共 4 条
- [1] [Anonymous], 2000, 2818 IETF RFC
- [2] [Anonymous], 2246 IETF RFC
- [3] Plummer D., 1982, 826 IETF RFC
- [4] Xia H., 2005, Proceedings of the 14th International Conference on World Wide Web, WWW'05, P489
Man-in-the-Middle Attack to the HTTPS Protocol
被引:180
作者:
Callegati, Franco
[1
]
Cerroni, Walter
[1
]
Ramilli, Marco
机构:
[1] Univ Bologna, Commun Networks, I-40126 Bologna, Italy
关键词:
Address Resolution Protocol;
ARP poisoning;
DNS spoofing;
Domain Name System;
HTTPS;
Man in the middle;
MITM;
Self-signed certificate;
WEB security;
D O I:
10.1109/MSP.2009.12
中图分类号:
TP [自动化技术、计算机技术];
学科分类号:
0812 ;
摘要:
As defenders, it is extremely dangerous to be ignorant of how attackers can disrupt our systems. Without a good understanding of the relative ease of certain attacks, it's easy to adopt poor policies and procedures. A good example of this is the tendency for some organizations to use invalid or "self-signed" certifications for SSL, an approach that both trains the user to ignore certificate warnings displayed by the browser and leaves connections vulnerable to man in the middle attacks. In this article, we illustrate how easy such attacks are to execute; we hope this will serve as an incentive to adopt defenses that not only seem secure, but actually are! © 2009 IEEE.
引用
收藏
页码:78 / 81
页数:4
相关论文