Defense Against Man-in-the-Middle Attack in Client-Server Systems with Secure Servers

Dimitrios N. Serpanos, Richard J. Lipton

Research output: Contribution to journalArticle

Abstract

Digital rights management in client-server environments requires the establishment of client integrity, in order to protect sensitive (secret) information from loss or misuse. Clients are vulnerable to powerful man-in-the-middle attacks through malicious software (viruses, etc.), which is undetectable by conventional anti-virus technology. We present such powerful viruses and demonstrate their ability to compromise clients. Furthermore, we introduce a defense against all viruses, which is based on simple hardware devices that execute specialized protocols to establish client integrity and protect against sensitive data loss.

Original languageEnglish
Pages (from-to)2966-2970
Number of pages5
JournalIEICE Transactions on Communications
VolumeE86-B
Issue number10
Publication statusPublished - 1 Oct 2003
Externally publishedYes

Fingerprint

Computer viruses
Viruses
Computer systems
Servers
Computer hardware
Network protocols
Malware

Keywords

  • Antivirus technology
  • Digital rights management
  • Man-in-the-middle attack
  • Undetectable virus

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Networks and Communications

Cite this

Defense Against Man-in-the-Middle Attack in Client-Server Systems with Secure Servers. / Serpanos, Dimitrios N.; Lipton, Richard J.

In: IEICE Transactions on Communications, Vol. E86-B, No. 10, 01.10.2003, p. 2966-2970.

Research output: Contribution to journalArticle

Serpanos, Dimitrios N. ; Lipton, Richard J. / Defense Against Man-in-the-Middle Attack in Client-Server Systems with Secure Servers. In: IEICE Transactions on Communications. 2003 ; Vol. E86-B, No. 10. pp. 2966-2970.
@article{2d0d7ae588c1485583b8e4c3960db950,
title = "Defense Against Man-in-the-Middle Attack in Client-Server Systems with Secure Servers",
abstract = "Digital rights management in client-server environments requires the establishment of client integrity, in order to protect sensitive (secret) information from loss or misuse. Clients are vulnerable to powerful man-in-the-middle attacks through malicious software (viruses, etc.), which is undetectable by conventional anti-virus technology. We present such powerful viruses and demonstrate their ability to compromise clients. Furthermore, we introduce a defense against all viruses, which is based on simple hardware devices that execute specialized protocols to establish client integrity and protect against sensitive data loss.",
keywords = "Antivirus technology, Digital rights management, Man-in-the-middle attack, Undetectable virus",
author = "Serpanos, {Dimitrios N.} and Lipton, {Richard J.}",
year = "2003",
month = "10",
day = "1",
language = "English",
volume = "E86-B",
pages = "2966--2970",
journal = "IEICE Transactions on Communications",
issn = "0916-8516",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "10",

}

TY - JOUR

T1 - Defense Against Man-in-the-Middle Attack in Client-Server Systems with Secure Servers

AU - Serpanos, Dimitrios N.

AU - Lipton, Richard J.

PY - 2003/10/1

Y1 - 2003/10/1

N2 - Digital rights management in client-server environments requires the establishment of client integrity, in order to protect sensitive (secret) information from loss or misuse. Clients are vulnerable to powerful man-in-the-middle attacks through malicious software (viruses, etc.), which is undetectable by conventional anti-virus technology. We present such powerful viruses and demonstrate their ability to compromise clients. Furthermore, we introduce a defense against all viruses, which is based on simple hardware devices that execute specialized protocols to establish client integrity and protect against sensitive data loss.

AB - Digital rights management in client-server environments requires the establishment of client integrity, in order to protect sensitive (secret) information from loss or misuse. Clients are vulnerable to powerful man-in-the-middle attacks through malicious software (viruses, etc.), which is undetectable by conventional anti-virus technology. We present such powerful viruses and demonstrate their ability to compromise clients. Furthermore, we introduce a defense against all viruses, which is based on simple hardware devices that execute specialized protocols to establish client integrity and protect against sensitive data loss.

KW - Antivirus technology

KW - Digital rights management

KW - Man-in-the-middle attack

KW - Undetectable virus

UR - http://www.scopus.com/inward/record.url?scp=0242664654&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0242664654&partnerID=8YFLogxK

M3 - Article

VL - E86-B

SP - 2966

EP - 2970

JO - IEICE Transactions on Communications

JF - IEICE Transactions on Communications

SN - 0916-8516

IS - 10

ER -