WEKO3
アイテム
Man-in-the-Portal: Breaking SSL/TLS Silently Abusing Captive Portal
https://ipsj.ixsq.nii.ac.jp/records/241744
https://ipsj.ixsq.nii.ac.jp/records/241744986a8a58-3ac9-4f57-9f99-5ef22c3872f9
名前 / ファイル | ライセンス | アクション |
---|---|---|
![]()
2026年12月14日からダウンロード可能です。
|
Copyright (c) 2024 by the Information Processing Society of Japan
|
|
非会員:¥0, IPSJ:学会員:¥0, 論文誌:会員:¥0, DLIB:会員:¥0 |
Item type | Journal(1) | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
公開日 | 2024-12-15 | |||||||||||||
タイトル | ||||||||||||||
タイトル | Man-in-the-Portal: Breaking SSL/TLS Silently Abusing Captive Portal | |||||||||||||
タイトル | ||||||||||||||
言語 | en | |||||||||||||
タイトル | Man-in-the-Portal: Breaking SSL/TLS Silently Abusing Captive Portal | |||||||||||||
言語 | ||||||||||||||
言語 | eng | |||||||||||||
キーワード | ||||||||||||||
主題Scheme | Other | |||||||||||||
主題 | [特集:社会的・倫理的なオンライン活動を支援するセキュリティとトラスト] Man-in-the-Middle attacks, SSL/TLS, public hotspots, Wi-Fi, captive portal | |||||||||||||
資源タイプ | ||||||||||||||
資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||
資源タイプ | journal article | |||||||||||||
著者所属 | ||||||||||||||
Graduate School of Engineering, Kobe University | ||||||||||||||
著者所属 | ||||||||||||||
Graduate School of Engineering, Kobe University | ||||||||||||||
著者所属 | ||||||||||||||
Graduate School of Engineering, Kobe University | ||||||||||||||
著者所属 | ||||||||||||||
Graduate School of Engineering, Kobe University | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
Graduate School of Engineering, Kobe University | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
Graduate School of Engineering, Kobe University | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
Graduate School of Engineering, Kobe University | ||||||||||||||
著者所属(英) | ||||||||||||||
en | ||||||||||||||
Graduate School of Engineering, Kobe University | ||||||||||||||
著者名 |
Keiichiro, Kimura
× Keiichiro, Kimura
× Hiroki, Kuzuno
× Yoshiaki, Shiraishi
× Masakatu, Morii
|
|||||||||||||
著者名(英) |
Keiichiro, Kimura
× Keiichiro, Kimura
× Hiroki, Kuzuno
× Yoshiaki, Shiraishi
× Masakatu, Morii
|
|||||||||||||
論文抄録 | ||||||||||||||
内容記述タイプ | Other | |||||||||||||
内容記述 | The proliferation of public hotspots has led to the use of captive portals to protect hotspots and ensure their appropriate use. Captive portals control external sessions until user authentication at the hotspot is complete. One feature of captive portals is that these can redirect the authenticated user to an arbitrary website. However, cyber-attacks have been reported that exploit captive portals and there is an urgent need to improve the protocol of captive portals. In this paper, we reveal a critical flaw in the captive portal protocol and propose a man-in-the-middle attack that exploits the flaw to disable SSL/TLS. We name this attack Man-in-the-Portal (MITP). The attack is the first to exploit the post-authentication redirection of a captive portal as a starting point to disable SSL/TLS. The attacker can easily eavesdrop on and tamper with a victim device's communications. Our attack is also feasible without requiring any special privileges or tools. To demonstrate the effectiveness and practicality, we evaluate the MITP attack on five commercially available wireless devices as our proof-of-concept, and show that the attack poses significant threats. Furthermore, we analyze the root causes of the MITP attack and present protocol-level countermeasures to improve the security of wireless communications. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.1066 ------------------------------ |
|||||||||||||
論文抄録(英) | ||||||||||||||
内容記述タイプ | Other | |||||||||||||
内容記述 | The proliferation of public hotspots has led to the use of captive portals to protect hotspots and ensure their appropriate use. Captive portals control external sessions until user authentication at the hotspot is complete. One feature of captive portals is that these can redirect the authenticated user to an arbitrary website. However, cyber-attacks have been reported that exploit captive portals and there is an urgent need to improve the protocol of captive portals. In this paper, we reveal a critical flaw in the captive portal protocol and propose a man-in-the-middle attack that exploits the flaw to disable SSL/TLS. We name this attack Man-in-the-Portal (MITP). The attack is the first to exploit the post-authentication redirection of a captive portal as a starting point to disable SSL/TLS. The attacker can easily eavesdrop on and tamper with a victim device's communications. Our attack is also feasible without requiring any special privileges or tools. To demonstrate the effectiveness and practicality, we evaluate the MITP attack on five commercially available wireless devices as our proof-of-concept, and show that the attack poses significant threats. Furthermore, we analyze the root causes of the MITP attack and present protocol-level countermeasures to improve the security of wireless communications. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.1066 ------------------------------ |
|||||||||||||
書誌レコードID | ||||||||||||||
収録物識別子タイプ | NCID | |||||||||||||
収録物識別子 | AN00116647 | |||||||||||||
書誌情報 |
情報処理学会論文誌 巻 65, 号 12, 発行日 2024-12-15 |
|||||||||||||
ISSN | ||||||||||||||
収録物識別子タイプ | ISSN | |||||||||||||
収録物識別子 | 1882-7764 | |||||||||||||
公開者 | ||||||||||||||
言語 | ja | |||||||||||||
出版者 | 情報処理学会 |