Lessons Learned: A Security Analysis of the Internet Chess Club

Tucson, Arizona December 05-December 09

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.36

21st Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by John Black Articles by Martin Cochran Articles by Martin Ryan Gardner

	ASCII Text	x
	John Black, Martin Cochran, Martin Ryan Gardner, "Lessons Learned: A Security Analysis of the Internet Chess Club," Computer Security Applications Conference, Annual, pp. 245-253, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.

	BibTex	x
	@article{ 10.1109/CSAC.2005.36, author = {John Black and Martin Cochran and Martin Ryan Gardner}, title = {Lessons Learned: A Security Analysis of the Internet Chess Club}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2005}, issn = {1063-9527}, pages = {245-253}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.36}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Lessons Learned: A Security Analysis of the Internet Chess Club SN - 1063-9527 SP245 EP253 A1 - John Black, A1 - Martin Cochran, A1 - Martin Ryan Gardner, PY - 2005 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

John Black, University of Colorado

Martin Cochran, University of Colorado

Martin Ryan Gardner, University of Colorado

The Internet Chess Club (ICC) is a popular online chess server with more than 30,000 members worldwide including various celebrities and the best chess players in the world. Although the ICC website assures its users that the security protocol used between client and server provides sufficient security for sensitive information to be transmitted (such as credit card numbers), we show this is not true. In particular we show how a passive adversary can easily read all communications with a trivial amount of computation, and how an active adversary can gain virtually unlimited powers over an ICC user. We also show simple methods for defeating the timestamping mechanism used by ICC. For each problem we uncover, we suggest repairs and draw conclusions on how to best avoid repeating these types of problems in the future.

Citation:

John Black, Martin Cochran, Martin Ryan Gardner, "Lessons Learned: A Security Analysis of the Internet Chess Club," acsac, pp.245-253, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.