Man-in-the-Middle

Analysis of a Forced-Latency Defense Against Man-in-the-Middle Attacks

Abstract:

Several cryptographic protocols have been proposed to address the Man-in-the-Middle (MitM) attack without the prior exchange of keys. In this paper, one such protocol proposed by Zooko Wilcox-O’Hearn, the forced-latency defense against the chess grandmaster attack, is analyzed. Using the Cryptographic Protocol Shapes Analyzer (CPSA), the security properties of the protocol are validated through a novel use of CPSA’s state features to represent time. A small message-space attack is also uncovered that highlights an assumption that many protocols make, and a solution is proposed that would prevent such an attack against Wilcox-O’Hearn’s protocol.

Covert Channels in the HTTP Network Protocol: Channel Characterization and Detecting Man-in-the-Middle Attacks

Abstract

Network covert channels allow two entities to communicate stealthily. Hypertext Transfer Protocol (HTTP), accounting for approximately half of all traffic on the Internet (Burke, 2007), has become the de facto standard for hiding network covert channels. Proliferation of covert channels throughout the World Wide Web has brought both challenges and enhancements to the area of Information Warfare. This paper defines a set of common characteristics, then classifies and analyzes several known and new covert channels in HTTP with respect to these characteristics. Lastly, this paper proposes that there are beneficial applications of network covert channels, such as detecting Man-in-the-Middle attacks.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com