Cloak and Dagger: Man-In-The-Middle and Other Insidious Attacks

One of the most devastating forms of attack on a computer is when the victim doesn’t even know an attack occurred. After some background material, various forms of man in the middle (MITM) attacks, including ARP spoofing, fake SSL certificates, and bypassing SSL are explored. Next, rootkits and botnets, two key pieces of crimeware, are introduced and analyzed. Finally, general strategies to protect against such attacks are suggested.

[1]  M.E. Hellman,et al.  An overview of public key cryptography , 1978, IEEE Communications Magazine.

[2]  Hamid R. Nemati,et al.  Information Security and Ethics: Concepts, Methodologies, Tools and Applications , 2008 .

[3]  Lawrence Oliva Information Technology Security: Advice from Experts , 2004 .

[4]  Kai Kimppa Intellectual Property Rights - or Rights to the Immaterial - in Digitally Distributable Media Gone All Wrong , 2005 .

[5]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[6]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[9]  Erik Tews,et al.  Breaking 104 Bit WEP in Less Than 60 Seconds , 2007, WISA.

[10]  L. Janczewski Internet and Intranet Security Management: Risks and Solutions , 1999 .

[11]  Jeff Barnett The Impact of Privacy Legislation on Patient Care , 2008, Int. J. Inf. Secur. Priv..

[12]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[13]  Bruce Schneier,et al.  Practical cryptography , 2003 .

[14]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[15]  Hamid R. Nemati,et al.  Do Privacy Statements Really Work? The Effect of Privacy Statements and Fair Information Practices on Trust and Perceived Risk in E-Commerce , 2009, Int. J. Inf. Secur. Priv..

[16]  Hamid R. Nemati International Journal of Information Security and Privacy , 2007 .

[17]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[19]  Archana Bhattarai,et al.  A Self-Supervised Approach to Comment Spam Detection Based on Content Analysis , 2011, Int. J. Inf. Secur. Priv..

[20]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[21]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[22]  Kent D. Boklan Large Key Sizes and the Security of Password-Based Cryptography , 2009, Int. J. Inf. Secur. Priv..

[23]  Syed Naqvi VIPSEC: Virtualized and Pluggable Security Services Architecture for Grids , 2008, Int. J. Inf. Secur. Priv..

[24]  Melissa Dark,et al.  Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives , 2010 .

[25]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[26]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[27]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[28]  Douglas R. Stinson Cryptography: Theory and Practice, Third Edition , 2005 .