Revisiting man-in-the-middle attacks against HTTPS

Kampourakis, Vyron; Kambourakis, Georgios; Chatzoglou, Efstratios; Zaroliagis, Christos

doi:10.12968/s1353-4858(22)70028-1

Cited by 13 publications

(6 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security Assertion Markup Language (SAML) [17] is a protocol that can be used to build a federated IDM (FIDM) system. SAML protocol allows identity authentication between organizations where users are members of the IDP.…”

Section: A Traditional Identity Management In Social Networkmentioning

confidence: 99%

An Efficient Decentralized Identity Management System Based on Range Proof for Social Networks

Zhu

Bao

et al. 2023

IEEE Open J. Comput. Soc.

View full text Add to dashboard Cite

Online social networks (OSNs) are becoming more and more popular in people's lives as the demand for online interaction continues to grow. Current OSNs are using centralized identity management system (IDM), which has some problems of single point of failure and privacy data leakage. The emergence of decentralized identity (DID) can solve these problems. However, most existing DID systems have some privacy issues that a user's attributes value are disclosed while accessing service. In this paper, we design a DID protocol to solve these challenges. The proposed protocol includes a range proof protocol to provide attribute privacy. The range proof protocol works with anonymous credentials and does not need a trusted setup. Moreover, the identity model behind the DID protocol is extended from an existing model, which achieves identity revocation. Finally, we implement a system prototype on the blockchain for evaluation. The security analysis shows that our protocol provides stronger privacy protection. The performance evaluation indicates that the computation cost and blockchain overheads of our protocol are acceptable in OSNs.

show abstract

Section: A Traditional Identity Management In Social Networkmentioning

confidence: 99%

An Efficient Decentralized Identity Management System Based on Range Proof for Social Networks

Zhu

Bao

et al. 2023

IEEE Open J. Comput. Soc.

View full text Add to dashboard Cite

show abstract

“…This may seem unusual, given that this work does concentrate on the detection of application layer attacks. The basic reason behind this choice is that, typically, the application features are encrypted (and thus not available) due to, say, a TLS tunnel [ 30 ] or other mechanisms [ 31 ], including encrypted DNS [ 32 ]. Additionally, in certain cases, e.g., SSH, the traffic cannot be decrypted.…”

Section: Feature Selection and Data Preprocessingmentioning

confidence: 99%

Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features

Chatzoglou

Kambourakis

Smiliotopoulos

et al. 2022

Sensors

Self Cite

View full text Add to dashboard Cite

Intrusion detection in wireless and, more specifically, Wi-Fi networks is lately increasingly under the spotlight of the research community. However, the literature currently lacks a comprehensive assessment of the potential to detect application layer attacks based on both 802.11 and non-802.11 network protocol features. The investigation of this capacity is of paramount importance since Wi-Fi domains are often used as a stepping stone by threat actors for unleashing an ample variety of application layer assaults. In this setting, by exploiting the contemporary AWID3 benchmark dataset along with both shallow and deep learning machine learning techniques, this work attempts to provide concrete answers to a dyad of principal matters. First, what is the competence of 802.11-specific and non-802.11 features when used separately and in tandem in detecting application layer attacks, say, website spoofing? Second, which network protocol features are the most informative to the machine learning model for detecting application layer attacks? Without relying on any optimization or dimensionality reduction technique, our experiments, indicatively exploiting an engineered feature, demonstrate a detection performance up to 96.7% in terms of the Area under the ROC Curve (AUC) metric.

show abstract

“…In order to obtain a user's password in plain text, an attacker may act as a "man in the middle" by intercepting the connection between the user's browser and the end server. While best safety practices indicate that all traffic between clients and servers should be secured by encryption such as HTTPS, a large number of online sites still use unencrypted traffic over HTTP [25,26]. If an attacker is able to intercept requests by the user in plain text, there is no need to brute force the password.…”

Section: Man In the Middlementioning

confidence: 99%

Bingo: A Semi-Centralized Password Storage System

Al-Aboosi

Broner

Al-Aboosi

2022

JCP

View full text Add to dashboard Cite

A lack of security best practices in modern password storage has led to a dramatic rise in the number of online data breaches, resulting in financial damages and lowered trust in online service providers. This work aims to explore the question of how leveraging decentralized storage paired with a centralized point of authentication may combat such attacks. A solution, “Bingo”, is presented, which implements browser side clients which store password shares for a centralized proxy server. Bingo is a fully formed system which allows for modern browsers to store and retrieve a dynamic number of anonymized password shares, which are used when authenticating users. Thus, Bingo is the first solution to prove that distributed password storage functions in the context of the modern web. Furthermore, Bingo is evaluated in both simulation and cloud in order to show that it achieves high rates of system liveness despite its dependence on its users being active at given intervals. In addition, a novel simulator is presented which allows future researchers to mock scheduled behavior of online users. This work concludes that with the rise in online activity, decentralization may play a role in increasing data security.

show abstract

Revisiting man-in-the-middle attacks against HTTPS

Cited by 13 publications

References 1 publication

An Efficient Decentralized Identity Management System Based on Range Proof for Social Networks

An Efficient Decentralized Identity Management System Based on Range Proof for Social Networks

Best of Both Worlds: Detecting Application Layer Attacks through 802.11 and Non-802.11 Features

Bingo: A Semi-Centralized Password Storage System

Contact Info

Product

Resources

About