Defense against man-in-the-middle attack in client-server systems

Author

Serpanos, D.N. ; Lipton, R.J.

Author_Institution

Dept. of Electr. & Comput. Eng., Patras Univ., Greece

fYear

2001

fDate

2001

Firstpage

9

Lastpage

14

Abstract

The deployment of several client-server applications over the Internet and emerging networks requires the establishment of the client´s integrity. This is necessary for the protection of copyright of distributed material and, in general, for protection from loss of “sensitive” (secret) information. Clients are vulnerable to powerful man-in-the-middle attacks through viruses, which are undetectable by conventional anti-virus technology. We describe such powerful viruses and show their ability to lead to compromised clients, that cannot protect copyrighted or “sensitive ” information. We introduce a methodology based on simple hardware devices, called “spies”, which enables servers to establish client integrity, and leads to a successful defense against viruses that use man-in-the-middle attacks

Keywords

Internet; client-server systems; computer viruses; copyright; protocols; telecommunication security; Internet; anti-virus technology; client integrity; client-server applications; client-server systems; compromised clients; copyright protection; distributed material; hardware devices; man-in-the-middle attack; secret information loss; sensitive information protection; spies; spy protocol; viruses; Application software; Client-server systems; Electronic publishing; Hardware; IP networks; Intelligent networks; Network servers; Protection; Viruses (medical); Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Computers and Communications, 2001. Proceedings. Sixth IEEE Symposium on

Conference_Location

Hammamet

ISSN

1530-1346

Print_ISBN

0-7695-1177-5

Type

conf

DOI

10.1109/ISCC.2001.935348

Filename

935348