Browser-in-the-Middle (BitM) attack-Reference-Cited by-同舟云学术

Browser-in-the-Middle (BitM) attack

Published:2021-04-17 Issue: Volume: Page:
ISSN:1615-5262
Container-title:International Journal of Information Security
language:en
Short-container-title:Int. J. Inf. Secur.

Author:

Tommasi Franco^ORCID,Catalano Christian^ORCID,Taurino Ivan

Abstract

AbstractMan-in-the-Middle (MitM), one of the best known attacks in the world of computer security, is among the greatest concerns for professionals in the field. Main goal of MitM is to compromise confidentiality, integrity and availability of data flowing between source and destination. However, most of its many variants involve difficulties that make it not always possible. The present paper aims at modelling and describing a new method of attack, named Browser-in-the-Middle (BitM) which, despite the similarities with MitM in the way it controls the data flow between a client and the service it accesses, bypasses some of MitM’s typical shortcomings. It could be started by phishing techniques and in some cases coupled to the well-known Man-in-the-Browser (MitB) attack. It will be seen how BitM expands the range of the possible attacker’s actions, at the same time making them easier to implement. Among its features, the absence of the need to install malware of any kind on the victim’s machine and the total control it allows the attacker are to be emphasized.

Funder

Università del Salento

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Safety, Risk, Reliability and Quality,Information Systems,Software

Link

https://link.springer.com/content/pdf/10.1007/s10207-021-00548-5.pdf

Reference44 articles.

1. Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutor. 18(3), 2027–2051 (2016)

2. Mallik, A., Ahsan, A., Shahadat, M., Tsou, J.: Man-in-the-middle-attack: understanding in simple words. Int. J. Data Netw. Sci. 3(2), 77–92 (2019)

3. Dougan, T., Curran, K.: Man in the browser attacks. Int. J. Ambient Comput. Intell. (IJACI) 4(1), 29–39 (2012)

4. Callegati, F., Cerroni, W., Ramilli, M.: Man-in-the-middle attack to the HTTPS protocol. IEEE Secur. Priv. 7(1), 78–81 (2009)

5. Sun, D.Z., Mu, Y., Susilo, W.: Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth standard V5. 0 and its countermeasure. Pers. Ubiquitous Comput. 22(1), 55–67 (2018)

Cited by 11 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Browser‐in‐the‐middle attacks: A comprehensive analysis and countermeasures;SECURITY AND PRIVACY;2024-05-28

2. Browser-in-the-Browser (BitB) Attack: Case Study;Journal of Engineering Research and Sciences;2024-05

3. Phishing Detection in Browser-in-the-Middle: A Novel Empirical Approach Incorporating Machine Learning Algorithms;Communications in Computer and Information Science;2024

4. Phishing Windows Login Credentials Using HTML Full-page Technique;2023 International Conference on Electrical, Communication and Computer Engineering (ICECCE);2023-12-30

5. Securing Web Technology and Navigation Against Phishing Through CNN;2023 IEEE International Conference on Metrology for eXtended Reality, Artificial Intelligence and Neural Engineering (MetroXRAINE);2023-10-25