Litcius/Paper detail

Browser-in-the-Middle (BitM) attack

Franco Tommasi, Christian Catalano, Ivan Taurino

2021International Journal of Information Security21 citationsDOIOpen Access PDF

Abstract

Abstract Man-in-the-Middle (MitM), one of the best known attacks in the world of computer security, is among the greatest concerns for professionals in the field. Main goal of MitM is to compromise confidentiality, integrity and availability of data flowing between source and destination. However, most of its many variants involve difficulties that make it not always possible. The present paper aims at modelling and describing a new method of attack, named Browser-in-the-Middle (BitM) which, despite the similarities with MitM in the way it controls the data flow between a client and the service it accesses, bypasses some of MitM’s typical shortcomings. It could be started by phishing techniques and in some cases coupled to the well-known Man-in-the-Browser (MitB) attack. It will be seen how BitM expands the range of the possible attacker’s actions, at the same time making them easier to implement. Among its features, the absence of the need to install malware of any kind on the victim’s machine and the total control it allows the attacker are to be emphasized.

Topics & Concepts

Man-in-the-middle attackComputer securityComputer scienceMalwareConfidentialityInternet privacyCryptographyAuthentication (law)Advanced Malware Detection TechniquesNetwork Security and Intrusion DetectionSpam and Phishing Detection