Protecting free and open communications on the internet against man-in-the-middle attacks on third-party software: We’re foci’d

Jeffrey Knockel, Jedidiah R. Crandall

Research output: Contribution to conferencePaperpeer-review

3 Scopus citations

Abstract

In this position paper, we argue that the potential for man-in-the-middle attacks on third-party software is a significant threat to free and open communications on the Internet (FOCI). The FOCI community has many challenges ahead, from the failure of the SSL system to protect Internet users from states that control the Internet to the challenges inherent in measuring and cataloging Internet censorship. It is already well-known in the community that man-in-the-middle attacks are a threat, and such attacks are already being used by nation states. In this paper we discuss our experiences discovering two vulnerabilities in software update mechanisms (in Impulse SafeConnect and Sun Java). What surprised us was the relative ease of finding such vulnerabilities and exploiting them. Our argument is that automated tools are needed to help users manage this threat more effectively because the threat involves many third-party applications from many small vendors.

Original languageEnglish (US)
StatePublished - 2012
Externally publishedYes
Event2nd USENIX Workshop on Free and Open Communications on the Internet, FOCI 2012, co-located with USENIX Security 2012 - Bellevue, United States
Duration: Aug 6 2012 → …

Conference

Conference2nd USENIX Workshop on Free and Open Communications on the Internet, FOCI 2012, co-located with USENIX Security 2012
CountryUnited States
CityBellevue
Period8/6/12 → …

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Artificial Intelligence

Fingerprint Dive into the research topics of 'Protecting free and open communications on the internet against man-in-the-middle attacks on third-party software: We’re foci’d'. Together they form a unique fingerprint.

Cite this