MITHYS: Mind The Hand You Shake - Protecting Mobile Devices from SSL Usage Vulnerabilities

M. Conti; Nicola Dragoni; S. Gottardo

doi:10.1007/978-3-642-41098-7_5

MITHYS: Mind The Hand You Shake - Protecting Mobile Devices from SSL Usage Vulnerabilities

M. Conti, Nicola Dragoni, S. Gottardo

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Abstract

Recent studies have shown that a significant number of mobile applications, often handling sensitive data such as bank accounts and login credentials, suffers from SSL vulnerabilities. Most of the time, these vulnerabilities are due to improper use of the SSL protocol (in particular, in its handshake phase), resulting in applications exposed to man-in-the-middle attacks. In this paper, we present MITHYS, a system able to: (i) detect applications vulnerable to man-in-the-middle attacks, and (ii) protect them against these attacks. We demonstrate the feasibility of our proposal by means of a prototype implementation in Android, named MITHYSApp. A thorough set of experiments assesses the validity of our solution in detecting and protecting mobile applications from man-in-the-middle attacks, without introducing significant overheads. Finally, MITHYSApp does not require any special permissions nor OS modifications, as it operates at the application level. These features make MITHYSApp immediately deployable on a large user base.

Original language	English
Title of host publication	Security and Trust Management : 9th International Workshop, STM 2013, Egham, UK, September 12-13, 2013. Proceedings
Publisher	Springer
Publication date	2013
Pages	65-81
ISBN (Print)	978-3-642-41097-0
ISBN (Electronic)	978-3-642-41098-7
DOIs	https://doi.org/10.1007/978-3-642-41098-7_5
Publication status	Published - 2013
Event	9th International Workshop on Security and Trust Management (STM 2013) - Egham, United Kingdom Duration: 12 Sep 2013 → 13 Sep 2013 https://sites.google.com/site/sectrustmgmt2013/

Workshop

Workshop	9th International Workshop on Security and Trust Management (STM 2013)
Country	United Kingdom
City	Egham
Period	12/09/2013 → 13/09/2013
Internet address	https://sites.google.com/site/sectrustmgmt2013/

Series	Lecture Notes in Computer Science
Volume	8203
ISSN	0302-9743

Access to Document

10.1007/978-3-642-41098-7_5

Fingerprint Dive into the research topics of 'MITHYS: Mind The Hand You Shake - Protecting Mobile Devices from SSL Usage Vulnerabilities'. Together they form a unique fingerprint.

Cite this

@inproceedings{9de9a348170042ac9149a5dc151716d7,

title = "MITHYS: Mind The Hand You Shake - Protecting Mobile Devices from SSL Usage Vulnerabilities",

abstract = "Recent studies have shown that a significant number of mobile applications, often handling sensitive data such as bank accounts and login credentials, suffers from SSL vulnerabilities. Most of the time, these vulnerabilities are due to improper use of the SSL protocol (in particular, in its handshake phase), resulting in applications exposed to man-in-the-middle attacks. In this paper, we present MITHYS, a system able to: (i) detect applications vulnerable to man-in-the-middle attacks, and (ii) protect them against these attacks. We demonstrate the feasibility of our proposal by means of a prototype implementation in Android, named MITHYSApp. A thorough set of experiments assesses the validity of our solution in detecting and protecting mobile applications from man-in-the-middle attacks, without introducing significant overheads. Finally, MITHYSApp does not require any special permissions nor OS modifications, as it operates at the application level. These features make MITHYSApp immediately deployable on a large user base.",

author = "M. Conti and Nicola Dragoni and S. Gottardo",

year = "2013",

doi = "10.1007/978-3-642-41098-7_5",

language = "English",

isbn = "978-3-642-41097-0",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "65--81",

booktitle = "Security and Trust Management",

note = "9th International Workshop on Security and Trust Management (STM 2013) ; Conference date: 12-09-2013 Through 13-09-2013",

url = "https://sites.google.com/site/sectrustmgmt2013/",

}

Conti, M, Dragoni, N & Gottardo, S 2013, MITHYS: Mind The Hand You Shake - Protecting Mobile Devices from SSL Usage Vulnerabilities. in Security and Trust Management: 9th International Workshop, STM 2013, Egham, UK, September 12-13, 2013. Proceedings. Springer, Lecture Notes in Computer Science, vol. 8203, pp. 65-81, 9th International Workshop on Security and Trust Management (STM 2013), Egham, United Kingdom, 12/09/2013. https://doi.org/10.1007/978-3-642-41098-7_5

MITHYS: Mind The Hand You Shake - Protecting Mobile Devices from SSL Usage Vulnerabilities. / Conti, M.; Dragoni, Nicola; Gottardo, S.

Security and Trust Management: 9th International Workshop, STM 2013, Egham, UK, September 12-13, 2013. Proceedings. Springer, 2013. p. 65-81 (Lecture Notes in Computer Science, Vol. 8203).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - MITHYS: Mind The Hand You Shake - Protecting Mobile Devices from SSL Usage Vulnerabilities

AU - Conti, M.

AU - Dragoni, Nicola

AU - Gottardo, S.

PY - 2013

Y1 - 2013

N2 - Recent studies have shown that a significant number of mobile applications, often handling sensitive data such as bank accounts and login credentials, suffers from SSL vulnerabilities. Most of the time, these vulnerabilities are due to improper use of the SSL protocol (in particular, in its handshake phase), resulting in applications exposed to man-in-the-middle attacks. In this paper, we present MITHYS, a system able to: (i) detect applications vulnerable to man-in-the-middle attacks, and (ii) protect them against these attacks. We demonstrate the feasibility of our proposal by means of a prototype implementation in Android, named MITHYSApp. A thorough set of experiments assesses the validity of our solution in detecting and protecting mobile applications from man-in-the-middle attacks, without introducing significant overheads. Finally, MITHYSApp does not require any special permissions nor OS modifications, as it operates at the application level. These features make MITHYSApp immediately deployable on a large user base.

AB - Recent studies have shown that a significant number of mobile applications, often handling sensitive data such as bank accounts and login credentials, suffers from SSL vulnerabilities. Most of the time, these vulnerabilities are due to improper use of the SSL protocol (in particular, in its handshake phase), resulting in applications exposed to man-in-the-middle attacks. In this paper, we present MITHYS, a system able to: (i) detect applications vulnerable to man-in-the-middle attacks, and (ii) protect them against these attacks. We demonstrate the feasibility of our proposal by means of a prototype implementation in Android, named MITHYSApp. A thorough set of experiments assesses the validity of our solution in detecting and protecting mobile applications from man-in-the-middle attacks, without introducing significant overheads. Finally, MITHYSApp does not require any special permissions nor OS modifications, as it operates at the application level. These features make MITHYSApp immediately deployable on a large user base.

U2 - 10.1007/978-3-642-41098-7_5

DO - 10.1007/978-3-642-41098-7_5

M3 - Article in proceedings

SN - 978-3-642-41097-0

T3 - Lecture Notes in Computer Science

SP - 65

EP - 81

BT - Security and Trust Management

PB - Springer

T2 - 9th International Workshop on Security and Trust Management (STM 2013)

Y2 - 12 September 2013 through 13 September 2013

ER -