Title :
Security Analysis on Mutual Authentication against Man-in-the-Middle Attack
Author :
Chen, Zhe ; Guo, Shize ; Duan, Rong ; Wang, Sheng
Author_Institution :
Inst. of North Electron. Equip., Beijing, China
Abstract :
Authentication is the basic security service in an open and vulnerable communications network such as the Internet. Unilateral authentication is vulnerable to the Man-in-the-Middle (MitM) attack. The security of mutual authentication against MitM attack is also weak. As case studies, we discuss the security of the well-known mutual authentication protocol-Secure Sockets Layer (SSL) protocol, examine the MitM attack to it and investigate causes. In this paper, a unified mathematical model is established to analyze Man-in-the-Middle attacks to mutual authentication protocol. Then we use the formal methods and logical operations to analyze the mutual authentication security against MitM attack. Finally, we propose a modification to the model of MitM attack that prevents such attacks.
Keywords :
message authentication; protocols; Internet; formal methods; logical operations; man-in-the-middle attack; mutual authentication protocol; secure sockets layer protocol; security analysis; unified mathematical model; vulnerable communications network; Authentication; Communication networks; IP networks; Information security; Mathematical model; Network servers; Protocols; Public key; Sockets; Web and internet services;
Conference_Titel :
Information Science and Engineering (ICISE), 2009 1st International Conference on
Conference_Location :
Nanjing
Print_ISBN :
978-1-4244-4909-5
DOI :
10.1109/ICISE.2009.1051
