Home // INTERNET 2012, The Fourth International Conference on Evolving Internet // View article

Man-in-the-middle Attacks Detection Scheme on Smartphone using 3G network

Authors:
Jaemin Lee
Chaungoc Tu
Souhwan Jung

Keywords: MITM; Rogue AP; Smart Phone;

Abstract:
In this paper, we propose a scheme to detect the man-in-the-middle attacks occurring when user accesses to the Web server with SSL using smart-phones. Normally, server verification process under smart-phone environment does not properly work in computer environment. Because Mobile Web Server usually uses server-side certificate, and smart-phone cannot correctly validate server certificate, this could cause the risk of man-in-the-middle attack. This vulnerability allows a rouge AP to carry out a man-in-the-middle attack easily every time user connect to the secure website using his smart-phone via WLAN. To solve the problem in an effective way, we first make use of the dual interfaces network (3G and WiFi) in smart-phone to communicate with server in order to get certificates from both interfaces. The certificates are then compared to determine whether there is a man-in-the-middle attack or not. Our scheme not only offers a realistic countermeasure to prevent man-in-the-middle attack but also does not require a complex procedure or changes in HTTPs protocol.

Pages: 65 to 70

Copyright: Copyright (c) IARIA, 2012

Publication date: June 24, 2012

Published in: conference

ISSN: 2308-443X

ISBN: 978-1-61208-204-2

Location: Venice, Italy

Dates: from June 24, 2012 to June 29, 2012