Man-in-the-middle attack
Encyclopedia
In cryptography
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...

, the man-in-the-middle attack (often abbreviated MITM), bucket-brigade attack, or sometimes Janus
Janus
-General:*Janus , the two-faced Roman god of gates, doors, doorways, beginnings, and endings*Janus , a moon of Saturn*Janus Patera, a shallow volcanic crater on Io, a moon of Jupiter...

 attack
, is a form of active eavesdropping
Eavesdropping
Eavesdropping is the act of secretly listening to the private conversation of others without their consent, as defined by Black's Law Dictionary...

 in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi
Wi-Fi
Wi-Fi or Wifi, is a mechanism for wirelessly connecting electronic devices. A device enabled with Wi-Fi, such as a personal computer, video game console, smartphone, or digital audio player, can connect to the Internet via a wireless network access point. An access point has a range of about 20...

 wireless access point
Wireless access point
In computer networking, a wireless access point is a device that allows wireless devices to connect to a wired network using Wi-Fi, Bluetooth or related standards...

, can insert himself as a man-in-the-middle).

A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other—it is an attack on mutual authentication
Mutual authentication
Mutual authentication or two-way authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the...

. Most cryptographic protocols include some form of endpoint authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...

 specifically to prevent MITM attacks. For example, SSL
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...

 authenticates the server using a mutually trusted certification authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...

.

Need for additional transfer over a secure channel

With the exception of Interlock Protocol
Interlock Protocol
The interlock protocol, as described by Ron Rivest and Adi Shamir, was designed to frustrate eavesdropper attack against two parties that use an anonymous key exchange protocol to secure their conversation...

, all cryptographic systems that are secure against MITM attacks require an additional exchange or transmission of information over some kind of secure channel
Secure channel
In cryptography, a secure channel is a way of transferring data that is resistant to interception and tampering.A confidential channel is a way of transferring data that is resistant to interception, but not necessarily resistant to tampering....

. Many key agreement methods have been developed, with different security requirements for the secure channel.

Example of an attack

Suppose Alice
Alice and Bob
The names Alice and Bob are commonly used placeholder names for archetypal characters in fields such as cryptography and physics. The names are used for convenience; for example, "Alice sends a message to Bob encrypted with his public key" is easier to follow than "Party A sends a message to Party...

 wishes to communicate with Bob
Alice and Bob
The names Alice and Bob are commonly used placeholder names for archetypal characters in fields such as cryptography and physics. The names are used for convenience; for example, "Alice sends a message to Bob encrypted with his public key" is easier to follow than "Party A sends a message to Party...

. Meanwhile, Mallory wishes to intercept the conversation to eavesdrop and possibly deliver a false message to Bob .

First, Alice asks Bob for his public key
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...

. If Bob sends his public key to Alice, but Mallory is able to intercept it, a man-in-the-middle attack can begin. Mallory sends a forged message to Alice that claims to be from Bob, but instead includes Mallory's public key.

Alice, believing this public key to be Bob's, encrypts her message with Mallory's key and sends the enciphered message back to Bob. Mallory again intercepts, deciphers the message using her private key, possibly alters it if she wants, and re-enciphers it using the public key Bob originally sent to Alice. When Bob receives the newly enciphered message, he believes it came from Alice.

1. Alice sends a message to Bob, which is intercepted by Mallory:
Alice "Hi Bob, it's Alice. Give me your key"--> Mallory Bob

2. Mallory relays this message to Bob; Bob cannot tell it is not really from Alice:
Alice Mallory "Hi Bob, it's Alice. Give me your key"--> Bob

3. Bob responds with his encryption key:
Alice Mallory <--[Bob's_key] Bob

4. Mallory replaces Bob's key with her own, and relays this to Alice, claiming that it is Bob's key:
Alice <--[Mallory's_key] Mallory Bob

5. Alice encrypts a message with what she believes to be Bob's key, thinking that only Bob can read it:
Alice "Meet me at the bus stop!"[encrypted with Mallory's key]--> Mallory Bob

6. However, because it was actually encrypted with Mallory's key, Mallory can decrypt it, read it, modify it (if desired), re-encrypt with Bob's key, and forward it to Bob:
Alice Mallory "Meet me in the windowless van at 22nd Ave!"[encrypted with Bob's key]--> Bob

7. Bob thinks that this message is a secure communication from Alice.

This example shows the need for Alice and Bob to have some way to ensure that they are truly using each other's public keys
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...

, rather than the public key of an attacker. Otherwise, such attacks are generally possible, in principle, against any message sent using public-key technology. Fortunately, there are a variety of techniques that help defend against MITM attacks.

Defenses against the attack

Various defenses against MITM attacks use authentication techniques that are based on:
  • Public key infrastructure
    Public key infrastructure
    Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...

    s
  • Stronger mutual authentication
    Mutual authentication
    Mutual authentication or two-way authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the...

    , such as:
    • Secret keys (which are usually high information entropy secrets, and thus more secure), or
    • Passwords (which are usually low information entropy secrets, and thus less secure)
  • Latency examination, such as with long Cryptographic hash function
    Cryptographic hash function
    A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...

     calculations that lead into tens of seconds; if both parties take 20 seconds normally, and the calculation takes 60 seconds to reach each party, this can indicate a third party
  • Second (secure) channel verification
  • One-time pads
    One-time pad
    In cryptography, the one-time pad is a type of encryption, which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key of the same length as the plaintext, resulting...

     are immune to MITM attacks, assuming the security and trust of the one-time pad.
  • Carry-forward verification
  • Testing is being carried out on deleting compromised certificates from issuing authorities on the actual computers and compromised certificates are being exported to sandbox area before removal for analysis

The integrity of public keys must generally be assured in some manner, but need not be secret. Passwords and shared secret keys have the additional secrecy requirement.
Public keys can be verified by a Certificate Authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...

, whose public key is distributed through a secure channel (for example, with a web browser or OS installation).
Public keys can also be verified by a web of trust
Web of trust
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure ,...

 that distributes public keys through a secure channel (for example by face-to-face meetings).

See key-agreement protocol
Key-agreement protocol
In cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome. If properly done, this precludes undesired third-parties from forcing a key choice on the agreeing parties...

 for a classification of protocols that use various forms of keys and passwords to prevent man-in-the-middle attacks.

Forensic analysis of MITM attacks

Captured network traffic
Packet capture
Packet capture is the act of capturing data packets crossing a computer network. Deep packet capture is the act of capturing, at full network speed, complete network packets crossing a network with a high traffic rate...

 from what is suspected to be a MITM attack can be analyzed in order to determine if it really was a MITM attack or not.
Important evidence to analyze when doing network forensics
Network forensics
Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and...

 of a suspected SSL
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...

 MITM attack include:
  • IP address of the server
  • DNS name of the server
  • X.509
    X.509
    In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...

     certificate of the server
    • Is the certificate self signed?
    • Is the certificate signed by a trusted CA?
    • Has the certificate been revoked?
    • Has the certificate been changed recently?
    • Do other clients, elsewhere on the Internet, also get the same certificate?

Quantum cryptography

Quantum cryptography
Quantum cryptography
Quantum key distribution uses quantum mechanics to guarantee secure communication. It enables two parties to produce a shared random secret key known only to them, which can then be used to encrypt and decrypt messages...

 protocols typically authenticate part or all of their classical communication with an unconditionally secure authentication scheme (e.g. Wegman-Carter authentication).

Beyond cryptography

MITM should be seen as a general problem resulting from the presence of intermediate parties acting as proxy for clients on either side. If they are trustworthy and competent, all may be well; if they are not, nothing will be. How can one distinguish the cases? By acting as a proxy and appearing as the trusted client to each side, the intermediate attacker can carry out much mischief, including various attacks against the confidentiality or integrity of the data passing through it.

A notable non-cryptographic man-in-the-middle attack was perpetrated by one version of a Belkin
Belkin
Belkin International, Inc., is a Californian manufacturer of computer hardware that specializes in connectivity devices, headquartered in Playa Vista, Los Angeles, California...

 wireless network
IEEE 802.11
IEEE 802.11 is a set of standards for implementing wireless local area network computer communication in the 2.4, 3.6 and 5 GHz frequency bands. They are created and maintained by the IEEE LAN/MAN Standards Committee . The base version of the standard IEEE 802.11-2007 has had subsequent...

 router in 2003. Periodically, it would take over an HTTP
Hypertext Transfer Protocol
The Hypertext Transfer Protocol is a networking protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web....

 connection being routed through it: this would fail to pass the traffic on to destination, but instead itself respond as the intended server. The reply it sent, in place of the web page the user had requested, was an advertisement for another Belkin product. After an outcry from technically-literate users, this 'feature' was removed from later versions of the router's firmware
Firmware
In electronic systems and computing, firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices...

.

Another example of a non-cryptographic man-in-the-middle attack is the "Turing
Turing test
The Turing test is a test of a machine's ability to exhibit intelligent behaviour. In Turing's original illustrative example, a human judge engages in a natural language conversation with a human and a machine designed to generate performance indistinguishable from that of a human being. All...

 porn farm." Brian Warner says this is a "conceivable attack" that spammers
Spam (electronic)
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...

 could use to defeat CAPTCHA
CAPTCHA
A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer asking a user to complete a simple test which the computer is able to generate and grade...

s. The spammer sets up a pornographic web site
Internet pornography
Internet pornography is pornography that is distributed by means of various sectors of the Internet, primarily via websites, peer-to-peer file sharing, or Usenet newsgroups...

 where access requires that the user solves the CAPTCHAs in question.
However, Jeff Atwood
Jeff Atwood
Jeff Atwood is a software developer, book author, podcaster and writer of the popular blog Coding Horror. Together with Joel Spolsky, he founded the question-and-answer website network Stack Exchange, which includes Stack Overflow for programmers, Server Fault for system administrators, and Super...

 points out that this attack is merely theoretical — there was no evidence by 2006 that any spammer had ever built a Turing porn farm. However, as reported in an October, 2007 news story, spammers have indeed built a Windows game in which users type in CAPTCHAs acquired from the Yahoo webmail service, and are rewarded with pornographic pictures. This allows the spammers to create temporary free email accounts with which to send out spam.

Implementations

  • dsniff - A tool for SSH and SSL MITM attacks
  • Cain - A Windows GUI tool which can perform MITM attacks, along with sniffing and ARP poisoning
  • Ettercap - A tool for LAN based MITM attacks
  • Karma - A tool that uses 802.11 Evil Twin attacks to perform MITM attacks
  • AirJack - A tool that demonstrates 802.11 based MITM attacks
  • SSLStrip A tool for SSL based MITM attacks.
  • SSLSniff A tool for SSL based MITM attacks. Originally was made to exploit a flaw in Internet Explorer
    Internet Explorer
    Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...

    .
  • Mallory - A transparent TCP and UDP MiTMing proxy. Extensible to MiTM SSL, SSH, and many other protocols.
  • wsniff - A tool for 802.11 HTTP
    Hypertext Transfer Protocol
    The Hypertext Transfer Protocol is a networking protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web....

    /HTTPS
    Https
    Hypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server...

     based MITM attacks
  • an additional card reader
    Card reader
    A card reader is a data input device that reads data from a card-shaped storage medium. Historically, paper or cardboard punched cards were used throughout the first several decades of the computer industry to store information and programs for computer system, and were read by punched card readers...

     and a method to intercept key-presses on an Automated teller machine
    Automated teller machine
    An automated teller machine or automatic teller machine, also known as a Cashpoint , cash machine or sometimes a hole in the wall in British English, is a computerised telecommunications device that provides the clients of a financial institution with access to financial transactions in a public...


See also

  • Examples
    • Aspidistra transmitter
      Aspidistra (transmitter)
      Aspidistra was a British mediumwave radio transmitter used for black propaganda and military deception purposes against Nazi Germany during World War II. At one time, it was the most powerful broadcast transmitter in the world...

       — A British radio transmitter used for World War II
      World War II
      World War II, or the Second World War , was a global conflict lasting from 1939 to 1945, involving most of the world's nations—including all of the great powers—eventually forming two opposing military alliances: the Allies and the Axis...

       “intrusion” operations, an early man-in-the-middle attack.
    • Babington Plot
      Babington Plot
      The Babington Plot was a Catholic plot in 1586 to assassinate Queen Elizabeth, a Protestant, and put Mary, Queen of Scots, a Catholic, on the English throne. It led to the execution of Mary. The long-term goal was an invasion by the Spanish forces of King Philip II and the Catholic league in...

       — The plot against Elizabeth I of England
      Elizabeth I of England
      Elizabeth I was queen regnant of England and Ireland from 17 November 1558 until her death. Sometimes called The Virgin Queen, Gloriana, or Good Queen Bess, Elizabeth was the fifth and last monarch of the Tudor dynasty...

      , where Walsingham
      Francis Walsingham
      Sir Francis Walsingham was Principal Secretary to Elizabeth I of England from 1573 until 1590, and is popularly remembered as her "spymaster". Walsingham is frequently cited as one of the earliest practitioners of modern intelligence methods both for espionage and for domestic security...

       intercepted the correspondence.
  • Other attacks
    • Man in the Browser
      Man in the Browser
      Man-in-the-Browser , a form of Internet threat related to Man-in-the-Middle , is a trojan that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application...

       — An attack by corrupting a web browser.
    • Meet-in-the-middle attack
      Meet-in-the-middle attack
      The meet-in-the-middle attack is a cryptographic attack which, like the birthday attack, makes use of a space-time tradeoff. While the birthday attack attempts to find two values in the domain of a function that map to the same value in its range, the meet-in-the-middle attack attempts to find a...

       — An attempt to break a two-stage encryption by finding a match between the results of the first stage and the results of the inverse of the second stage.
    • Miss in the middle attack – An efficient technique in impossible differential cryptanalysis
      Impossible differential cryptanalysis
      In cryptography, impossible differential cryptanalysis is a form of differential cryptanalysis for block ciphers. While ordinary differential cryptanalysis tracks differences that propagate through the cipher with greater than expected probability, impossible differential cryptanalysis exploits...

      , i.e. cryptanalysis based on excluding certain behaviours in the encryption.
    • Relay attack
      Relay attack
      A Relay attack is a type of attack related to man-in-the-middle and replay attacks, in which an attacker relays verbatim a message from the sender to a valid receiver of the message...

       — An variant of a man-in-the-middle attack based on relaying an intercepted message verbatim to a valid but unintended recipient.
    • Rootkit
      Rootkit
      A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...

       — subversion of an entire operating system, notably to hide keyloggers that intercept credentials
    • Typhoid adware
      Typhoid adware
      Typhoid adware is a new potential type of computer security threat identified by researchers from the University of Calgary which does not require the affected computer to have adware installed in order to display advertisements on this computer...

  • Background
    • Computer security
      Computer security
      Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...

       — The design of secure computer systems.
    • Cryptanalysis
      Cryptanalysis
      Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key...

       — The art of deciphering encrypted messages with incomplete knowledge of how they were encrypted.
    • Digital signature
      Digital signature
      A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...

       — A cryptographic guarantee of the authenticity of a text, usually the result of a calculation only the author is expected to be able to perform.
    • Interlock Protocol
      Interlock Protocol
      The interlock protocol, as described by Ron Rivest and Adi Shamir, was designed to frustrate eavesdropper attack against two parties that use an anonymous key exchange protocol to secure their conversation...

       — A specific protocol to circumvent a man-in-the-middle attack when the keys may have been compromised.
    • Key management
      Key management
      Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.Key management concerns...

       — How to manage cryptographic keys, including generation, exchange and storage.
    • Key-agreement protocol
      Key-agreement protocol
      In cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome. If properly done, this precludes undesired third-parties from forcing a key choice on the agreeing parties...

       — A protocol
      Cryptographic protocol
      A security protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.A protocol describes how the algorithms should be used...

       for establishing a key in which both parties can have confidence.
    • Mutual authentication
      Mutual authentication
      Mutual authentication or two-way authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the...

       — How communicating parties establish confidence in one another's identities.
    • Password-authenticated key agreement
      Password-authenticated key agreement
      In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...

       — A protocol for establishing a key using a password.
    • Quantum cryptography
      Quantum cryptography
      Quantum key distribution uses quantum mechanics to guarantee secure communication. It enables two parties to produce a shared random secret key known only to them, which can then be used to encrypt and decrypt messages...

       — The use of quantum mechanics
      Quantum mechanics
      Quantum mechanics, also known as quantum physics or quantum theory, is a branch of physics providing a mathematical description of much of the dual particle-like and wave-like behavior and interactions of energy and matter. It departs from classical mechanics primarily at the atomic and subatomic...

       to provide security in cryptography (while older methods rely on one-way function
      One-way function
      In computer science, a one-way function is a function that is easy to compute on every input, but hard to invert given the image of a random input. Here "easy" and "hard" are to be understood in the sense of computational complexity theory, specifically the theory of polynomial time problems...

      s).
    • Secure channel
      Secure channel
      In cryptography, a secure channel is a way of transferring data that is resistant to interception and tampering.A confidential channel is a way of transferring data that is resistant to interception, but not necessarily resistant to tampering....

      — A way of communicating resistant to interception and tampering.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK