Home >Unlabelled > Know Attacks Man-in-the-Middle (MITM)
Know Attacks Man-in-the-Middle (MITM)
Posted on 11/02/2009
There have been many articles that discuss techniques ilmuhacking attack man in the middle (mitm), but I never explained in detail about what it mitm attack. Mitm attack is a type of attack is very dangerous and can happen anywhere, whether on websites, cell phones, as well as in traditional communications tools like mail correspondence. Therefore I think there needs to be a special article discussing mitm attack and no matter where the technical implementation.
Not Just Sniffing
Perhaps many who thought the purpose of mitm attack is to extract confidential data communications, such as sniffing. Sniffing can be called passive sniffing attack because the attacker did not doany action other than monitoring the data passing. It is true with mitm attack, an attacker can find out what was discussed by the two parties are communicating. But actually the biggest strength of mitm not sniffingnya ability, but the ability to intercept and modify communications mitm attack that could be called the type of active attack.
The figure below is a scenario that can be done with the attack mitm attacker.
In the picture there looks like 4 attacks that can be done with the MITM. Here is an explanation of the types of attacks in scenarios like the picture above.
* Sniffing: Charlie knows all the conversations between Alice and Bob.
* Intercepting: Charlie intercept a message from Alice when Alice wants to close the conversation with "Bob I'm going to sleep, Bye!". In this way Bob thinks Alice is still communicate with him.
* Tampering: Charlie alter response from Bob to Alice bob Paypal account to charlie.
* Fabricating: Charlie asked a number of social security number to Bob, when this question was never asked by Alice.
Mitm this way you can imagine how much potential damage can be done Charlie to Alice and Bob.
The attack happened Process Man-in-the-Middle
In mitm attack, an attacker would be in the middle of communication between two parties. The whole conversation going on between them should be through the attacker was in the middle. Attacker freely conduct surveillance, interception, modification and even falsified communication as I described earlier.
Now let us look at the process of MITM in case of Alice communicates with Bob. Charlie as the attacker will try to be in the middle between Alice and Bob. Charlie managed in order to be in the middle, then Charlie should:
* Masquerading as Bob before Alice
* Masquerading as Alice in front of Bob
In mitm, Alice thought was talking with Bob, when he was talking to Charlie. So is Bob, he thought was talking to Alice, when in fact he was talking to Alice. So in order to become one in the middle of Charlie must be disguised in the two sides, not just on one side only.
Why Alice and Bob can be trapped and deceived by Charlie? That's because Alice and Bob did not do authentication before communication. Alice ensure authentication will speak with Bob original, not the fake Bob played by Charlie. So also with authentication, Bob will speak with the original Alice, not the fake Alice played by Charlie.
Importance of Authentication: Who Are You Speaking With?
Authentication is the process to prove the identity of a subject, to people or machines. The process of proving identity seeorang many ways, but they can be grouped into 3 categories:
* What you know: a PIN, password, public key-pair private
* What you have: a smart card, key, USB dongle
* What you are: fingerprint, retina
Authentication briefly answer the question "Who are you speaking with?". The question was very important to know before the two parties to communicate. If the two parties to communicate without prior authentication, then they can get stuck talking to the wrong person, the person pretending to be his interlocutor. If until this happens the consequences can be fatal, one of which is the mitm attack.
When two people who already knew each other talked to in person, it can not be both trapped and deceived speak with the wrong people. Authentication becomes very important when the two sides talked through remote communication media such as telephone or internet. In the long-distance communication, we can only hear our speaker, so it is very likely we are talking to the wrong person.
So how to prevent MITM attacks is to perform authentication before communication. Even though the authentication performed by one party only, it is enough to prevent mitm. Let's look back to the example Alice, Bob and Charlie, if the authentication is only done by Bob, while Alice does not. The absence of authentication Alice, so Charlie could masquerade as Alice in front of Bob, but Charlie can not masquerade as Bob in front of Alice. Charlie Why can not disguise a Bob? Because Alice will test the authenticity of Bob with authentication, so disguises fake Charlie as Bob and Alice would be exposed would not want to continue communication.