Documente Academic
Documente Profesional
Documente Cultură
on
NACORE 2016
PRIYANKA MISHRA
&
ASHUTOSH SINGH
Key concept
Middle Attack
of
Man-in-the-
MAN-IN-THE-MIDDLE ATTACK
Wrapping
Attack
Impersonating
Attack
Flooding Attack
Browser Attack
SSL Attack
2. Impersonating Attack
3. Flooding Attack
4. Browser Attack:
Situation of attack: In Browser attack, the spurious user steal the data
by destructing signature and sabotaging encryption while translation of
SOAP messages between web browser and web server. The browser
consider the adversary as a authenticated user and process all the
communication and requests with web server which causes browser attack
over cloud.
Possible Solution: The proposed solution to stop data stealing is that,
at the end of every session, the customer will send an e-Mail about the
usage and duration with a special number to be used for log in next time.
In this way, the customer will be aware of the usage and charges as well as
be availed with a unique number to be used every time to access the
system.
5. SSL Attack:
10
Situation of Attack: SSL attack takes place in cloud in two forms namely
; SSL Stripping & SSL Sniffing attack.
SSL Stripping: Because of this lack of standard there is no such assurance
that the provider is a legitimate provider or not. Such weakness of SSL is
exploited in the stripping attack which is launched by embedding a null
character in a domain name containing the name of a valid certifying
authority.
SSL Sniffing attack: The public key is dispatched to the client by the
server in the form of certificate signed by the certifying Authority (CA).
The intermediate CA certificates, does not guarantee the legitimacy of
the website and are not embedded in the browser. This limitation of SSL
certificate can be misused by the attackers to launch an SSL Sniffing
attack.
11
Possible solutions Using encrypted communication & side-channel
authentication of the TLS always, is the only and reliable way to
prevent/detect Stripping attack. This means in practice that after a key
exchange the server and the user end up with certain shared secrets or
keys.
For preventing Sniffing attack, cloud vendors must construct such web
browsers that apply WS-Security concept. WS-Security provides end-to-end
encryption and does not have to be decrypted at intermediary hosts.
Consequently,
are unable
andcommon
gain plain
text
SOAP
Conclusion:attackers
MITM attacks
are to
thesniff
most
type
of ofattacks
messages
at the
hosts.users over cloud. Thus, to maintain the
implemented
by intermediary
the unauthorised
reliability of the cloud users we must be aware of these attacks possibilities
and should employ the more stringent layers of security to detect and
prevent such attacks to protect the confidential data over cloud. By
implementing all the above possible solutions for their respective attacks we
can avoid the attackers intention to exploit the data over cloud.
12
THANK YOU