MITHYS: Mind The Hand You Shake - Protecting Mobile Devices from SSL Usage Vulnerabilities

M. Conti, Nicola Dragoni, S. Gottardo

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

Recent studies have shown that a significant number of mobile applications, often handling sensitive data such as bank accounts and login credentials, suffers from SSL vulnerabilities. Most of the time, these vulnerabilities are due to improper use of the SSL protocol (in particular, in its handshake phase), resulting in applications exposed to man-in-the-middle attacks. In this paper, we present MITHYS, a system able to: (i) detect applications vulnerable to man-in-the-middle attacks, and (ii) protect them against these attacks. We demonstrate the feasibility of our proposal by means of a prototype implementation in Android, named MITHYSApp. A thorough set of experiments assesses the validity of our solution in detecting and protecting mobile applications from man-in-the-middle attacks, without introducing significant overheads. Finally, MITHYSApp does not require any special permissions nor OS modifications, as it operates at the application level. These features make MITHYSApp immediately deployable on a large user base.
Original languageEnglish
Title of host publicationSecurity and Trust Management : 9th International Workshop, STM 2013, Egham, UK, September 12-13, 2013. Proceedings
PublisherSpringer
Publication date2013
Pages65-81
ISBN (Print)978-3-642-41097-0
ISBN (Electronic)978-3-642-41098-7
DOIs
Publication statusPublished - 2013
Event9th International Workshop on Security and Trust Management (STM 2013) - Egham, United Kingdom
Duration: 12 Sep 201313 Sep 2013
https://sites.google.com/site/sectrustmgmt2013/

Workshop

Workshop9th International Workshop on Security and Trust Management (STM 2013)
CountryUnited Kingdom
CityEgham
Period12/09/201313/09/2013
Internet address
SeriesLecture Notes in Computer Science
Volume8203
ISSN0302-9743

Fingerprint Dive into the research topics of 'MITHYS: Mind The Hand You Shake - Protecting Mobile Devices from SSL Usage Vulnerabilities'. Together they form a unique fingerprint.

Cite this