Man-in-the-Middle Attacks

man-in-the-middle attackMan-in-the-middle attacks are perhaps one of the more complex and sophisticated forms of security breaching approaches. As the name implies, such an attack involves the surreptitious placement of a software agent between the client and server ends of a communication. In this scenario, neither end of the communication is aware that the malicious agent is in the line of communication. For the most part, the man in the middle simply relays the data transmissions between client and server as though nothing is happening. What is generally happening in parallel with this process is that the agent is also recording the data as it is passed through. A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other. Such an attack results in a third party gaining access to a variety of different types of data, from login and password credentials to proprietary and confidential information. In addition, it is possible for the man-in-the-middle agent to modify data, causing unsold problems for the victim.

Man-in-the-middle attacks have increased considerably since the introduction of wireless networking. As a result, there is no need for the hacker to connect to a wire. Instead, the data can simply be intercepted from anywhere within range of the wireless signal.


Preventing Man-in-the-Middle Attacks

In order to prevent MITM attacks, some form of endpoint authentication is helpful. Just using public key encryption is not enough to prevent such an attack. As an example, suppose A and B are trying to communicate, and C is trying to intercept said communications. If B sends A his public key and C intercepts it, he can replace B’s public key with his own and send it to A. If A then encrypts a message with C’s public key (believing it to be B’s public key), then when it is sent, C can intercept and read it, decrypting it with his private key. He can also re-encrypt the message using C’s public key and send it to C.

Thus, any private-public key system requires some means of ensuring that a MITM attack does not compromise its integrity. One possible method is public key infrastructures (PKI). The main defense in a mutual authentication. In this case, as well as the application validating the user, the user’s devices validate the application – hence distinguishing rogue applications from genuine applications. Another possibility is a recorded media attestment, which can be either a verbal communication of a shared value for each session, or an audio/visual communication of the public key hash. In addition, stronger mutual authentication, such as secret keys and passwords often helps thwart man-in-the-middle attacks.

Latency examination may be a useful means of detecting man-in-the-middle attacks. For example, if each party performs a long cryptographic hash function calculation that takes 20 seconds normally, and the calculation takes 60 seconds to reach each party, this can indicate a third party.

The integrity of public keys must generally be assured in some manner, but need not be secret. Passwords and shared secret keys have the additional secrecy requirement. Public keys can be verified by a certificate authority whose public key is distributed through a secure channel. Public keys can also be verified by a web of trust that distributes public keys through a secure channel.

Quantum cryptography protocols, which use quantum communication and quantum communication to perform cryptographic tasks, can be used to thwart man-in-the-middle attacks. One method quantum cryptography employs is quantum key distribution (QKD), which establishes a shared key between two parties. If a third party tries to eavesdrop and learn these bits, the messages will be disturbed and the original two parties will notice. The key is then typically used for encrypted communication.


External Links:

Man-in-the-middle attack on Wikipedia

IP Spoofing and Defenses

IP address spoofing is the creation of IP packets with a source IP address with the purpose of concealing the identity of the sender or impersonating another computer system. The basis of spoofing involves masquerading as a trusted system in order to … [Continue reading]

Phishing: Common Variations

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details be masquerading as a trustworthy entity in electronic communications. Communications purporting to be from popular social networking sites, … [Continue reading]

Back Door Attacks

Back door attacks

Back door attacks utilize programs that provide a mechanism for entering a system without going through the usual authentication process. This can either take the form of hidden access points intentionally put into an application by the original … [Continue reading]

Distributed Denial of Service (DDoS) Attacks

In the previous article, we discussed denial of service (DoS) attacks. These attacks involve the use of a single client to launch an attack on a system or service. Distributed denial of service (DDoS) attacks use the same basic attack methodologies … [Continue reading]

Denial of Service (DoS) Attacks

Denial of Service (DoS) attacks are undertaken with the express purpose of preventing users from accessing and using a service they should otherwise be able to access. such attacks make malicious use of a variety of different standard protocols and … [Continue reading]

MailScanner Installation and Configuration: Part Two

In the previous article, we introduced MailScanner and covered installation as well as basic configuration. In this article, we will look at some of the other configuration options. If we navigate to Services -> MailScanner, there are nine … [Continue reading]

pfSense 2.1.4 Released

pfSense 2.1.4 has been released, about 2 months after pfSense 2.1.3. It is primarily a security release. Packages had their own individual fixes and need updating as well. For a full list of the fixes (security and otherwise) made in this version of … [Continue reading]

MailScanner Installation and Configuration: Part One

MailScanner

MailScanner is an e-mail security and anti-spam package for e-mail gateway systems. It is not designed to be run on Microsoft Windows desktop PCs. Instead, it is designed to be run on mail servers operated by companies and ISPs so that all their … [Continue reading]

Using the OLSR Daemon in pfSense

OLSR

The OLSR daemon is an implementation of the Optimized Link State Routing protocol. The Optimized Link State Routing Protocol is an IP routing protocol optimized for mobile ad hoc networks, which can also be used on other wireless ad hoc networks. … [Continue reading]

© 2013 David Zientara. All rights reserved. Privacy Policy