1. Field of the Invention
This invention pertains in general to computer security and in particular to detection of man-in-the-middle attacks by analysis of changes in security levels during transitions between network resources.
2. Description of the Related Art
Modern computer systems are often susceptible to a number of different problems, problems which are exacerbated by the increasing complexity of computer systems. One such problem relates to system security, and in particular to “man-in-the-middle” attacks, in which a malicious third party (hereinafter “attacker”) eavesdrops on electronic communications between two parties, intercepting the communications and injecting new substitute communications. Such attacks can arise in a variety of contexts, such as in a wireless communications network, where the attacker places a wireless “hotspot” near a legitimate hotspot, leading a user to unwittingly route data through the hotspot of the attacker. The attacker can then copy and modify the data communicated between the two parties.
In one form of man-in-the-middle attack, the attacker intercepts a web page sent from a server to a client, lowering the security level by replacing links to uniform resource locators (URLs) that specify the use of HTTPS with links that specify unsecure HTTP. For example, a user might begin at the initial, unsecure web page of a web site (e.g., a web page using HTTP), which contains a link leading to a login page and specifying that the login page uses HTTPS. However, since the initial page uses HTTP and is consequently unsecure, the attacker can intercept the initial web page and replace the link to the login page with a link that specifies HTTP rather than HTTPS. For example, the attacker could change a link of the form https://signin.site.com/action?SignIn to http://signin.site.com/action?SignIn. Thus, when the user clicks the login link, it will lead to an unsecure but functional login page using HTTP, and the user's login information will therefore be visible to the attacker, unbeknownst to the user.