当前位置: X-MOL 学术Int. J. Inf. Secur. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Browser-in-the-Middle (BitM) attack
International Journal of Information Security ( IF 2.4 ) Pub Date : 2021-04-17 , DOI: 10.1007/s10207-021-00548-5
Franco Tommasi , Christian Catalano , Ivan Taurino

Man-in-the-Middle (MitM), one of the best known attacks in the world of computer security, is among the greatest concerns for professionals in the field. Main goal of MitM is to compromise confidentiality, integrity and availability of data flowing between source and destination. However, most of its many variants involve difficulties that make it not always possible. The present paper aims at modelling and describing a new method of attack, named Browser-in-the-Middle (BitM) which, despite the similarities with MitM in the way it controls the data flow between a client and the service it accesses, bypasses some of MitM’s typical shortcomings. It could be started by phishing techniques and in some cases coupled to the well-known Man-in-the-Browser (MitB) attack. It will be seen how BitM expands the range of the possible attacker’s actions, at the same time making them easier to implement. Among its features, the absence of the need to install malware of any kind on the victim’s machine and the total control it allows the attacker are to be emphasized.



中文翻译:

中间浏览器(BitM)攻击

中间人(MitM)是计算机安全领域中最著名的攻击之一,它是该领域专业人员最关注的问题之一。MitM的主要目标是损害源与目的地之间流动的数据的机密性,完整性和可用性。但是,它的许多变体中的大多数都涉及使它不总是可能的困难。本文旨在建模和描述一种新的攻击方法,称为中间浏览器(BitM),尽管它与MitM在控制客户端和它所访问的服务之间的数据流的方式上相似,但绕过了它。 MitM的一些典型缺点。它可以通过网络钓鱼技术来启动,在某些情况下,还可以与著名的“浏览器中的人”结合使用(MitB)攻击。将会看到BitM如何扩展攻击者可能采取的行动的范围,同时使它们更易于实施。在其功能中,需要强调的是,无需在受害者的计算机上安装任何类型的恶意软件,并且可以完全控制攻击者。

更新日期:2021-04-18
down
wechat
bug