Man-In-The-Middle Attack Prevention
In computer cryptography and cybersecurity, a man-in-the-middle attack is characterized by the presence of a foreign between two communicating parties. The third party is privy to every piece of information that is carried out and has the capability to alter the contents.
A common example of a man-in-the-middle attack involves the attacker placing himself between an unencrypted Wi-Fi and other clients. The attacker can then monitor the online activities of every client and even exhibit control over the network.
The attacker either impersonates the authentication procedure necessary for access or bypasses it altogether due to the presence of vulnerabilities. The attacker then successfully impersonates the endpoints of the network and appears completely legitimate. Most connections and protocols today employ cryptographic techniques that provide secure endpoint authentication and prevents such man-in-the-middle attacks.
PREVENTING MAN-IN-THE-MIDDLE ATTACKS
There are two basic steps for stopping man-in-the-middle attacks: authentication and tamper-detection.
- Authentication - Most modern cryptographic techniques that are used to prevent MITM attacks employ the use of public keys combined with a secure message. This “key-agreement protocol” takes place over secure channels although recent developments have eliminated the need for such channels. The paradigm of the public key procedure such as “transport layer security” results in a more secure “transmission control protocol” and thus prevents MITM attacks. Such key structures employ security certificates which are exchanged between the clients and servers. These certificates are verified by a third-party body known as the CA or certificate authority. Another method known as HTTP-pinning helps protect against MITM attacks when the CA authority itself has been breached. The servers generate a list of hashed “pinned” keys which are generated for every communication.
- Tamper-detection - MITM attacks can be detected with latency examination especially those such as hash functions. The disturbances in response times for various signals can be noted. By comparing them with the set standard and after observing repeated patterns of such discrepancies in response times, a confirmation regarding MITM breach can be generated. Digital forensics can be combined with tamper detection methods to identify compromised sectors of the network.
While the methods of carrying out man-in-the-middle attacks are diverse and growing, with developments in quantum computing such as quantum cryptography can provide better authentication techniques. Quantum cryptography uses no-cloning algorithms which are completely tamper-proof. One example of a quantum authentication cryptography is the Wegman-Carter authentication which secures all communications through a linked system.