective than Chang et al.'s scheme.

Security Enhancing of Authentication Protocol for Hash Based RFID Tag (해쉬 기반 RFID 태그를 위한 인증 프로토콜의 보안성 향상)

  • Jeon, Jin-Oh;Kang, Min-Sup
    • Journal of Internet Computing and Services
    • /
    • v.11 no.4
    • /
    • pp.23-32
    • /
    • 2010
  • In this paper, we first propose the security enhancing of authentication protocol for Hash based RFID tag, and then a digital Codec for RFID tag is designed based on the proposed authentication protocol. The protocol is based on a three-way challenge response authentication protocol between the tags and a back-end server. In order to realize a secure cryptographic authentication mechanism, we modify three types of the protocol packets which defined in the ISO/IEC 18000-3 standard. Thus active attacks such as the Man-in-the-middle and Replay attacks can be easily protected. In order to verify effectiveness of the proposed protocol, a digital Codec for RFID tag is designed using Verilog HDL, and also synthesized using Synopsys Design Compiler with Hynix $0.25\;{\mu}m$ standard-cell library. Through security analysis and comparison result, we will show that the proposed scheme has better performance in user data confidentiality, tag anonymity, Man-in-the-middle attack prevention, replay attack, forgery resistance and location tracking.

ECDH based authentication protocol for the Apple Bonjour protocol (애플 Bonjour 프로토콜을 위한 ECDH 기반 인증 프로토콜)

  • Kwon, Soonhong;Lee, Jong-Hyouk
    • Smart Media Journal
    • /
    • v.8 no.3
    • /
    • pp.9-16
    • /
    • 2019
  • Apple provides its own protocol, the Bonjour protocol, for convenient file transmission and reception between device. Airdrop is a Bonjour-based, representative service that is widely used as a simple data transmission/reception protocol for Apple's desktops, laptops and smartphones. However, it was demonstrated in Black Hat, a hacking security conference in 2016, that it is possible to commence a Man-in-the-Middle attack by exploiting the Bonjour protocol's weak points. In this paper, we explain the Bonjour protocol's such vulnerability for secure file transmission/reception between devices and propose an ECDH (Elliptic Curve Diffie-Hellman) based authentication protocol to enhance the protocol's security. The proposed protocol is described along with detailed operational procedures, demonstrating that it is possible to reduce the possibility of Man-in-the-Middle attack and its masquerade variant.

An Effective Protection Mechanism for SSL Man-in-the-Middle Proxy Attacks (SSL MITM 프록시 공격에 대한 효과적 방어방법)

  • Lim, Cha-Sung;Lee, Woo-Key;Jo, Tae-Chang
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.16 no.6
    • /
    • pp.693-697
    • /
    • 2010
  • In current e-commerce system, it happens that client's confidential information such as credit card numbers, pin numbers, or digital certificate may pass through a web proxy server or an altered proxy server without client's awareness. Even though the confidential information is encrypted and sent through SSL(Secure Sockets Layer) or TLS(Transport Layer Security) protocol, it can be exposed to the risk of sniffing by the digital certificate forgery at the proxy server, which is called the SSL MITM(Man-In-The-Middle) Proxy attack. In this paper, current credit card web-payment systems, which is weak at proxy information alternation attack, are analyzed. A resolution with certificate proxy server is also proposed to prevent the MITM attack.

A Countermeasure against the Abatement Attack to the Security Server (중간자공격을 이용한 보안서버 무효화공격에 대한 대응법)

  • Cho, Seong-Min;Lee, Hoon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.1
    • /
    • pp.94-102
    • /
    • 2016
  • In this work we propose a new method to countermeasure against the abatement attack to the security server that is induced by man-in-the-middle attack. To that purpose, we first investigate the state of the art in the current research about the abatement attack. After that, we propose a new countermeasure method that can cope with the unresolved problems in the current method, which can cover diverse types of network.

Vulnerability Analysis and Improvement in Man-in-the-Middle Attack for Remote User Authentication Scheme of Shieh and Wang's using Smart Card (Shieh and Wang's의 스마트카드 상호인증 스킴에 대한 중간자공격 개선)

  • Shin, Kwang-Cheul
    • The Journal of Society for e-Business Studies
    • /
    • v.17 no.4
    • /
    • pp.1-16
    • /
    • 2012
  • Shieh and Wang [10] recently proposed an efficient mutual authentication scheme that combined the cost-effectiveness of operations of Lee et al. [6]. scheme and the security and key agreement of Chen and Yeh scheme. Shieh and Wang [10] scheme, however, does not satisfy the security requirements against a third party (the man-in the middle, attacker) that have to be considered in remote user authentication scheme using password-based smart cards. Shieh and Wang weaknesses are the inappropriateness that it cannot verify the forged message in 3-way handshaking mutual authentication, and the vulnerability that the system (server) secret key can easily be exposed. This paper investigates the problems of Shieh and Wang scheme in the verification procedure of the forged messages intercepted by the eavesdrop. An enhanced two-way remote user authentication scheme is proposed that is safe and strong against multiple attacks by adding the ability to perform integrity check on the server and proposed scheme is not expose user password information and the system's confidential information.

The Fast and Secure Authentication Mechanism for Proxy Mobile IPv6 (고속의 안전한 Proxy Mobile IPv6 인증 메커니즘)

  • Park, Chang-Seop;Kang, Hyun-Sun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.1
    • /
    • pp.11-24
    • /
    • 2012
  • Without a proper protection mechanism for the signaling messages to be used for the mobility support in the Proxy Mobile IPv6 (PMIPv6), it is also vulnerable to several security attacks such as redirect attack, MITM (Man-In-The-Middle) attack, replay attack and DoS (Denial of Service) attack as in Mobile IPv6. In this paper, we point out some problems of previous authentication mechanisms associated with PMIPv6, and also propose a new fast and secure authentication mechanism applicable to PMIPv6. In addition, it is also shown that the proposed one is more efficient and secure than the previous ones.