Muteeb Bin Muzammil,Muhammad Bilal,Sahar Ajmal,Sandile C. Shongwe,Yazeed Y. Ghadi

DOI: https://doi.org/10.1109/access.2024.3350444

IF: 3.9

2024-01-01

IEEE Access

Abstract:The current era extensively utilizes the Internet, which uses data. Due to the apparent open-access Internet service, this data is highly vulnerable to attacks. Data privacy is affected by Web-based attacks. This Systematic Literature Review (SLR) focuses on two Web-based attacks: Man-In-The-Middle and session hijacking. It reviews about 30 studies from the years 2016–2023 that have been selected utilizing a proper study selection procedure. This SLR comprises three research questions. The first describes the overall trends in Man-In-The-Middle attacks and session hijacking studies. It shows that 7 articles were published in 2018, and the trend is decreasing to 4 articles by 2021. Moreover, 73% articles are published in conference venues, and India is the top contributor in this domain. Lastly, this question elaborated that IEEE is the top contributor as a publisher. The second addresses the sorts of attacks used by Man-In-The-Middle attacks and session hijacking on Transmission Control Protocol / Internet Protocol (TCP/IP). This demonstrates that Man-In-The-Middle attacks invade all layers and session hijacking attacks on only two, that is, the application and network layer. The third research question discusses the solutions provided by different studies to deal with Man-In-The-Middle attacks and session hijacking. In conclusion, this analysis highlights the need for stronger cybersecurity measures against Man-in-the-Middle and session hijacking assaults in the Internet era by revealing evolving trends, contributors, and solutions in data privacy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Muneer Alwazzeh,Sameer Karaman,Mohammad Nur Shamma

DOI: https://doi.org/10.13052/jcsm2245-1439.933

2020-07-01

Journal of Cyber Security and Mobility

Abstract:Network security and related issues have been discussed thoroughly in this paper, especially at transport layer security network protocol, which concern with confidentiality, integrity, availability, authentication, and accountability. To mitigate and defeat Man-in-the-middle-attacks, we have proposed a new model which consists of sender and receiver systems and utilizes a combination of blowfish (BF) and Advanced Encryption Standard (AES) algorithms, symmetric key agreement to distribute public keys, Elliptic Curve Cryptography (ECC) to create secret key, and then Diffe Hellman (DH) for key exchange. Both SHA-256 hashing and Elliptic Curve Digital Signature Algorithm (ECDSA) have been applied for integrity, and authentication, respectively.

Kevin Benton,Ty Bross

DOI: https://doi.org/10.48550/arXiv.1308.3559

2013-08-16

Abstract:Man in the middle attacks are a significant threat to modern e-commerce and online communications, even when such transactions are protected by TLS. We intend to show that it is possible to detect man-in-the-middle attacks on SSL and TLS by detecting timing differences between a standard SSL session and an attack we created.

Cryptography and Security

Hamidreza Fereidouni,Olga Fadeitcheva,Mehdi Zalai

2023-08-05

Abstract:This paper provides an overview of the Internet of Things (IoT) and its significance. It discusses the concept of Man-in-the-Middle (MitM) attacks in detail, including their causes, potential solutions, and challenges in detecting and preventing such attacks. The paper also addresses the current issues related to IoT security and explores future methods and facilities for improving detection and prevention mechanisms against MitM.

Cryptography and Security

Le Wang,Alexander M. Wyglinski

DOI: https://doi.org/10.1002/wcm.2527

2014-10-01

Wireless Communications and Mobile Computing

Abstract:Abstract Compared with a wired network, a wireless network is not protected by the cable transmission medium. Information is broadcasted over the air and it can be intercepted by anyone within the transmission range. Even though the transmissions could potentially be protected by security authentication mechanisms, malicious users can still intercept the information by mimicking the characteristics of normal user or a legitimate access point. This scenario is referred as a man‐in‐the‐middle (MITM) attack. In the MITM attack, the attackers can bypass the security mechanisms, intercept the unprotected transmission packets, and sniff the information. Because of several vulnerabilities in the IEEE 802.11 protocol, it is difficult to defend against a wireless MITM attack. In this paper, a received signal strength indicator (RSSI)‐based detection mechanism for MITM attacks is proposed. RSSI information is an arbitrary integer that indicates the power level being received by the antenna. The random RSSI values are processed via a sliding window, yielding statistic information about the signal characteristics such as mean and standard deviation profiles. By analyzing those profiles, the detection mechanism can detect if a rogue access point, the key component of an MITM attack, is launched. Our proposed approach has been validated via hardware experimentation using Backtrack 5 tools and MATLAB software suite. Copyright © 2014 John Wiley & Sons, Ltd.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiancun Zhou,Yan Xiong,Renjin Liu

DOI: https://doi.org/10.1007/978-3-642-34041-3_1

2012-01-01

Abstract:It is provided that a security analysis on Liaw-Lin-Wu's remote user authentication scheme. Our analysis shows the scheme is vulnerable to Man-in-the-middle attack. What's more, there are obvious security vulnerabilities in it. An improved remote user authentication scheme based on Diffie-Hellman key exchange protocol is proposed. Analysis shows the scheme is secure not only to achieve mutual authentication, but also to generate a session key in the same time. It has overcome security deficiencies of Liaw-Lin-Wu's scheme. It is efficient and practical.

JIA Jing,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.04.043

2007-01-01

Abstract:SSL protocol has been one of the key technologies for realizing secure communication in internet, it plays a has the function in encrypting and authenticating information transmission, however SSL may not be a flawless protocol. The paper first introduces SSL protocol and man-in-the-middle attack, then analyses the problem of distrust in the handshake of SSL protocol, discusses the restriction of trust negotiation based on X.509 digital certificate, and makes a concrete analysis of the principle of ssl man-in-the-middle attack based on arp redirection. Finally, the paper gives some suggestions on how to prevent the attack.

Abba Garba,Zhi Guan,Anran Li,Zhong Chen

DOI: https://doi.org/10.5220/0006864005540561

2018-01-01

Abstract:In cryptocurrency systems such as Bitcoin, user use string-hashes from public keys, that look like random strings, to receive payments. Unfortunately, there is no authority to verify user identity. Normally a user cannot prove the address binds with her real identity. Technically, a victim could get a tampered address and pay coins to this tampered address. In this paper, we report on the large-scale of Bitcoin addresses, including secured and unsecured merchants websites, exchange platforms, online chat forums, social channels and blogs. We illustrate our data through a range of graphs based on transaction distribution. Our analysis consists of crawling many web pages related to cryptocurrency transactions. We scrap the web pages by persing 10,0045 bitcoin addresses related to merchants or individuals that receive bitcoin in their websites directly. We determine how many addresses are subject to Man-in-the-middle of attack in our analysis. We review some countermeasures from best practices of Bitcoin transactions.

Wu Liu,Donghong Sun,Ping Ren,Zailiang Tang

DOI: https://doi.org/10.1109/icecc.2012.174

2012-01-01

Abstract:Although widely deployed in recent years, the IPv6 protocols still have many security problems, especially the Man-In-The-Middle Attack in Local Area Network. This paper presents an IPv6 Man-In-The-Middle Attack test system to help user aware the security risks, and design a defending tool using DNSSEC to avoid Man-In-The-Middle attack in IPv6 Networks.

Chao Dong,Hui Li,Zhe-Ming Lu,Hong-Wa Yang,Gao-Feng Pan

DOI: https://doi.org/10.1109/IMCCC.2012.190

2012-01-01

Abstract:A MANET is an emerging technology which is the important technical foundation to support pervasive computing and future mobile communication systems. It has become a hot research topic due to its flexibility. With the extensive applications of MANET, security becomes severe and faces new challenges. In MANET, security attacks are particularly serious. In this paper, we provide an overview of network confrontation in MANETs. We investigate some common attacks as well as countermeasures against such attacks in MANETs.

Xuewei Feng,Qi Li,Kun Sun,Yuxiang Yang,Ke Xu

DOI: https://doi.org/10.1109/sp46215.2023.10179441

2023-01-01

Abstract:Modern Wi-Fi networks are commonly protected by the security mechanisms, e.g., WPA, WPA2 or WPA3, and thus it is difficult for an attacker (a malicious supplicant) to hijack the traffic of other supplicants as a man-in-the-middle (MITM). In traditional Evil Twins attacks, attackers may deploy a bogus wireless access point (AP) to hijack the victim supplicants' traffic (e.g., stealing credentials). In this paper, we uncover a new MITM attack that can evade the security mechanisms in Wi-Fi networks by spoofing the legitimate AP to send a forged ICMP redirect message to a victim supplicant and thus allow attackers to stealthily hijack the traffic from the victim supplicant without deploying any bogus AP. The core idea is to misuse the vulnerability of cross-layer interactions between WPAs and ICMP protocols, totally evading the link layer security mechanisms enforced by WPAs. We resolve two requirements to successfully launch our attack. First, when the attacker spoofs the legitimate AP to craft an ICMP redirect message, the legitimate AP cannot recognize and filter out those forged ICMP redirect messages. We uncover a new vulnerability (CVE-2022-25667) of the Network Processing Units (NPUs) in AP routers that restrict the AP routers from blocking fake ICMP error messages passing through the router. We test 55 popular wireless routers from 10 well-known AP vendors, and none of these routers can block the forged ICMP redirect messages due to this vulnerability. Second, we develop a new method to ensure the forged ICMP redirect message can evade the legitimacy check of the victim supplicant and then poison its routing table. We conduct an extensive measurement study on 122 real-world Wi-Fi networks, covering all prevalent Wi-Fi security modes. The experimental results show that 109 out of the 122 (89%) evaluated Wi-Fi networks are vulnerable to our attack. Besides notifying the vulnerability to the NPU manufacturers and the AP vendors, we develop two countermeasures to throttle the identified attack.

Haider Salim,Zhitang Li

DOI: https://doi.org/10.1109/mitp.2019.2956131

2021-01-01

IT Professional

Abstract:Internet protocol (IP) is a part of the Transmission Control Protocol (TCP) /IP suite that operates below the network layer of the Open Systems Interconnection (OSI) reference model and is employed as an interface between the network and data link layer. The address resolution protocol (ARP) is a protocol used by IP for mapping an IP address to the corresponding media access control address that is a hardware address harnessed to identify the source and destination of each frame sent on the Ethernet. The man-in-the-middle (MITM) attack is a kind of the Ethernet attack that can be carried out depending on ARP cache-memory poisoning to intercept communications between two systems on Ethernet, and it could, without difficulty, be applied when the attacker is in control of a router along normal point of traffic. To secure systems on Ethernet as well as to prevent ARP cache-memory poisoning, it is necessary to have a good prevention model of MITM attacks. In this article, using the client/server-based intrusion detection system (CSIDS), a precise model to prevent ARP poisoning attacks is proposed and implemented. Our analysis is adequately characterized by implementing a real-time analysis for the received ARP packets, and in the case of detection of a suspicious ARP packet, a resolution message will be exchanged between system parts on the same network. To evaluate the ability of detection and prevention of CSIDS, we design and implement a novel protocol. At the same time, we compare the performance between CSIDS with the standard operations of ARP. Our experimental results reveal that our methodology completely protects hosts against cache poisoning attacks. We further show the effectiveness of our technique in identifying the abnormal ARP packets.

Ho-Dac-Duy Nguyen,Chi-Dung Phung,Stefano Secci,Benevid Felix,Michele Nogueira

DOI: https://doi.org/10.48550/arXiv.1704.07154

2017-04-24

Abstract:-Multipath communications at the Internet scale have been a myth for a long time, with no actual protocol being deployed so that multiple paths could be taken by a same connection on the way towards an Internet destination. Recently, the Multipath Transport Control Protocol (MPTCP) extension was standardized and is undergoing a quick adoption in many use-cases, from mobile to fixed access networks, from data-centers to core networks. Among its major benefits -- i.e., reliability thanks to backup path rerouting; throughput increase thanks to link aggregation; and confidentiality thanks to harder capacity to intercept a full connection -- the latter has attracted lower attention. How interesting would it be using MPTCP to exploit multiple Internet-scale paths hence decreasing the probability of man-in-the-middle (MITM) attacks is a question to which we try to answer. By analyzing the Autonomous System (AS) level graph, we identify which countries and regions show a higher level of robustness against MITM AS-level attacks, for example due to core cable tapping or route hijacking practices.

Networking and Internet Architecture

Santosh Ganji,P R Kumar

2024-06-15

Abstract:A Man-in-the-Middle (MiM) can collect over-the-air packets whether from a mobile or a base station, process them, possibly modify them, and forward them to the intended receiver. This paper exhibits the REVEAL protocol that can detect a MiM, whether it has half duplex capability, full duplex capability, or double full duplex capability. Protocol is based on synchronizing clocks between the mobile and the base station, with the MiM being detected if it interferes in the synchronization process. Once synchronized, the REVEAL protocol creates a sequence of challenge packets where the transmission times of the packets, their durations, and their frequencies, are chosen to create conflicts at the MiM, and make it impossible for the MiM to function. We implement the REVEAL protocol for detecting a MiM in 4G technology. We instantiate a MiM between the 4G/5G base station and a mobile, and exhibit the successful detection mechanisms. With the shared source code, our work can be reproduced using open software defined cellular networks with off-the-shelf devices

Networking and Internet Architecture,Systems and Control

Manesh Thankappan,Helena Rifà-Pous,Carles Garrigues

DOI: https://doi.org/10.1109/access.2024.3362803

IF: 3.9

2024-02-20

IEEE Access

Abstract:One of the advanced Man-in-the-Middle (MitM) attacks is the Multi-Channel MitM (MC-MitM) attack, which is capable of manipulating encrypted wireless frames between clients and the Access Point (AP) in a Wireless LAN (WLAN). MC-MitM attacks are possible on any client no matter how the client authenticates with the AP. Key reinstallation attacks (KRACK) in 2017-18, and the latest FragAttacks in 2021 are frontline MC-MitM attacks that widely impacted millions of Wi-Fi systems, especially those with Internet of Things (IoT) devices. Although there are security patches against some attacks, they are not applicable to every Wi-Fi or IoT device. In addition, existing defense mechanisms to combat MC-MitM attacks are not feasible for two reasons: they either require severe firmware modifications on all the devices in a system, or they require the use of several advanced hardware and software for deployment. On top of that, high technical overhead is imposed on users in terms of network setup and maintenance. This paper presents the first plug-and-play system to detect MC-MitM attacks. Our solution is a lightweight, signature-based, and centralized online passive intrusion detection system that can be easily integrated into Wi-Fi-based IoT environments without modifying any network settings or existing devices. The evaluation results show that our proposed framework can detect MC-MitM attacks with a maximum detection time of 60 seconds and a minimum TPR (true positive rate) of 90% by short-distance detectors and 84% by long-distance detectors in real Wi-Fi or IoT environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

K. S. Prasanna,B. Ramesh

DOI: https://doi.org/10.1007/s11277-024-10888-9

IF: 2.017

2024-02-27

Wireless Personal Communications

Abstract:In wireless communication systems, Wireless ad hoc network plays a significant role in the research domain. MANET is also an ad hoc network that build a temporary network to transmit data around the network utilizing multi-hop routers. MANET is utilized in various regions of life such as real-time information, network portioning, rescue operation, interpersonal communication, and information sharing. To deliver data accurately and quickly, MANET has changed its topology and nodes dynamically. Because of the mobility nature of nodes, the chances of routing design problem are maximum among the nodes. In this review, other categories of Routing Protocols (RPs) such as Geographical Multicast Routing Protocols (Geocast RPs), Power-Aware Routing Protocols, Multipath Routing Protocols, Hierarchical Routing Protocols, Multicast Routing Protocols and Location-Aware Routing Protocols are discussed and compared its attribute on various parameters. Also, the MANET networks are vulnerable to attacks at different tiers. Moreover, secure routing is a significant concern in MANET. Therefore, this review discusses various attacks and solutions for resisting attacks in MANET environment. It protects the network from both active and passive attacks. Attackers can dominate the scattered MANET and wireless design to minimize its potentials.

telecommunications

Xin Wang,Neng Gao,Lingchen Zhang,Zongbin Liu,Lei Wang

DOI: https://doi.org/10.1007/978-3-319-50011-9_35

2016-01-01

Abstract:Software-Defined Networking (SDN) is a new paradigm that offers services and applications great power to manage network. Based on the consideration that the entire network visibility is the foundation of SDN, many attacks emerge in poisoning the network visibility, which lead to severe damage. Meanwhile, many defense approaches are proposed to patch the controller. It is noticed that powerful adversaries can bypass existing approaches to poison topology information and attack security protocols. In this paper, we present a method that the adversary can attack security protocols under existing approaches (e.g. TopoGuard, SPHINX). We also investigate a number of security protocols that may be compromised by our MITM attacks and propose an approach to detect the existence of the adversary. Our evaluation shows that the defense solution can effectively detect the fake link in normal environment. We hope our research can attract more attention on SDN security.

XU Heng,CHEN Gong-liang,YANG Fu-xiang

DOI: https://doi.org/10.3969/j.issn.1009-8054.2009.02.035

2009-01-01

Abstract:Diffie-Hellman key exchange algorithm is an algorithm that can ensure the security of key negotiation in a channel where eavesdropping may exist, but can not be immune to the so called man-in-the-middle attack. However, that kind of attack can be prevented by using the method of key authentication. In this paper, both the theoretical proofs practical application examples of this method are given. A new method for generating random number is describes finally.

Geong Sen Poh,Dinil Mon Divakaran,Hoon Wei Lim,Jianting Ning,Achintya Desai

DOI: https://doi.org/10.48550/arXiv.2101.04338

2021-01-12

Cryptography and Security

Abstract:Middleboxes in a computer network system inspect and analyse network traffic to detect malicious communications, monitor system performance and provide operational services. However, encrypted traffic hinders the ability of middleboxes to perform such services. A common practice in addressing this issue is by employing a "Man-in-the-Middle" (MitM) approach, wherein an encrypted traffic flow between two endpoints is interrupted, decrypted and analysed by the middleboxes. The MitM approach is straightforward and is used by many organisations, but there are both practical and privacy concerns. Due to the cost of the MitM appliances and the latency incurred in the encrypt-decrypt processes, enterprises continue to seek solutions that are less costly. There were discussion on the many efforts required to configure MitM. Besides, MitM violates end-to-end privacy guarantee, raising privacy concerns and issues on compliance especially with the rising awareness on user privacy. Furthermore, some of the MitM implementations were found to be flawed. Consequently, new practical and privacy-preserving techniques for inspection over encrypted traffic were proposed. We examine them to compare their advantages, limitations and challenges. We categorise them into four main categories by defining a framework that consist of system architectures, use cases, trust and threat models. These are searchable encryption, access control, machine learning and trusted hardware. We first discuss the man-in-the-middle approach as a baseline, then discuss in details each of them, and provide an in-depth comparisons of their advantages and limitations. By doing so we describe practical constraints, advantages and pitfalls towards adopting the techniques. We also give insights on the gaps between research work and industrial deployment, which leads us to the discussion on the challenges and research directions.

Nitish Balachandran,Sugata Sanyal

DOI: https://doi.org/10.48550/arXiv.1207.2617

2012-07-11

Abstract:Any decentralised distributed network is particularly vulnerable to the Sybil attack wherein a malicious node masquerades as several different nodes, called Sybil nodes, simultaneously in an attempt to disrupt the proper functioning of the network. Such attacks may cause damage on a fairly large scale especially since they are difficult to detect and there has been no universally accepted scheme to counter them as yet. In this paper, we discuss the different kinds of Sybil attacks including those occurring in peer-to-peer reputation systems, self-organising networks and even social network systems. In addition, various methods that have been suggested over time to decrease or eliminate their risk completely are also analysed along with their modus operandi.

Cryptography and Security