; --------------------------------------------------------------------- ; To submit, log into grace.umd.edu and use the following command: ; /submit 2017 fall ENEE 657 0101 22 mitm.bib ; --------------------------------------------------------------------- ; Required Readings @INPROCEEDINGS{ Huang, title = {{Analyzing forged SSL certificates in the wild}}, author = {Huang, Lin Shung and Rice, Alex and Ellingsen, Erling and Jackson, Collin}, booktitle = {Proceedings - IEEE Symposium on Security and Privacy}, doi = {10.1109/SP.2014.13}, isbn = {9781479946860}, keywords = {SSL,certificates,man-in-the-middle attack}, issn = {10816011}, abstract = {The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook. Over 3 million real-world SSL connections to this website were analyzed. Our results indicate that 0.2{\%} of the SSL connections analyzed were tampered with forged SSL certificates, most of them related to antivirus software and corporate-scale content filters. We have also identified some SSL connections intercepted by malware. Limitations of the method and possible defenses to such attacks are also discussed.}, year = {2014}, pages = {83--97}, studentfirstname ={}, studentlastname ={}, summary = {}, contribution1 ={}, contribution2 ={}, contribution3 ={}, contribution4 ={}, contribution5 ={}, weakness1 = {}, weakness2 = {}, weakness3 = {}, weakness4 = {}, weakness5 = {}, interesting = {high/med/low}, opinions = {}, } @ARTICLE{ Durumeric2015, title = {{Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Mail Delivery Security}}, author = {Durumeric, Zakir and Adrian, David and Mirian, Ariana and Kasten, James}, journal = {Proceedings of the 2015 {\ldots}}, doi = {10.1145/2815675.2815695}, keywords = {dkim,dmarc,email,mail,smtp,spf,starttls,tls}, isbn = {9781450338486}, abstract = {The SMTP protocol is responsible for carrying some of users' most intimate communication, but like other Internet protocols, authen-tication and confidentiality were added only as an afterthought. In this work, we present the first report on global adoption rates of SMTP security extensions, including: STARTTLS, SPF, DKIM, and DMARC. We present data from two perspectives: SMTP server configurations for the Alexa Top Million domains, and over a year of SMTP connections to and from Gmail. We find that the top mail providers (e.g., Gmail, Yahoo, and Outlook) all proactively encrypt and authenticate messages. However, these best practices have yet to reach widespread adoption in a long tail of over 700,000 SMTP servers, of which only 35{\%} successfully configure encryption, and 1.1{\%} specify a DMARC authentication policy. This security patch-work — paired with SMTP policies that favor failing open to allow gradual deployment — exposes users to attackers who downgrade TLS connections in favor of cleartext and who falsify MX records to reroute messages. We present evidence of such attacks in the wild, highlighting seven countries where more than 20{\%} of inbound Gmail messages arrive in cleartext due to network attackers.}, year = {2015}, url = {https://scholar.google.com/scholar?hl=en{\&}q=Neither+Snow+Nor+Rain+Nor+MITM+.+.+.+An+Empirical+Analysis+of+Email+Delivery+Security{\&}btnG={\&}as{\_}sdt=1,48{\&}as{\_}sdtp={\#}0}, pages = {27--39}, studentfirstname ={}, studentlastname ={}, summary = {}, contribution1 ={}, contribution2 ={}, contribution3 ={}, contribution4 ={}, contribution5 ={}, weakness1 = {}, weakness2 = {}, weakness3 = {}, weakness4 = {}, weakness5 = {}, interesting = {high/med/low}, opinions = {}, } ; BibTex cross-references (don't add anything here)