Call for Paper - January 2023 Edition
IJCA solicits original research papers for the January 2023 Edition. Last date of manuscript submission is December 20, 2022. Read More

Analysis on Man in the Middle Attack on SSL

Print
PDF
International Journal of Computer Applications
© 2012 by IJCA Journal
Volume 45 - Number 23
Year of Publication: 2012
Authors:
Pushpendra Kumar Pateriya
Srijith S. Kumar
10.5120/7092-9816

Pushpendra Kumar Pateriya and Srijith S Kumar. Article: Analysis on Man in the Middle Attack on SSL. International Journal of Computer Applications 45(23):43-46, May 2012. Full text available. BibTeX

@article{key:article,
	author = {Pushpendra Kumar Pateriya and Srijith S. Kumar},
	title = {Article: Analysis on Man in the Middle Attack on SSL},
	journal = {International Journal of Computer Applications},
	year = {2012},
	volume = {45},
	number = {23},
	pages = {43-46},
	month = {May},
	note = {Full text available}
}

Abstract

Man-In-The-Middle attack is the major attack on SSL. Some of the major attacks on SSL are ARP poisoning and the phishing attack. Phishing is the social engineering attack to steal the credential information from the user using either fake certificates or fake web-pages. Same in the case of ARP Poisoning, where in the attacker act as middle-man in the client-server communication channel. MITM attack makes the users difficult to understand that whether they are connected to original secured connection or not. Since the certificate that is being passed during the connection setup is insecure, attacker can easily modify the information in the certificate and leave the approval of the certificate to the user. Since many users are not well educated about the whereabouts of the forged certificates and their corresponding attacks, they accept the certificates making way for the attackers to implement the attack. To deal with such attacks, two approaches have been proposed: one for the ARP poisoning; and other for phishing attack.

References

  • Thomas, S. 2000. SSL and TLS Essentials: Securing the Web. Wiley.
  • Introduction to Secured Socket Layer. White Paper Cisco System.
  • McKinley, H. L. 2003. SSL and TLS: A Beginners Guide. SANS Institute.
  • Wagner, R. , Bryner, J. 2006. Address Resolution Protocol Spoofing and MITM Attacks. SANS Institute.
  • Marlinspike, M. 2009. New Tricks for Defeating SSL in Practice. In Proceedings of the Black Hat Technical Security Conference.
  • Nayak, G. N. 2010. A Defence Strategy for Attacks on SSL Based Connection: A Pragmatic Approach. Master's Thesis. Motilal Nehru NIT, Allahabad.
  • Ross, B. , Jackson, C. , Miyake, N. , Boneh, D. , Mitchell, J. C. 2005. Stronger Password Authentication Using Browser Extension. In Proceedings of the 14th Usenix Security Symposium '05.
  • Huawei, Z. , Ruixia, L. 2009. A Scheme to Improve Security of SSL. In Proceedings of the Pacific-Asia Conference on Circuits, Communications and System, PACCS '09.
  • Lee, Y. , Hur, S. , Won, D. , Kim, S. 2009. Cipher Suite Setting Problem of SSL Protocol and It's Solutions. In Proceedings of the International Conference on Advanced Information Networking and Applications Workshops, WAINA '09.
  • Joshi, Y. , Das, D. , Saha, S. 2009. Mitigating Man in the Middle Attack over Secure Sockets Layer. In Proceedings of the International Conference on Internet Multimedia Services Architecture and Applications, IMSAA '09
  • Cheng, K. , Gao, M. , Guo, R. 2010. Analysis and Research on HTTPS Hijacking Attacks. In Proceedings of the Second International Conference Networks Security Wireless Communications and Trusted Computing, NSWCTC '10.
  • Jiang Du, Xinghui Li, Hua Huang. 2011. A Study of Man-in-the-Middle Attack Based on SSL Certificate Interaction. In Proceedings of the 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and Control, IMCCC '11.