WWW:Beyond the Basics

14 Java Security

14.5 Extending Java Security

14.5.1 Man in the Middle

All networked systems are potentially vulnerable to the "Man-in-the-middle" attack. In this attack, a client contacts a legitimate server on the network and requests some action. The attacker or the man in the middle, notices this request and waits for the server to respond. The attacker then intercepts the response and supplies a bogus reply to the client. For example, an attacker might watch an Internet-based banking site. As clients visit the page which provides the bill paying services, the attacker diverts the bank's responses and provides a malicious applet which mimics the bank's service, but also steals a copy of the user's credit card and bank account numbers.

The Java Security API is a new Java Core API, built around the java.security package. It is designed to let developers incorporate both low level and high level security functionality into their Java applications. This includes digital signatures, data encryption, key management and access control. Brief descriptions are given below:

[PREV][NEXT][UP][HOME][VT CS]

Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved

Vijay Sureshkumar <vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996