How to Detect and Avoid Man-In-The-Middle Attack by Using Multiple Channels

• Main Authors: JHUANG, KUN-LIN, 莊昆霖
• Other Authors: HSIAO CHUN-YUAN
• Format: Others
• Language: zh-TW
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/d6r6rc

碩士 === 國立高雄應用科技大學 === 資訊工程系 === 104 === With the increasing popularity of mobile devices, more and more security issues arise. In particular, malicious hot-spots can be easily set-up by hackers (even amateurs) and be placed in public places. Even, if the transmitted data are encrypted, they are still vulnerable to so-called Man-In- The-Middle Attack (MITMA). Security-aware users may use SSL/TLS pinning or Virtual Private Network (VPN) to prevent such attacks. However, most of browsers use not SSL/TLS pinning but HTTP Strict Transport Security (HSTS). Former is still vulnerable during the first connection, and the latter suffers from efficiency issue. In this paper, we propose a scheme to get the SSL/TLS certificate through multiple channels, and compare with schemes proposed by Dacosta et al. in 2012 and by Alicherry et al. in 2013, which all try to prevent the MITMA. The problem of Dacosta et al.’s scheme is the additional work to maintain a database for login accounts on the server side. On the other hand, Alicherry et al.’s scheme uses the Tor network for secure connection, but it cannot prevent attacks to the exiting node. Our scheme uses multiple safe channels to get the SSL/TLS certificate, and requires minimum installation on client side and nothing on the server side.