Avoiding man-in-the-middle attacks when verifying public terminals

Alpár, G.; Hoepman, J.H.

Avoiding man-in-the-middle attacks when verifying public terminals

conference paper

2012

Alpár, G.

Hoepman, J.H.

An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that (a) all communications are indeed carried out with the intended terminal, (b) such communications are confidential, and (c) the terminal's integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping. We have analysed several existing transaction schemes and concluded that they tend not to meet all requirements during the entire transaction. We propose a new, generic protocol that provides (a) optional terminal identification, (b) key establishment, and (c) customisable integrity assurance. © 2012 IFIP International Federation for Information Processing.

TNO Identifier

463901

Repository link

https://resolver.tno.nl/uuid:ab2413ea-17de-4a30-8486-f86ab0f8b517

Source title

7th IFIP Summer School on Privacy and Identity Management for Emerging Internet Applications, 5 September 2011 through 9 September 2011, Trento

Pages

261-273

Files

To receive the publication files, please send an e-mail request to TNO Repository.

Avoiding man-in-the-middle attacks when verifying public terminals

Make TNO yours!