METHOD FOR SERVER-SIDE DETECTION OF MAN-IN-THE-MIDDLE ATTACKS

US 20090210712A1
Filed: 02/19/2008
Published: 08/20/2009
Est. Priority Date: 02/19/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method to detect a man-in-the-middle attack against a communication session over a channel between a client and a server, where said communication session is initiated by said client and said server, said method comprising (1) said server receiving an authentication credential from said client created by applying a cryptographic function to at least a secret shared between said client and said server;

and (2) said server performing verification of said authentication credential using at least said secret, characterized in that said cryptographic function and said verification operate on distinctive information respecting said channel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Problem The combination of a tendency towards permissivity when verifying certificate authenticity and the use of in-band client authentication opens up an opportunity for attackers to mount man-in-the-middle attacks on SSL connections.

Solution The invention exposes any discrepancy between the intended recipient of the client credential and the actual recipient of the client credential by cryptographically including parameters that are uniquely linked to the channel (i.e., the communication session, as characterized by the parameters of the protocols that are being used), preferably the channel end points, in the calculation of the client credential. This links the process that provides the secure channel (e.g., the SSL protocol session) to the process that provides the authentication credential (e.g., the OTP token operation), thus exposing any attack that would break up the client-server channel. This is achieved without the requirement for an additional encrypted tunnel and allowing the continued use of existing components such as existing browsers.

119 Citations

62 Claims

1. A method to detect a man-in-the-middle attack against a communication session over a channel between a client and a server, where said communication session is initiated by said client and said server, said method comprising (1) said server receiving an authentication credential from said client created by applying a cryptographic function to at least a secret shared between said client and said server;
- and (2) said server performing verification of said authentication credential using at least said secret, characterized in that said cryptographic function and said verification operate on distinctive information respecting said channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further characterized in that said distinctive information includes a function of a key used to encrypt said communication session.
  - 3. The method of claim 1, further characterized in that said distinctive information includes channel end point information.
  - 4. The method of claim 3, further characterized in that said distinctive information includes server information.
  - 5. The method of claim 3, further characterized in that said distinctive information includes client information.
  - 6. The method of claim 4, further characterized in that said distinctive information includes a function of said server'"'"'s server public key.
  - 7. The method of claim 4, further characterized in that said distinctive information includes a function of said server'"'"'s public key certificate.
  - 8. The method of claim 4, further characterized in that said distinctive information includes said server'"'"'s IP address.
  - 9. The method of claim 4, further characterized in that said distinctive information includes said server'"'"'s domain name.
  - 10. The method of claim 4, further characterized in that said distinctive information includes said server'"'"'s uniform resource locator.
  - 11. The method of claim 5, further characterized in that said distinctive information includes said client'"'"'s IP address.
  - 12. The method of any of claims 1-5, further characterized in that said cryptographic function additionally operates on at least one dynamic value.
  - 13. The method of claim 12, further characterized in that said at least one dynamic value is known within certain margins of accuracy at both said client and said server.

14. A method to allow detection of a man-in-the-middle attack against a communication session over a channel between a client and a server, where said communication session is initiated by said client and said server and said man-in-the-middle attack may be detected by said server performing a verification on an authentication credential created by said client, said method comprising (1) said client creating an authentication credential by applying a cryptographic function to at least a secret shared between said client and said server;
- and (2) said client transmitting said authentication credential to said server, characterized in that said cryptographic function operates on distinctive information respecting said channel.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The method of claim 14, further characterized in that said distinctive information includes a function of a key used to encrypt said communication session.
  - 16. The method of claim 14, further characterized in that said distinctive information includes channel end point information.
  - 17. The method of claim 16, further characterized in that said distinctive information includes server information.
  - 18. The method of claim 16, further characterized in that said distinctive information includes client information.
  - 19. The method of claim 17, further characterized in that said distinctive information includes a function of said server'"'"'s server public key.
  - 20. The method of claim 17, further characterized in that said distinctive information includes a function of said server'"'"'s public key certificate.
  - 21. The method of claim 17, further characterized in that said distinctive information includes said server'"'"'s IP address.
  - 22. The method of claim 17, further characterized in that said distinctive information includes said server'"'"'s domain name.
  - 23. The method of claim 17, further characterized in that said distinctive information includes said server'"'"'s uniform resource locator.
  - 24. The method of claim 18, further characterized in that said distinctive information includes said client'"'"'s IP address.
  - 25. The method of any of claims 14-18, further characterized in that said cryptographic function additionally operates on at least one dynamic value.
  - 26. The method of claim 25, further characterized in that said at least one dynamic value is known within certain margins of accuracy at both said client and said server.

27. An apparatus adapted to generate or verify a client authentication credential for authenticating said client in a client-server transaction over a communication channel, said apparatus comprising an agent for performing a cryptographic function using a secret shared between said client and said server as part of said generating or verifying, characterized in that said cryptographic function also operates on or reproduces distinctive information respecting said channel.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 28. The apparatus of claim 27, further characterized in that said distinctive information includes a function of a key used to encrypt communications over said communication channel.
  - 29. The apparatus of claim 27, further characterized in that said distinctive information includes channel end point information.
  - 30. The apparatus of claim 29, further characterized in that said distinctive information includes server information.
  - 31. The apparatus of claim 29, further characterized in that said distinctive information includes client information.
  - 32. The apparatus of claim 30, further characterized in that said distinctive information includes a function of said server'"'"'s public key.
  - 33. The apparatus of claim 30, further characterized in that said distinctive information includes a function of said server'"'"'s public key certificate.
  - 34. The apparatus of claim 30, further characterized in that said distinctive information includes said server'"'"'s IP address.
  - 35. The apparatus of claim 30, further characterized in that said distinctive information includes said server'"'"'s domain name.
  - 36. The apparatus of claim 30, further characterized in that said distinctive information includes said server'"'"'s uniform resource locator.
  - 37. The apparatus of claim 31, further characterized in that said distinctive information includes said client'"'"'s IP address.
  - 38. The apparatus of any of claims 27-31, further characterized in that said cryptographic function additionally operates on at least one dynamic value.
  - 39. The apparatus of claim 38, further characterized in that said at least one dynamic value is known within certain margins of accuracy at both said client and said server.

40. A computer-readable storage medium containing a program for a computer which when executed generates or verifies a client authentication credential for authenticating said client in a client-server transaction over a communication channel wherein said credential is generated using at least a cryptographic function employing a secret shared between said client and said server, characterized in that said cryptographic function also operates on distinctive information respecting said channel.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 41. The medium of claim 40, further characterized in that said distinctive information includes a function of a key used to encrypt communications over said communication channel.
  - 42. The medium of claim 40, further characterized in that said distinctive information includes channel end point information.
  - 43. The medium of claim 42, further characterized in that said distinctive information includes server information.
  - 44. The medium of claim 42, further characterized in that said distinctive information includes client information.
  - 45. The medium of claim 43, further characterized in that said distinctive information includes a function of said server'"'"'s public key.
  - 46. The medium of claim 43, further characterized in that said distinctive information includes a function of said server'"'"'s public key certificate.
  - 47. The medium of claim 43, further characterized in that said distinctive information includes said server'"'"'s IP address.
  - 48. The medium of claim 43, further characterized in that said distinctive information includes said server'"'"'s domain name.
  - 49. The medium of claim 43, further characterized in that said distinctive information includes said server'"'"'s uniform resource locator.
  - 50. The medium of claim 44, further characterized in that said distinctive information includes said client'"'"'s IP address.
  - 51. The medium of any of claims 40-44, further characterized in that said cryptographic function additionally operates on at least one dynamic value.
  - 52. The medium of claim 51, further characterized in that said at least one dynamic value is known within certain margins of accuracy at both said client and said server.
  - 53. The program of any of claims 40-44, further characterized in that said program is a JAVA applet.
  - 54. The medium of any of claims 40-44, further characterized in that said program is a web browser plug-in.
  - 55. The medium of any of claims 40-44, further characterized in that said program is an ActiveX applet.
  - 56. The medium of any of claims 40-44, further characterized in that said secret is stored in a non-volatile memory in said computer.
  - 57. The medium of any of claims 40-44, further characterized in that said program is adapted to accept said secret from a human interface device coupled to said computer.
  - 58. The medium of claim 57, further characterized in that said secret is generated by an unconnected token.
  - 59. The medium of any of claims 40-44, further characterized in that said program is configured to cooperate with a security device by passing information to it and receiving information from it.
  - 60. The medium of claim 59, further characterized in that said security device is a strong authentication token.
  - 61. The medium of claim 59, further characterized in that said security device is a USB token.
  - 62. The medium of claim 59, further characterized in that said security device is a smart card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vasco Data Security Incorporated (OneSpan, Inc.)
Original Assignee
Vasco Data Security Incorporated (OneSpan, Inc.)
Inventors
Fort, Nicolas

Application Number

US12/033,462
Publication Number

US 20090210712A1
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/3263   involving certificates, e.g...

METHOD FOR SERVER-SIDE DETECTION OF MAN-IN-THE-MIDDLE ATTACKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

119 Citations

62 Claims

Specification

Use Cases

Quick Links

Others

METHOD FOR SERVER-SIDE DETECTION OF MAN-IN-THE-MIDDLE ATTACKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

62 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others