Analysis of Man-in-the-Middle Attacks in Computer Networks Security

Verified

Added on 2020/04/21

AI Summary

This report provides a comprehensive literature review of Man-in-the-Middle (MITM) attacks within the context of computer network security. It explores the nature of MITM attacks, where an attacker intercepts communication between two parties without their knowledge, and the various forms these attacks can take. The report highlights vulnerabilities in Wi-Fi networks (WPA2), Address Resolution Protocol (ARP), TLS, fog computing, and Internet of Things (IoT) environments. It discusses how attackers exploit these vulnerabilities to eavesdrop on conversations, steal sensitive information, and compromise secure operations. The report references several research papers that investigate specific MITM attack methods, including ICMP MITM, DNS MITM, and cookie hijacking, and discusses the impact of these attacks on network security. It emphasizes the increasing threat posed by MITM attacks due to the proliferation of wireless devices and the need for robust security measures to protect against them.

Running head: COMPUTER NETWORK AND SECURITY
Computer Network and Security
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
COMPUTER NETWORK AND SECURITY
1. Literature Review-Man in middle Attack
Man in middle attack is a privacy attack on cryptography and computer security where an
attacker targets a conversation between two parties without their knowledge. The conversation
can be in form of email, social media, and web surfing. The attacker eavesdrop the conversation
in order to collect confidential information from the conversation. According to Aggarwal and
Nandi (2015), Wi-Fi or wireless networks are more vulnerable to a number of attacks including
the man in the middle attack due to the openness of the medium. A common vulnerability of hole
196 present in WPA2 or Wi-Fi protected access can be exploited by the attacker for accessing
the encrypted network.
Yang et al., (2012), investigate an Address Resolution Protocol spoofing, which is based
on the man in the middle attack. The man in the middle attack is a major malicious code attacks
that damage the industrial infrastructure directly. This type of attack is dangerous as it can
modify and compromise the secure and the reliable operation of wireless networks.
The scenario of man in the middle attack involves the attacker as the third party, and act
as an intercommunicating node between a server and the client. The attacker captures the
messages between a server and the client. The attacker then alters the messages before it reaches
the receiver (Kumar, Verma & Tomar, 2013). However, in case of a wireless domain, the shared
channel will require to undergo the association and disassociation phase for communication. This
attack is possible in ARP, as the response of the request packet is not authenticated and
therefore; any node is allowed on behalf of any other node can send a request in a network. The
attacker makes use of this vulnerability. Furthermore, the stateless nature of does not requires a
matching request and therefore, man in the middle attack is more prominent here.

2
COMPUTER NETWORK AND SECURITY
Zhao and Ge, (2013), discusses that the man in the middle attack is prominent in smart
objects such as Internet of Things as well. It is generally assumed that no third party is able to
intercept the messages of two communicating parties in an IOT environment. This type of attack
is dangerous as the attacker can even track an object’s location using this method that can give
rise to privacy risks for the user of Internet of Things. The attacker after getting access to the
IOT environment may attempt to extract the security information and misuse it.
Man in the middle attack is prominent in TLS as well, which is an essential building
block for virtual private networks. The security in TLS mainly deals with authentication and key
exchange. Absence of proper security in key exchange results in man in the middle attack. The
security in the key exchange process in TLS is mainly achieved using Public Key Infrastructure
or PKI (de la Hoz et al., 2014). Researches prove that man in the middle attack on PKIs has
considerably increased over the years. This is because the attackers make use of the vulnerability
of classical PKI model. A number of security concerns have arisen over the years, which proves
that TLS is prone to man-in-the middle attacks.
Man in the middle attack is prominent in fog computing as well. In this particular attack,
the gateways, that serve as fog devices are targeted and are compromised or replaced by the fake
ones. Furthermore, it is impossible for the traditional anomaly detection method to detect or
expose the man in the middle attacks (Lee et al., 2015). Encryption is not a feasible option in
preventing this attack in fog computing as it is tough to establish communication between fog
node and IOT devices with the help of encryption.
With the increase in the number of wireless users with the increase in availability of the
mobile devices in lower costs, the man in the middle attack posses a real threat to the wireless

3
COMPUTER NETWORK AND SECURITY
network security. The attacker, on gaining the control over the system collects the packets
coming from the sender and channelize to the receiver after recording the packet stream. There is
no data loss between the system and therefore, the sender or receiver cannot identify the threat.
In this attack, ARP poisoning is widely used, where the attacker working on the same local area
network of that of the victims steals information of data sessions. Various methods are used for
implementing a man in the middle attack, which are ICMP MITM, DNS MITM, DHCP MITM,
cookie hijacking, SSL MITM and so on (Noor & Hassan, 2013).
In ICMP, attacker at first pings the whole subnet to find out the hosts that are down and
then waits for the hosts to be pinged by others. DNS on other hand sniffs the traffic on network
by ARP spoofing. Cookie hijacking makes use of certain cookie stealing scripts to steal the
cookie data (Sheldon et al., 2012). Therefore, it can be said that man in the middle attack is more
prominent in wireless network security.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
COMPUTER NETWORK AND SECURITY
References
Agarwal, M., Biswas, S., & Nandi, S. (2015). Advanced stealth man-in-the-middle attack in
wpa2 encrypted wi-fi networks. IEEE Communications Letters, 19(4), 581-584.
de la Hoz, E., Cochrane, G., Moreira-Lemus, J. M., Paez-Reyes, R., Marsa-Maestre, I., &
Alarcos, B. (2014, June). Detecting and defeating advanced man-in-the-middle attacks
against TLS. In Cyber Conflict (CyCon 2014), 2014 6th International Conference
On (pp. 209-221). IEEE.
Kumar, R., Verma, S., & Tomar, G. S. (2013). Thwarting address resolution protocol poisoning
using man in the middle attack in WLAN. International Journal of Reliable Information
and Assurance, 1(1), 8-19.
Lee, K., Kim, D., Ha, D., Rajput, U., & Oh, H. (2015, September). On security and privacy
issues of fog computing supported Internet of Things environment. In Network of the
Future (NOF), 2015 6th International Conference on the (pp. 1-3). IEEE.
Noor, M. M., & Hassan, W. H. (2013). Wireless networks: developments, threats and
countermeasures. International Journal of Digital Information and Wireless
Communications (IJDIWC), 3(1), 125-140.
Sheldon, F. T., Weber, J. M., Yoo, S. M., & Pan, W. D. (2012). The insecurity of wireless
networks. IEEE Security & Privacy, 10(4), 54-61.
Yang, Y., McLaughlin, K., Littler, T., Sezer, S., Im, E. G., Yao, Z. Q., ... & Wang, H. F. (2012).
Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in smart
grid SCADA systems.

5
COMPUTER NETWORK AND SECURITY
Zhao, K., & Ge, L. (2013, December). A survey on the internet of things security.
In Computational Intelligence and Security (CIS), 2013 9th International Conference
on (pp. 663-667). IEEE.