One of the most dangerous and well known threats in cyber security is the Man in the middle attack. Abbreviated as MitM or MiM attack, in this type of attack the attacker intrudes into the communication pathway of two parties, relays and then alters the communication happening between the two parties while keeping them oblivious to the presence of the attacker. Such an attack can happen only when the man-in-the-middle (the attacker) can successfully impersonate each endpoint to their satisfaction as expected from the legitimate other end.
Now Suppose there are two legitimate parties by the name Adam and Charlie while Barney is the name of man-in-the-middle i.e. the attacker and has intruded into the communication channel in a way that he can intercept the messages from both legitimate ends.
- Adam sends a message to Charlie “ Hey Charlie, Please send me your encryption key so that i can tell you the secret details”
- The above message is intercepted by Barney who relays it to Charlie.
- Charlie doesn’t suspect anything as message seems to come from Adam.
- Charlie replies with the encryption key which is intercepted by Barney.
- Barney replaces the Charlie’s encryption key with his own and sends it to Adam.
- Adam receives the message from Barney. He doesn’t suspect anything as it seems to come from Charlie.
- Adam encrypts his message with that of Barney’s encryption key and send it back to Charlie.
- Barney intercepts the message again, decrypts it and then encrypts it with Charlie’s key and send him the message.
- This way communication occurs between Adam and Charlie but is intercepted and modified by Barney. Barney can even forward totally misguiding messages to either of the legitimate endpoints of the communication.
There is a famous Chess analogy that is used to explain these kind of attacks. It goes like this “Barney who doesn’t know how to play chess, claims that he can play two grand masters (Adam and Charlie) simultaneously and either win on game or draw both. He waits for Adam to make the first move and whatever move Adam makes, he makes the same move to Charlie. The returning move of Charlie is copied and pasted by Barney to Adam. This way he ensures that he will not lose the match.
How do I stop Man-in-the-middle attack?
The technique used by the attacker to trick one legitimate endpoint to believe that they are talking to other legitimate end point is known as ARP Spoofing or Address Resolution Protocol Spoofing. It is quite difficult to tackle ARP spoofing using conventional security tools. However, difficulty for the attacker can be increased by using encrypted network connections provided by HTTPS or VPN technology.
The HTTPS technology uses the secure sockets layer (SSL) capability in the browser to hide your web-based network traffic from attackers. The Virtual Private Network (VPN) client also works in somewhat similar fashion. Some VPNs do use SSL but to use that security layer you need to connect to VPN access point. Both HTTPS and VPN encrypt your communication and make it difficult if not impossible for the attacker to intercept. The HTTPS also makes your browser to use certificates for verification of the servers you are communicating with. These certificates are verified by highly reputable third party authority companies like VeriSign. Incase your browser does not recognize the authority of the certificate sent from a particular server, then you will see a message indicating that the server’s certificate cannot be trusted. This means it might be coming from the attacker. Do not proceed to communicate with such a connection.