Encyclopedia > Man-in-the-middle attack

  Article Content

Man in the middle attack

Redirected from Man-in-the-middle attack

In cryptography, the man in the middle attack is an attack where the attacker is able to read, and possibly modify at will, messages between two parties without letting either party know that they have been attacked. The attacker must be able to observe and intercept messages going between the two victims.

With public keys an attack might look as follows:

Adam wishes to communicate with Betsy. Edith wishes to eavesdrop on the conversation, or possibly deliver a false message to Betsy. Adam will ask Betsy for her public key. Betsy will send her public key to Adam, but Edith will intercept it, and send Adam her own public key. Adam then encrypts his message with Edith's key (which he believes is Betsy's) and sends it back to Betsy. Edith again intercepts, decrypts the message and reads the contents. She then encrypts the message (altered if she so desires) with Betsy's key and sends it on to Betsy, who believes she has received it directly from Adam. A similar principle can apply to packets transmitted using any public key technology.

A "man in the middle" attack remains a primary weakness of public-key based systems. A standard mechanism for coping with such attacks is signed keys: if Betsy's key is signed by a trusted third party verifying her identity, Adam can be assured that a key he receives is not an attempt to intercept by Edith. Having keys signed by a certificate authority[?] is the primary mechanism for secure world wide web traffic (see SSL). However, lax security in identity verification by certificate authorities is a vulnerability in this defense.

See computer security cryptography cryptanalysis



All Wikipedia text is available under the terms of the GNU Free Documentation License

 
  Search Encyclopedia

Search over one million articles, find something about almost anything!
 
 
  
  Featured Article
Bullying

... Classical Antiquity[?] it did not always have inherently negative implications, it merely designated anyone who assumed power for any period of time without a legitimate ...

 
 
 
This page was created in 23.4 ms