CFP last date
22 April 2024
Reseach Article

Analysis on Man in the Middle Attack on SSL

by Pushpendra Kumar Pateriya, Srijith S. Kumar
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 45 - Number 23
Year of Publication: 2012
Authors: Pushpendra Kumar Pateriya, Srijith S. Kumar
10.5120/7092-9816

Pushpendra Kumar Pateriya, Srijith S. Kumar . Analysis on Man in the Middle Attack on SSL. International Journal of Computer Applications. 45, 23 ( May 2012), 43-46. DOI=10.5120/7092-9816

@article{ 10.5120/7092-9816,
author = { Pushpendra Kumar Pateriya, Srijith S. Kumar },
title = { Analysis on Man in the Middle Attack on SSL },
journal = { International Journal of Computer Applications },
issue_date = { May 2012 },
volume = { 45 },
number = { 23 },
month = { May },
year = { 2012 },
issn = { 0975-8887 },
pages = { 43-46 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume45/number23/7092-9816/ },
doi = { 10.5120/7092-9816 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:38:22.660465+05:30
%A Pushpendra Kumar Pateriya
%A Srijith S. Kumar
%T Analysis on Man in the Middle Attack on SSL
%J International Journal of Computer Applications
%@ 0975-8887
%V 45
%N 23
%P 43-46
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Man-In-The-Middle attack is the major attack on SSL. Some of the major attacks on SSL are ARP poisoning and the phishing attack. Phishing is the social engineering attack to steal the credential information from the user using either fake certificates or fake web-pages. Same in the case of ARP Poisoning, where in the attacker act as middle-man in the client-server communication channel. MITM attack makes the users difficult to understand that whether they are connected to original secured connection or not. Since the certificate that is being passed during the connection setup is insecure, attacker can easily modify the information in the certificate and leave the approval of the certificate to the user. Since many users are not well educated about the whereabouts of the forged certificates and their corresponding attacks, they accept the certificates making way for the attackers to implement the attack. To deal with such attacks, two approaches have been proposed: one for the ARP poisoning; and other for phishing attack.

References
  1. Thomas, S. 2000. SSL and TLS Essentials: Securing the Web. Wiley.
  2. Introduction to Secured Socket Layer. White Paper Cisco System.
  3. McKinley, H. L. 2003. SSL and TLS: A Beginners Guide. SANS Institute.
  4. Wagner, R. , Bryner, J. 2006. Address Resolution Protocol Spoofing and MITM Attacks. SANS Institute.
  5. Marlinspike, M. 2009. New Tricks for Defeating SSL in Practice. In Proceedings of the Black Hat Technical Security Conference.
  6. Nayak, G. N. 2010. A Defence Strategy for Attacks on SSL Based Connection: A Pragmatic Approach. Master's Thesis. Motilal Nehru NIT, Allahabad.
  7. Ross, B. , Jackson, C. , Miyake, N. , Boneh, D. , Mitchell, J. C. 2005. Stronger Password Authentication Using Browser Extension. In Proceedings of the 14th Usenix Security Symposium '05.
  8. Huawei, Z. , Ruixia, L. 2009. A Scheme to Improve Security of SSL. In Proceedings of the Pacific-Asia Conference on Circuits, Communications and System, PACCS '09.
  9. Lee, Y. , Hur, S. , Won, D. , Kim, S. 2009. Cipher Suite Setting Problem of SSL Protocol and It's Solutions. In Proceedings of the International Conference on Advanced Information Networking and Applications Workshops, WAINA '09.
  10. Joshi, Y. , Das, D. , Saha, S. 2009. Mitigating Man in the Middle Attack over Secure Sockets Layer. In Proceedings of the International Conference on Internet Multimedia Services Architecture and Applications, IMSAA '09
  11. Cheng, K. , Gao, M. , Guo, R. 2010. Analysis and Research on HTTPS Hijacking Attacks. In Proceedings of the Second International Conference Networks Security Wireless Communications and Trusted Computing, NSWCTC '10.
  12. Jiang Du, Xinghui Li, Hua Huang. 2011. A Study of Man-in-the-Middle Attack Based on SSL Certificate Interaction. In Proceedings of the 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and Control, IMCCC '11.
Index Terms

Computer Science
Information Sciences

Keywords

Ssl Tls Man In The Middle Attack Security Arp Phishing