Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting man-in-the-middle attack

A detection method and attack detection technology, applied in the field of network security, can solve the problems of weak detection technology, failure to improve the security of SMTPS services, and inability to completely solve the problems of SSL encryption services not being attacked by man-in-the-middle, so as to achieve wide application range and facilitate dynamic expansion Effect

Active Publication Date: 2017-06-27
BEIJINGNETENTSEC
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, the detection method for man-in-the-middle attacks on HTTPS services is not necessarily applicable to services such as SMTPS, because although the security of HTTPS services is high, it does not improve the security of SMTPS services
If the attacker cannot perform a man-in-the-middle attack through HTTPS, but because the detection technology of the man-in-the-middle attack through SMTPS and IMAPS is relatively weak, the attacker can conduct a man-in-the-middle attack through SMTPS and IMAPS, which will lead to the leakage of SSL encrypted data and cannot Thoroughly solve all SSL encryption services and prevent them from being attacked by man-in-the-middle

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting man-in-the-middle attack
  • Method and device for detecting man-in-the-middle attack
  • Method and device for detecting man-in-the-middle attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0055] image 3 It is a schematic diagram of the implementation flow of a detection method for a man-in-the-middle attack according to an embodiment of the present invention. The method includes:

[0056] Step 101: When it is necessary to detect a man-in-the-middle attack on the first SSL service, obtain the first encryption feature of the first SSL service and the preset second encryption feature of the second SSL service;

[0057] Specifically, when it is necessary to detect whether the first SSL service is attacked by a man-in-the-middle, the first encryption feature of the first SSL service and the preset second encryption feature of the second SSL service are obtained, so as to and the second encryption feature to determine whether the first SSL service is attacked by a man-in-the-middle.

[0058] Here, the first SSL service and the preset second SSL service are services carried by different application layer protocols based on the SSL encryption protocol; for example, f...

Embodiment 2

[0125] Embodiment 1 of the present invention will be further described below through a specific example. In this implementation, accessing the application server in mode A is the first SSL service, and the certificate trust chain for accessing the application server in mode A is the first encryption feature. Modes B and C Access to the application server is the second SSL service. The certificate trust chain for accessing the application server in methods B and C is the second encryption feature. The certificate trust chain for accessing the application server in method A is the same as the certificate trust chain for accessing the application server in method B and C. is the condition to be satisfied between the first encryption feature and the second encryption feature; Figure 5 It is a schematic diagram of a specific implementation flow chart of the detection method of the second man-in-the-middle attack in the embodiment of the present invention, and the method includes: ...

Embodiment 3

[0151] Embodiment 1 and Embodiment 2 are further described below through a specific example. In this implementation, sending emails using the SMTPS protocol is the first SSL service, and the certificate trust chain for sending emails using the SMTPS protocol is the first encryption feature. , using POP3S, IMAPS, HTTPS and other protocols to send e-mail is the second SSL service, using POP3S, IMAPS, HTTPS and other protocols to send e-mail certificate trust chain is the second encryption feature, using SMTPS protocol to send e-mail certificate trust chain and The same certificate trust chain for sending emails using POP3S, IMAPS, HTTPS and other protocols is a condition to be satisfied between the first encryption feature and the second encryption feature; email is the main communication medium for most organizations and is indispensable for users Communication tools, so the importance of email security is undeniable. The technical details of this embodiment will be described i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting a man-in-the-middle attack, which comprises the steps of: when a first SSL (Secure Socket Layer) service needs to be subjected to the man-in-the-middle attack, acquiring a first encryption feature of the first SSL service and a second encryption feature of a preset second SSL service; and judging whether the first encryption feature and the second encryption feature meet a set condition of being attacked by a man in the middle, and if yes, determining that the first SSL service is attacked by the man in the middle. The invention simultaneously further discloses a device for detecting the man-in-the-middle attack.

Description

technical field [0001] The invention relates to network security technology, in particular to a detection method and device for man-in-the-middle attacks. Background technique [0002] Man-in-the-middle attack (MITM, Man-in-the-middle attack) means that the attacker establishes independent connections with the two ends of the communication and exchanges the received data, so that the two ends of the communication think that they are passing through a private connection Talk directly to the other party, but in fact the entire conversation is completely controlled by the attacker. Additionally, during a man-in-the-middle attack, the attacker can intercept the conversation between the communicating parties and insert new content. figure 1 It is a schematic diagram of MITM. The attacker puts himself in the middleman position between the client and the server by means of session hijacking, so as to obtain the interactive messages between the client and the server during normal c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/32
CPCH04L9/3263H04L63/06H04L63/1416H04L63/1441H04L63/16
Inventor 张磊
Owner BEIJINGNETENTSEC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products