Monday, January 11, 2016

What is a Man-In-The-Middle Attack ?



A Man-In-The-Middle Attack is an attack in which an attacker eavesdrop and possibly alters the communication between two hosts over the network and steals sensitive data to perform more attacks.








How is Man-In-The-Middle Attack perpetrated


Man-In-The-Middle Attack can be perpetrated as it is mentioned below :


  • Adam and Bob are directly communicating with each other over the network. Ideally, both of them should have a public-private keypair. Adam will encrypt his messages with Bob's public key and send them to Bob. Bob will decrypt them with his private key. Again, Bob will encrypt messages with Adam's public key and send them to Adam. Adam will decrypt them with his private key.
  • An attacker plans to listen to the communication between them to steal sensitive information transferred between Adam and Bob.
  • Adam and Bob start their communication and they start exchanging their public keys.
  • The attacker creates his own public-private keypair.
  • When Adam sends his public key to Bob, the attacker intercepts it. He notes down Adam's public key, but impersonates to Bob as Adam and sends Bob the attacker's public key instead.
  • Similarly, when Bob sends his public key to Adam, the attacker intercepts it. The attacker notes down Bob's public key and sends Adam the attacker's public key instead.
  • Now, when Adam sends any message to Bob, Adam encrypts the message with the attacker's public key unknowingly. And the same is true for Bob.
  • When Adam sends any message to Bob, the attacker deciphers it with the attacker's private key and reads it. The attacker then encrypts the message again with Bob's public key and sends it to Bob.
  • Similarly, when Bob sends any message to Adam, the attacker deciphers it with the attacker's private key and reads it. The attacker then encrypts the message again with Adam's public key and sends it to Adam.
  • The attacker is now able to steal all the sensitive data communicated between Adam and Bob.




Countermeasures of Man-in-the-middle Attack


There are a couple of defensive steps that we can take.

  • Use Secure DNS Extensions.
  • Whenever two hosts want to transfer sensitive data between them, do it over TLS protocol.
  • Public keys should be verified by a Certificate Authority before using it.
  • Key Agreement Protocols like Diffie-Hellman Key Exchange Protocols should be used while interchanging secret keys over the network.
  • Quantum Cryptography can be used to prevent this attack.



So, beware of various security vulnerabilities, and stay safe, stay secured.

No comments:

Post a Comment