Man-in-the-Middle Attacks (MITM)

man-in-the-middle attacks (MITM) - In a man-in-the-middle attack, an attacker will control the communication between two parties by secretly controlling both sides of the communication stream. He can read and even change unencrypted information.

This attack can even defeat some encryption schemes. One of the scenarios where this attack could work with encryption, is with the use of private and public keys or asymmetric encryption. In theory, the attacker simply uses the public key of one of the parties to decrypt the data stream in the connection attempt and then encrypts the connection attempt with his own private key and authenticates as the initiating party. He does a similar decrypt/encrypt with the responses and both end parties see the encrypted information that they expect.

The convention of binding public keys to an individual or organization, through the use of a certificate authority (CA), is a countermeasure to this kind of attack. For example, when using SSL to work with secure web pages, the public key is bound by the CA to the web site's URL. Browsers run checks and can report problems, including those that signal a man-in-the-middle attack. Untrained browser users and weak SSL implementations in browsers still make this attack possible.

[Category=Geospatial ]

Source: RSA, 19 August 2011 08:57:06, http://www.rsa.com/glossary/