A survey of man in the middle attacks
The Man-In-The-Middle (MITM) attack is one of the most well known attacks in computer
security, representing one of the biggest concerns for security professionals. MITM targets …
security, representing one of the biggest concerns for security professionals. MITM targets …
Surviving the web: A journey into web session security
In this article, we survey the most common attacks against web sessions, that is, attacks that
target honest web browser users establishing an authenticated session with a trusted web …
target honest web browser users establishing an authenticated session with a trusted web …
SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements
J Clark, PC Van Oorschot - 2013 IEEE Symposium on Security …, 2013 - ieeexplore.ieee.org
Internet users today depend daily on HTTPS for secure communication with sites they intend
to visit. Over the years, many attacks on HTTPS and the certificate trust model it uses have …
to visit. Over the years, many attacks on HTTPS and the certificate trust model it uses have …
Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS
TLS was designed as a transparent channel abstraction to allow developers with no
cryptographic expertise to protect their application against attackers that may control some …
cryptographic expertise to protect their application against attackers that may control some …
Blockchain-based certificate transparency and revocation transparency
Traditional X. 509 public key infrastructures (PKIs) depend on trusted certification authorities
(CAs) to sign certificates, used in SSL/TLS to authenticate web servers and establish secure …
(CAs) to sign certificates, used in SSL/TLS to authenticate web servers and establish secure …
Using frankencerts for automated adversarial testing of certificate validation in SSL/TLS implementations
Modern network security rests on the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols. Distributed systems, mobile and desktop applications, embedded …
Security (TLS) protocols. Distributed systems, mobile and desktop applications, embedded …
Analyzing forged SSL certificates in the wild
LS Huang, A Rice, E Ellingsen… - 2014 IEEE Symposium …, 2014 - ieeexplore.ieee.org
The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted
connections between clients and servers. However, due to a lack of reliable indicators, it is …
connections between clients and servers. However, due to a lack of reliable indicators, it is …
A practical evaluation of a high-security energy-efficient gateway for IoT fog computing applications
M Suárez-Albela, TM Fernández-Caramés… - Sensors, 2017 - mdpi.com
Fog computing extends cloud computing to the edge of a network enabling new Internet of
Things (IoT) applications and services, which may involve critical data that require privacy …
Things (IoT) applications and services, which may involve critical data that require privacy …
Device fingerprinting for augmenting web authentication: classification and analysis of methods
F Alaca, PC Van Oorschot - Proceedings of the 32nd annual conference …, 2016 - dl.acm.org
Device fingerprinting is commonly used for tracking users. We explore device fingerprinting
but in the specific context of use for augmenting authentication, providing a state-of-the-art …
but in the specific context of use for augmenting authentication, providing a state-of-the-art …
[PDF][PDF] Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud
Controlled sharing is fundamental to distributed systems; yet, on the Web, and in the Cloud,
sharing is still based on rudimentary mechanisms. More flexible, decentralized …
sharing is still based on rudimentary mechanisms. More flexible, decentralized …