Man in the middle attack

From open-encyclopedia.com - the free encyclopedia.

In cryptography, a man in the middle attack (MITM) is an attack in which an attacker is able to read, and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims.

In connection with public keys, such an attack might look as follows:

Suppose Alice wishes to communicate with Bob, and that Mallory wishes to eavesdrop on the conversation, or possibly deliver a false message to Bob. To get started, Alice must ask Bob for his public key. If Bob sends his public key to Alice, but Mallory is able to intercept it, a man in the middle attack can begin. Mallory can simply send Alice a public key for which he has the private, matching, key. Alice, believing this public key to be Bob's, then encrypts her message with Mallory's key and sends the encyphered message back to Bob. Mallory again intercepts, decyphers the message, keeps a copy, and reencyphers it (after alteration if desired) using the public key Bob originally sent to Alice. When Bob receives the newly encyphered message, he will believe it came from Alice. A similar attack is possible, in principle, against any message sent using public key technology, including data packets carried on computer networks.

The possibility of a "man in the middle" attack remains a serious security problem for public-key based cryptosystems. A widely used mechanism for defeating such attacks is the use of digitally signed keys: if Bob's key is signed by a trusted third party vouching for his identity, Alice can have considerable confidence that a signed key she receives is not an attempt to intercept by Mallory. Such signed keys (eg, signed by a certificate authority) are one of the primary mechanisms used for secure world wide web traffic (eg, HTTPS SSL or Transport Layer Security protocols). However, lack of care in endorsing the match between identity information and public keys by certificate authorities is a problem for these systems.

While this example focuses on the MITM attack in a cryptographic context, MITM should be seen as a general problem resulting from any use of intermediate parties acting as a proxy for the clients on either side. If they are trustworthy and competent, all may be well; if they are not, nothing will be. How can one distinguish the cases? By acting as a proxy and appearing as the trusted client to each side the intermediate attacker can carry out much mischief, including various attacks against the confidentiality or integrity of the data passing through it.

Man in the middle attack

See also