{"title":"使用个人用户密钥击败对加密货币交换帐户的MITM攻击","authors":"Cheman Shaik","doi":"10.5121/IJNSA.2021.13104","DOIUrl":null,"url":null,"abstract":"Presented herein is a User-SpecificKey Scheme based on Elliptic Curve Cryptography that defeats man-inthe-middle attacks on cryptocurrency exchange accounts. In this scheme, a separate public and private key pair is assigned to every account and the public key is shifted either forward or backward on the elliptic curve by a difference of the account user’s password. When a user logs into his account, the server sends the shifted public key of his account. The user computes the actual public key of his account by reverse shifting the shifted public key exactly by a difference of his password. Alternatively, shifting can be applied to the user’s generator instead of the public key. Described in detail is as to how aman-in-the-middle attack takes place and how the proposed scheme defeats the attack. Provided detailed security analysis in both the cases of publickey shifting and generator shifting. Further, compared the effectiveness of another three authentication schemes in defending passwords against MITM attacks.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"106 1","pages":"51-64"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Defeating MITM Attacks on Cryptocurrency Exchange Accounts with Individual User Keys\",\"authors\":\"Cheman Shaik\",\"doi\":\"10.5121/IJNSA.2021.13104\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Presented herein is a User-SpecificKey Scheme based on Elliptic Curve Cryptography that defeats man-inthe-middle attacks on cryptocurrency exchange accounts. In this scheme, a separate public and private key pair is assigned to every account and the public key is shifted either forward or backward on the elliptic curve by a difference of the account user’s password. When a user logs into his account, the server sends the shifted public key of his account. The user computes the actual public key of his account by reverse shifting the shifted public key exactly by a difference of his password. Alternatively, shifting can be applied to the user’s generator instead of the public key. Described in detail is as to how aman-in-the-middle attack takes place and how the proposed scheme defeats the attack. Provided detailed security analysis in both the cases of publickey shifting and generator shifting. Further, compared the effectiveness of another three authentication schemes in defending passwords against MITM attacks.\",\"PeriodicalId\":93303,\"journal\":{\"name\":\"International journal of network security & its applications\",\"volume\":\"106 1\",\"pages\":\"51-64\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-01-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International journal of network security & its applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5121/IJNSA.2021.13104\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of network security & its applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5121/IJNSA.2021.13104","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Defeating MITM Attacks on Cryptocurrency Exchange Accounts with Individual User Keys
Presented herein is a User-SpecificKey Scheme based on Elliptic Curve Cryptography that defeats man-inthe-middle attacks on cryptocurrency exchange accounts. In this scheme, a separate public and private key pair is assigned to every account and the public key is shifted either forward or backward on the elliptic curve by a difference of the account user’s password. When a user logs into his account, the server sends the shifted public key of his account. The user computes the actual public key of his account by reverse shifting the shifted public key exactly by a difference of his password. Alternatively, shifting can be applied to the user’s generator instead of the public key. Described in detail is as to how aman-in-the-middle attack takes place and how the proposed scheme defeats the attack. Provided detailed security analysis in both the cases of publickey shifting and generator shifting. Further, compared the effectiveness of another three authentication schemes in defending passwords against MITM attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
