Title :
Defense against man-in-the-middle attack in client-server systems
Author :
Serpanos, D.N. ; Lipton, R.J.
Author_Institution :
Dept. of Electr. & Comput. Eng., Patras Univ., Greece
Abstract :
The deployment of several client-server applications over the Internet and emerging networks requires the establishment of the client´s integrity. This is necessary for the protection of copyright of distributed material and, in general, for protection from loss of “sensitive” (secret) information. Clients are vulnerable to powerful man-in-the-middle attacks through viruses, which are undetectable by conventional anti-virus technology. We describe such powerful viruses and show their ability to lead to compromised clients, that cannot protect copyrighted or “sensitive ” information. We introduce a methodology based on simple hardware devices, called “spies”, which enables servers to establish client integrity, and leads to a successful defense against viruses that use man-in-the-middle attacks
Keywords :
Internet; client-server systems; computer viruses; copyright; protocols; telecommunication security; Internet; anti-virus technology; client integrity; client-server applications; client-server systems; compromised clients; copyright protection; distributed material; hardware devices; man-in-the-middle attack; secret information loss; sensitive information protection; spies; spy protocol; viruses; Application software; Client-server systems; Electronic publishing; Hardware; IP networks; Intelligent networks; Network servers; Protection; Viruses (medical); Web server;
Conference_Titel :
Computers and Communications, 2001. Proceedings. Sixth IEEE Symposium on
Conference_Location :
Hammamet
Print_ISBN :
0-7695-1177-5
DOI :
10.1109/ISCC.2001.935348
