Defense against man-in-the-middle attack in client-server systems

D. N. Serpanos, R. J. Lipton

Research output: Chapter in Book/Report/Conference proceedingConference contribution

15 Citations (Scopus)

Abstract

The deployment of several client-server applications over the Internet and emerging networks requires the establishment of the client's integrity. This is necessary for the protection of copyright of distributed material and, in general, for protection from loss of "sensitive" (secret) information. Clients are vulnerable to powerful man-in-the-middle attacks through viruses, which are undetectable by conventional anti-virus technology. We describe such powerful viruses and show their ability to lead to compromised clients, that cannot protect copyrighted or "sensitive" information. We introduce a methodology based on simple hardware devices, called "spies", which enables servers to establish client integrity, and leads to a successful defense against viruses that use man-in-the-middle attacks.

Original languageEnglish
Title of host publicationIEEE Symposium on Computers and Communications - Proceedings
Pages9-14
Number of pages6
Publication statusPublished - 1 Jan 2001
Externally publishedYes
Event6th IEEE Symposium on Computers Communications ISCC 2001 - Hammamet, Tunisia
Duration: 3 Jul 20015 Jul 2001

Other

Other6th IEEE Symposium on Computers Communications ISCC 2001
CountryTunisia
CityHammamet
Period3/7/015/7/01

Fingerprint

Viruses
Computer systems
Servers
Computer hardware
Internet

ASJC Scopus subject areas

  • Computer Science(all)
  • Engineering(all)

Cite this

Serpanos, D. N., & Lipton, R. J. (2001). Defense against man-in-the-middle attack in client-server systems. In IEEE Symposium on Computers and Communications - Proceedings (pp. 9-14)

Defense against man-in-the-middle attack in client-server systems. / Serpanos, D. N.; Lipton, R. J.

IEEE Symposium on Computers and Communications - Proceedings. 2001. p. 9-14.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Serpanos, DN & Lipton, RJ 2001, Defense against man-in-the-middle attack in client-server systems. in IEEE Symposium on Computers and Communications - Proceedings. pp. 9-14, 6th IEEE Symposium on Computers Communications ISCC 2001, Hammamet, Tunisia, 3/7/01.
Serpanos DN, Lipton RJ. Defense against man-in-the-middle attack in client-server systems. In IEEE Symposium on Computers and Communications - Proceedings. 2001. p. 9-14
Serpanos, D. N. ; Lipton, R. J. / Defense against man-in-the-middle attack in client-server systems. IEEE Symposium on Computers and Communications - Proceedings. 2001. pp. 9-14
@inproceedings{4bde9e9e09ff4a8db4c34f906f3606eb,
title = "Defense against man-in-the-middle attack in client-server systems",
abstract = "The deployment of several client-server applications over the Internet and emerging networks requires the establishment of the client's integrity. This is necessary for the protection of copyright of distributed material and, in general, for protection from loss of {"}sensitive{"} (secret) information. Clients are vulnerable to powerful man-in-the-middle attacks through viruses, which are undetectable by conventional anti-virus technology. We describe such powerful viruses and show their ability to lead to compromised clients, that cannot protect copyrighted or {"}sensitive{"} information. We introduce a methodology based on simple hardware devices, called {"}spies{"}, which enables servers to establish client integrity, and leads to a successful defense against viruses that use man-in-the-middle attacks.",
author = "Serpanos, {D. N.} and Lipton, {R. J.}",
year = "2001",
month = "1",
day = "1",
language = "English",
pages = "9--14",
booktitle = "IEEE Symposium on Computers and Communications - Proceedings",

}

TY - GEN

T1 - Defense against man-in-the-middle attack in client-server systems

AU - Serpanos, D. N.

AU - Lipton, R. J.

PY - 2001/1/1

Y1 - 2001/1/1

N2 - The deployment of several client-server applications over the Internet and emerging networks requires the establishment of the client's integrity. This is necessary for the protection of copyright of distributed material and, in general, for protection from loss of "sensitive" (secret) information. Clients are vulnerable to powerful man-in-the-middle attacks through viruses, which are undetectable by conventional anti-virus technology. We describe such powerful viruses and show their ability to lead to compromised clients, that cannot protect copyrighted or "sensitive" information. We introduce a methodology based on simple hardware devices, called "spies", which enables servers to establish client integrity, and leads to a successful defense against viruses that use man-in-the-middle attacks.

AB - The deployment of several client-server applications over the Internet and emerging networks requires the establishment of the client's integrity. This is necessary for the protection of copyright of distributed material and, in general, for protection from loss of "sensitive" (secret) information. Clients are vulnerable to powerful man-in-the-middle attacks through viruses, which are undetectable by conventional anti-virus technology. We describe such powerful viruses and show their ability to lead to compromised clients, that cannot protect copyrighted or "sensitive" information. We introduce a methodology based on simple hardware devices, called "spies", which enables servers to establish client integrity, and leads to a successful defense against viruses that use man-in-the-middle attacks.

UR - http://www.scopus.com/inward/record.url?scp=0034875439&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0034875439&partnerID=8YFLogxK

M3 - Conference contribution

SP - 9

EP - 14

BT - IEEE Symposium on Computers and Communications - Proceedings

ER -