• DocumentCode
    2858256
  • Title

    Lessons learned: a security analysis of the Internet Chess Club

  • Author

    Black, John ; Cochran, Martin ; Gardner, Ryan

  • Author_Institution
    Dept. of Comput. Sci., Colorado Univ., Boulder, CO
  • fYear
    2005
  • fDate
    5-9 Dec. 2005
  • Lastpage
    253
  • Abstract
    The Internet Chess Club (ICC) is a popular online chess server with more than 30,000 members worldwide including various celebrities and the best chess players in the world. Although the ICC Web site assures its users that the security protocol used between client and server provides sufficient security for sensitive information to be transmitted (such as credit card numbers), we show this is not true. In particular we show how a passive adversary can easily read all communications with a trivial amount of computation, and how an active adversary can gain virtually unlimited powers over an ICC user. We also show simple methods for defeating the timestamping mechanism used by ICC. For each problem we uncover, we suggest repairs and draw conclusions on how to best avoid repeating these types of problems in the future
  • Keywords
    Internet; authorisation; computer games; Internet Chess Club; online chess server; security analysis; security protocol; sensitive information security; timestamping; Clocks; Computer science; Computer security; Information security; Network servers; Open source software; Protocols; TCPIP; Web and internet services; Web server;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 21st Annual
  • Conference_Location
    Tucson, AZ
  • ISSN
    1063-9527
  • Print_ISBN
    0-7695-2461-3
  • Type

    conf

  • DOI
    10.1109/CSAC.2005.36
  • Filename
    1565252
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2858256