Wednesday, February 28, 2007
Clever computer criminals have recently become much more sophisticated in their attacks against online banks. The Internet is now awash in programs called "remote access Trojans," or RATs, that feed on online banking passwords. Designed specifically to lurk in the background, waiting until the user types the name of a well-known bank into a Web browser, the program springs into action, copying every keystroke. The data is sent back to the criminal, who can then raid the online bank
Thursday, February 22, 2007
Here's one: A fast scanning worm can affect more than half the Internet in 10 sec. The Slammer worm was not quite as fast but it was nearly there. Any ideas as to why?
Thursday, February 1, 2007
About the man-in-the-middle attack (MITM) in the challenge-response protocol discussed today, I am wondering if the following method works. As Joel also suggested briefly, I am thinking of using of authenticated key agreement protocol (KA) to encounter this problem.
Informally, and for the purpose of our discussion, KA is a public key protocol that establish a session key between two entities, and each party get authenticated by the other.
A secure KA (in the Bellare-Rogaway model or the Canetti-Krawczyk model) can withstand MITM. In particular, a user C forwarding a user A's challenge to user B will only result in two different session keys (one between A and C and another between B and C).
So my suggestion is as follows: use such KA to get a session key (which involves the challenge-response part already), then use the resulting session key to encrypt the signature. If the other side is not the one it purported, then he/she cannot decrypt and get the signature. The encryption here is just symmetric encryption, and the computational overhead involved by KA can be amortized to several invocations (well, there is a security trade off, e.g. the session key is later compromised).