ArticlePDF Available

Man-in-the-middle-attack: Understanding in simple words

Authors:
Avijit Mallik at Rajshahi University of Engineering & Technology
Avijit Mallik
Abid Ahsan at Rajshahi University of Engineering & Technology
Abid Ahsan
Mhia Md. Zaglul Shahadat at Rajshahi University of Engineering & Technology
Mhia Md. Zaglul Shahadat
Jia-Chi Tsou at China University of Technology
Jia-Chi Tsou
Download full-text PDFDownload full-text PDFDownload full-text PDF
Read full-text
Download citation

Abstract and Figures

These days cyberattack is a serious criminal offense and it is a hotly debated issue moreover. A man-in-the-middle-attack is a kind of cyberattack where an unapproved outsider enters into an online correspondence between two users, remains escaped the two parties. The malware that is in the middle-attack often monitors and changes individual/classified information that was just realized by the two users. A man-in-the-middle-attack as a protocol is subjected to an outsider inside the system, which can access, read and change secret information without keeping any tress of manipulation. This issue is intense, and most of the cryptographic systems without having a decent authentication security are threatened to be hacked by the malware named ‘men-in-the-middle-attack’ (MITM/MIM). This paper essentially includes the view of understanding the term of ‘men-in-the-middle-attack’; the current work is mainly emphasized to accumulate related data/information in a single article so that it can be a reference to conduct research further on this topic at college/undergraduate level. This paper likewise audits most cited research and survey articles on ‘man-in-the-middle-attack’ recorded on 'Google Scholar'. The motivation behind this paper is to help the readers for understanding and familiarizing the topic 'man-in-the-middle attack'.
Figures - uploaded by Avijit Mallik
Author content
All figure content in this area was uploaded by Avijit Mallik
Content may be subject to copyright.
ijdns_2019_10
_4.pdf
Content uploaded by Avijit Mallik
Author content
All content in this area was uploaded by Avijit Mallik on Feb 29, 2020
Content may be subject to copyright.
ijdns_2019_10
_4.pdf
Content uploaded by Avijit Mallik
Author content
All content in this area was uploaded by Avijit Mallik on Jan 27, 2019
Content may be subject to copyright.
Man-in-the-middle-attack: Understanding in simple wor
ds.pdf
Available via license: CC BY 4.0
Content may be subject to copyright.
* Corresponding author.
E-mail address:avijitme13@gmail.com (A. Mallik)
© 2019 by the authors; licensee Growing Science, Canada.
doi: 10.5267/j.ijdns.2019.1.001

International Journal of Data and Network Science 3 (2019) 77–92
Contents lists available at GrowingScience
International Journal of Data and Network Science
homepage: www.GrowingScience.com/ijds
Man-in-the-middle-attack: Understanding in simple words
Avijit Mallika*, Abid Ahsanb, Mhia Md. Zaglul Shahadata and Jia-Chi Tsouc
aDepartment of Mechanical Engineering, RUET, Rajshahi-6204, Bangladesh
bDepartment of Computer Science and Engineering, RUET, Rajshahi-6204, Bangladesh
cDepartment of Business Administration, China University of Technology, Taipei City, Taiwan
C H R O N I C L E A B S T R A C T
Article history:
Received: September 18, 2018
Received in revised format: Octo-
ber 20, 2018
Accepted: January 2, 2019
Available online:
January 2, 2019
These days cyberattack is a serious criminal offense and it is a hotly debated issue moreover. A
man-in-the-middle-attack is a kind of cyberattack where an unapproved outsider enters into an
online correspondence between two users, remains escaped the two parties. The malware that is
in the middle-attack often monitors and changes individual/classified information that was just
realized by the two users. A man-in-the-middle-attack as a protocol is subjected to an outsider
inside the system, which can access, read and change secret information without keeping any tress
of manipulation. This issue is intense, and most of the cryptographic systems without having a
decent authentication security are threatened to be hacked by the malware named ‘men-in-the-
middle-attack’ (MITM/MIM). This paper essentially includes the view of understanding the term
of ‘men-in-the-middle-attack’; the current work is mainly emphasized to accumulate related
data/information in a single article so that it can be a reference to conduct research further on this
topic at college/undergraduate level. This paper likewise audits most cited research and survey
articles on ‘man-in-the-middle-attack’ recorded on 'Google Scholar'. The motivation behind this
paper is to help the readers for understanding and familiarizing the topic 'man-in-the-middle at-
tack'.
© 2019 by the authors; licensee Growing Science, Canada.
Keywords:
MITM attack
Cyberattack
Crime
Media
1. Introduction
In cryptography and PC security, a man-in-the-middle attack (MITM) is an attack where the attacker
furtively transfers and perhaps changes the correspondence between two parties who trust they are
straightforwardly communicating with each other. A man in the middle (MITM) attack is a general term
for when a culprit positions himself in a discussion between a client and an application; either to listen
stealthily or to imitate one of the parties, making it show up as though an ordinary trade of information
is in progress (Meyer & Wetzel, 2004; Kish, 2006; Hypponen & Haataja, 2007; Ouafi et al. 2008). The
objective of an attack is to take individual information, for example, login certifications, account points
of interest and charge card numbers. Targets are normally the clients of financial applications, SaaS
businesses, web-based business locales and other sites where logging in is required. Information obtained
during an attack could be utilized for many, purposes, including fraud, unapproved support exchanges or
78
an unlawful watchword change. Furthermore, it can be utilized to gain a decent footing inside an an-
chored edge during the infiltration phase of an Advanced Persistent Threat (APT) strike. Fig. 1 portrays
a schematic of 'men-in-the-middle-attack' belief system. A man-in-the-middle attack allows a malicious
actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without
either outside party knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many
ways, including MITM, MitM, MiM or MIM (Ouafi et al., 2008; Joshi et al., 2009; Khader & Lai, 2016
; Tung et al., 2016; Wallace & Miller, 2017; Conti et al., 2016).
Fig. 1. Men-in-the-middle attack ideology schematic
One case of man-in-the-middle attacks is dynamic eavesdropping, in which the attacker makes independent
associations with the victims and transfers messages between them to influence them to trust they are talking
straightforwardly to each other over a private association when in certainty the whole discussion is controlled by
the attacker. The attacker must have the capacity to intercept every single significant message passing between the
two casualties and inject new ones. This is direct in many conditions; for instance, an attacker within gathering
scope of an unencrypted wireless access point (Wi-Fi) could insert himself as a man-in-the-middle (Callegati et
al., 2009; Desmedt, 2011). As an attack that goes for circumventing common authentication, or scarcity in that
department, a man-in-the-middle attack can succeed just when the attacker can mimic every endpoint agreeable to
them not surprisingly from the genuine closures. Comprehensively speaking, a MITM attack is what might as well
be called a mailman opening your bank proclamation, writing down your record points of interest and after that
resealing the envelope and delivering it to your entryway. Most cryptographic conventions include some type of
endpoint authentication particularly to persist MITM attacks. For instance, TLS can authenticate one or the two
parties using a commonly confided in endorsement expert (Sounthiraraj et al., 2014; Khader & Lai, 2015; Rahim,
2017).
2. Literature review
MITM is named for a ball game where two people play catch while a third person in the middle attempts
to intercept the ball. MITM is also known as a fire brigade attack, a term derived from the emergency
process of passing water buckets to put out a fire. In the year 2004, U. Meyer and S. Wetzel presented a
report on Universal Mobile Telecommunication System’s (UITM) security protocol where they dis-
cussed about ‘men-in-the-middle-attack’ on mobile communication (Meyer & Wetzel, 2004). In 2006,
Kish published his research in a master listed journal where he showed an encryption method of MITM
using Kirchhoff-loop-Johnson (-like)-noise cipher (Kish, 2006). Hypponen and Haataja (2007), made a
A. Mallik et al. / International Journal of Data and Network Science 3 (2019) 79
research on secure Bluetooth communication and showed their developed system was capable of pre-
venting MITM attack (Hypponen & Haataja, 2007). Sun et al., 2018 and Saif et al., 2018; made similar
type of researches on updated version of Bluetooth networks security and discussed about new techniques
to prevent MITM in two party’s communication (Sun et al., 2018; Saif et al., 2018). Ouafi et al. (2008),
Callegati et al. (2009), Joshi et al., (2009), Desmedt, (2011) and Sounthiraraj et al., (2014) conducted
researches about HTTP security and those researches found MITM as a very serious threat and those also
discussed about the prevention techniques (Ouafi et al., 2008; Callegati et al., 2009; Joshi et al., 2009;
Desmedt, 2011; Sounthiraraj et al., 2014). Khader et al. (2015) and Tung et al. (2016) published their
researches which mostly talks about different prevention methods of MITM (Khader & Lai, 2015; Tung
et al., 2016). Wallace and Miller (2017) patented their research about endpoint based MITM where they
tested multiple prevention methods for MITM (Wallace & Miller, 2017). Conti et al. (2016); did a survey
on MITM and its effects on the economy. Li et al. (2017), Rahim (2017) and Howell et al. (2018) made
identical researches on prevention of MITM mainly for internet communication and those papers dis-
cusses several unique and effective measures on prevention of MITM from on-net communication (Li et
al., 2017; Rahim, 2017; Howell et al., 2018). Fei et al. (2017), Usman et al. (2018), Valluri (2018) and
Kuo et al. (2018) published their review reports on MITM which mostly discusses about WLAN security
for 2-way communication.
3. Progression of ‘man-in-the-middle-attack’
Effective MITM execution has two distinct stages: interception and decryption; which involves being
within physical closeness to the intended target, and another that exclusive involves malware, known as
a man-in-the-browser (MITB) attack. With a conventional MITM attack, the attacker needs access to an
unsecured, or ineffectively anchored Wi-Fi switch (Li et al., 2017; Rahim, 2017; Fei et al., 2018; Howell
et al., 2018; Sun et al., 2018). These sorts of associations are by and large found out in the open territories
with free Wi-Fi hotspots, and even in a few people's homes. An attacker will check the switch using code
looking for particular shortcomings, for example, default or poor secret key utilize, or security gaps be-
cause of the poor arrangement of the switch. Once the attacker has discovered the powerlessness, they
will then insert their instruments in the middle of the clients' PC and the sites the client visits. A fresher
variation of this attack has been gaining fame with cybercriminals because of its simplicity of execution.
With a man-in-the-browser attack, every one of an attacker needs are an approach to inject malware into
the PC, which will then install itself into the browser without the clients' learning and will then record
the information that is being sent between the victim and particular focused on sites, for example, finan-
cial institutions, that are coded into the malware. Once the malware has gathered the particular infor-
mation it was modified to gather, it then transmits that information back to the attacker.
3.1. Interceoption
The initial step intercepts client activity through the attacker's system before it achieves its intended
destination. The most well-known (and easiest) method for doing this is an inactive attack in which an
attacker makes free/open wifi hotspots; accessible to general society. Commonly named in a way that
relates to their area, they aren't watchword secured. Once a casualty interfaces with such a hotspot, the
attacker gains full permeability to any online information trade. Attackers wishing to adopt a more dy-
namic strategy to interception may dispatch one of the following attacks:
• IP spoofing involves an attacker disguising himself as an application by altering parcel headers in
an ip address. Accordingly, clients attempting to get to a url associated with the application are sent to
the attacker's site (‘man in the middle (mitm) attack’ (incapsula co.), 2016)
• ARP spoofing is the way toward linking an attacker's mac address with the ip address of a legitimate
user on a local area network using fake arp messages. Subsequently, information sent by the client to the
host ip deliver is instead transmitted to the attacker (Meyer & Wetzel, 2004; Kish, 2006; Hypponen &
Haataja, 2007; Ouafi et al., 2008; Callegati et al., 2009; Joshi et al., 2009; Desmedt, 2011)
80
DNS spoofing, otherwise called DNS store poisoning, involves infiltrating a DNS server and alter-
ing a site's address record. Accordingly, clients attempting to get to the site are sent by the adjusted dns
record to the attacker's site (Ouafi et al., 2008; Joshi et al., 2009; Khader et al., 2015; Howell et al., 2018;
Sun et al., 2018; Usman et al., 2018; Valluri, 2018; Kuo et al., 2018; Saif et al., 2018; ‘man in the middle
(mitm) attack’ (incapsula co.)).
3.2. Decryption
After an interception, any two-way SSL movement should be unscrambled without alerting the client or
application. Various strategies exist to accomplish this:
• HTTPS spoofing sends an imposter endorsement to the victim's browser once the initial associa-
tion demand for a safe site is made (‘Man-in-the-middle attack’ (Wikipedia)). It holds an advanced
thumbprint related with the bargained application, which the browser confirms according to an existing
rundown of confided in destinations. The attacker is then ready to get to any information entered by the
casualty before it's passed to the application.
• SSL BEAST (browser abuse against SSL/TLS) focuses on a TLS variant 1.0 helplessness in SSL.
Here, the casualty's PC is infected with pernicious JavaScript that intercepts scrambled treats sent by a
web application. Then the application's figure square chaining (CBC) is endangered in order to decode
its treats and authentication tokens (‘man-in-the-middle-attack-mitm’ (Techpedia); “man-in-the-middle-
attack” (Rapid Web Ser.); ‘What is a Man In The Middle attack?’ (Symantec Corp.), Norton Security
Blog,; ‘What is UMTS?’ (Tech Target Web), Blog Post)
• SSL hijacking happens when an attacker passes produced authentication keys to both the client
and application during a TCP handshake. This sets up what seems, by all accounts, to be a safe association
when, actually, the man in the middle controls the whole session (K. Ouafi et al., 2008; Y. Desmedt,
2011; ‘Man-in-the-middle attack’ (Wikipedia); ‘Flaw in Windows DNS client exposed millions of users
to hacking’ (SC Mag. UK), News Article)
• SSL stripping minimizes an HTTPS association with HTTP by intercepting the TLS authentica-
tion sent from the application to the client. The attacker sends a decoded form of the application's site to
the client while maintaining the anchored session with the application. In the meantime, the client's whole
session is noticeable to the attacker (Conti et al., 2016; Li et al., 2017; Rahim, 2017; Fei et al., 2018;
Howell et al., 2018; Sun et al., 2018; Usman et al., 2018; Valluri, 2018).
4. MITM: What and how?
‘Man-in-the-middle-attack’ also known/abbreviated as MIM, MiM, MitM or MITMA is a type of cryp-
tographic attack over a communication channel by a malicious third party where he/she takes over a
confidential/personal communication channel between two or legitimate communicative points or par-
ties. In this cyber attack, the attacker can control (read, modify, intercept, change or replace) the com-
munication traffic between victims. But by using MITM protocol the unauthenticated attacker leaves no
clues/traces of his interception of this cybercrime, in short words the attacker remains invisible to the
victims.
It needs a communication channel to make a MITM attack. The most used communication channels of
MITM attack are namely GSM, UMTS, Long-Term Evolution (LTE), Bluetooth, Near Field Communi-
cation (NFC), Radio Frequency and Wi-Fi. The first recorded MITM attack was planned in the time of
WW-II for intercepting German Military’s radio communication and was done by the Royal British In-
telligence (also known as MI-6) (Kozaczuk, 1984). In normal sense, there are three most possible com-
promises, namely Confidentiality, Integrity, and Availability; which is aimed at my MITM attack. Most
of the MITM attacks now days are done in social media, because of the extensive use of human commu-
nication are done using social media (Facebook, Twitter, Yahoo Messenger and etc. (Hudaib, 2014) De-
coding a MITM attack is a long process, basically this is done using three ways, namely 1) Based on
A. Mallik et al. / International Journal of Data and Network Science 3 (2019) 81
impersonation methods of cyber decoding, 2) Based on Telecommunication addressing techniques and
lastly 3) Based on GPS locating method of attacker and victims both (Conti et al., 2016).
5. Present status of MITM attacks
Nowadays, most of the MITM attacks are performed using communication layers. Open System Inter-
communication (OSI) and GSM networks are the most affected communication channels by MITM at-
tacks. Table-1 shows types of MITM attacks on different OSI and Cellular service networks (‘Man-in-
the-middle attack’ (Wikipedia); ‘man-middle-attack’ (CA Tech); ‘man-in-the-middle-attack-mitm’
(Techpedia); “man-in-the-middle-attack” (Rapid Web Ser.); ‘What is a Man In The Middle attack?’ (Sy-
mantec Corp.), Norton Security Blog); ‘What is UMTS?’ (Tech Target Web), Blog Post; ‘Flaw in Win-
dows DNS client exposed millions of users to hacking’ (SC Mag. UK), News Article; Fatima, 2011;
Kozaczuk, 1984; Hudaib, 2014; Conti et al., 2016).
Table 1
MITM attacks on different communication channels
MITM Types
OSI Layers Data Links ARP spoofing type
Presentation SSL decryption, CA decryption
Transport and Networking IP spoofing
Applications DHCP spoofing, BGP type, DNS spoofing
Cellular Networks GSM
FBS type
UTMS
In Table 1, we list MITM attacks across OSI layers and cellular networks. Each layer enforces different
approaches to provide security. Nevertheless, neither of them is free from MITM attacks. Ornaghi et al.
2003, at a European conference, was the first to present a security system-based tracking location of the
attacker and victim. He classified MITM attacks in three distinct categories: a) LAN (Local Area Net-
work) tracking, b) LAN to Remote Network tracking and c) Remote Network track. The authors also
take into consideration that STP mangling is a closed type of MITM as the attacker can only manage to
decode the unmanaged traffic between two clients.
5.1. Spoofing: Most common MITM
Spoofing an impersonation technique which is originated from ‘spying’. In the middle century, European
spies used to hear secret conversation by impersonating him/her to the communicative party. The same
method is applied in modern cryptographic spoofing, as the attacker intercepts a confidential/personal
communication between two hosts and controls over transferring data, while the hosts are not being aware
of the unauthenticated attacker. Some research papers (‘Flaw in Windows DNS client exposed millions
of users to hacking’ (SC Mag. UK), News Article; ‘What is UMTS?’ (Tech Target Web), Blog Post);
‘What is a Man in The Middle attack?’ (Symantec Corp.), Norton Security Blog; “man-in-the-middle-
attack” (Rapid Web Ser.), Blog Post; ‘man-in-the-middle-attack-mitm’ (Techpedia); ‘man-middle-at-
tack’ (CA Tech.); ‘Man-in-the-middle attack’ (Wikipedia); ‘MAN IN THE MIDDLE (MITM) AT-
TACK’ (Incapsula Co.); Saif et al., 2018; Kuo et al., 2018; Valluri, 2018; Usman et al., 2018; Senie &
Ferguson, 1998; Humphreys et al., 2008; Scott, 2001; Schuckers, 2002) describe spoofing as the first
step of executing MITM, not being the total of a MITM attack; while some other deliciated research
papers claim spoofing as a whole MITM process. In this paper, we will consider it as a spoofing based
MITM or spoofing attack. When a party wants to communicate with other parties over a cryptographic
network then if their network is same with an unknown MAC address then the server broadcasts an
address resolution protocol (also abbreviated as ARP) request to all hosts under the same network con-
nection. The client with the announced Internet Protocol is only expected to make a reply including
his/her MAC (Media Access Control) address. However, when ARP cache is managed in a dynamic
82
mode, cache entries can be easily fabricated by forged ARP messages, since proper authentication mech-
anism is missing (Oh et al., 2012). In the meantime, the communicating medium saves the IP to MAC
entry in its local cache, so the next time communication can be speeded up, by avoiding the broadcasts.
Address Resolution Protocol has no states thus it provides very few securities to the caching system.
Some top-notch researches referring from Ataullah and Chauhan (2012), Altunbasak et al. (2004),
Subashini and Kavitha (2011), Alabady (2009), Caceres and Padmanabhan (1998), Ford (2005), Pansa
and Chomsiri (2008), Chomsiri (2008), Salim et al. (2012), Demuth and Leitner (2005) shows the state-
of-art (SoA) of using those security weaknesses for conducting a perfect MITM attack. Suppose, we have
next network: the attacker ‘X’ (IP = 10.0.x.x3, MAC = EE:EE:EE:EE:EE:X3), victim ‘A’ (IP = 10.0.x.x1,
MAC = AA:AA:AA:AA:AA:X1), and victim ‘B’ (IP = 10.0.x.x2, MAC = BB:BB:BB:BB:BB:X2). The
next steps for a perfect spoofing based on ARP are shown below:
1)‘X’ sends an ARP Reply message to ‘A’, which says that IP: 10.0.x.x3 has MAC address:
EE:EE:EE:EE:EE:X3. This message will update ‘A’’s ARP table.
2)‘X’ also sends an ARP Reply message to ‘B’, which says that IP: 10.0.x.x2 has MAC address:
EE:EE:EE:EE:EE:X3. This message will update ‘B’’s ARP table.
3)When ‘A’ wants to send a message to ‘B’, it will go to ‘X’’s MAC address EE:EE:EE:EE:EE:X3,
instead of ‘B’’s BB:BB:BB:BB:BB:X2.
4) When ‘B’ wants to send a message to ‘A’, it will also go to ‘X’.
Schematic regarding the example stated above is given in Fig. 2.
Fig. 2. Spoofing method between two clients
There are many well-researched works of literature where spoofing defending system is discussed.
Among them T. Demuth et al., 2005, D. Pansa et al., 2008, Z. Trabelsi et al., 2007 and R. Philip et al.,
2007 are mostly considerable (D. Pansa and T. Chomsiri, 2008; T. Demuth and A. Leitner, 2005; Z.
A. Mallik et al. /
International Journal of Data and Network Science 3 (2019) 83
Trabelsi and W. El-Hajj, 2007; R. Philip et al., 2007). They introduced various well-researched tech-
niques to prevent spoofing and make secure communication over LAN. But those Literature doesn’t
concern about wireless methods of communications. Table 2 below shows a typical comparison be-
tween spoofing prevention techniques:
Table 2
Comparison of various types of spoofing prevention
References Medium of Communication Protocol Concerns
Demuth et al., 2005 Server Based Communication ARP Can’t work for wireless communications.
Pansa et al., 2008 Server Based/ Host Based ARP, DHCP Compatible for DoS, DHCP but has a single point of failure.
Trabelsi et al., 2007 Host Based ARP Level of importance of each host is very difficult to decide.
Philip et al., 2007 Host Based ARP Works only with Linksys routers. Static IP not supported.
Oh et al., 2012 Cryptographic/ Host Based UDP/ ARP For UDP, authentication is a must need.
Komori et al., 2002 SYMMETRIC/PRIVATE-KEY
CRYPTOGRAPHY
DHCP Legitimate hosts must register in advance, adds additional
message flow, hard to manage for large number of hosts.
Ju et al., 2007 SYMMETRIC/PRIVATE-KEY
CRYPTOGRAPHY, RFC
DCHP, DHCP The authors did not describe how the random value (the
number, which used by the server and client to compute the
session key) is determined.
Duan et al., 2006 Router Based IP, ARP Filtering-on-path method can’t ensure a secure
communication.
Andersen et al., 2008 Router/ Host Based IP, DHCP This system is considered as the highest secured
communication. But not so user friendly.
6. MITM on GSM: A threat to phone communication security
In the early 90’s, the European Telecommunications Standards Institute introduced GSM as a second
generation (2G) telecommunication standard. Today, according to the mobility report (SAMSUNG
ELECTRONICS SUSTAINABILITY REPORT), GSM covers more than 90% of the world population.
There are two basic types of services offered through GSM: telephony and data bearer. The GSM
architecture consists of Mobile Stations (MSs) and Base Terminal Stations (BTS), which communicate
with each other through radio links. Each BTS connects to the Base Station Controller (BSC). BSC links
to the Mobile Switching Center (MSC), which is responsible for routing signals to and from fixed
networks (Z. Su et al., 2018). Home Location Register (HLR) and the Visitor Location Register (VLR)
are the two major databases for each mobile service provider in the GSM architecture. Fig. 3 shows a
schematic of GSM architecture. Each of GSM subscribers has the secret key, which is stored in the
Subscriber Identity Module (SIM) card of the MS. The Authentication Center (AUC) has a secret key,
which is shared with the subscriber and AUC. AUC generates a set of security parameters for execution
of encryption and authentication.
Fig. 3. GSM Architecture (Kurose, 2005)
The main idea behind the attack is to impersonate same mobile network code as the legitimate GSM
network to false BTS (or IMSI Cather (Hardin, 2018)) and convince the victim that this station is the
valid one. Let us consider the next example: network consists of the Legitimate MS, Legitimate BTS,
84
False BTS, and False MS. Attacker’s network is a combination of the False BTS and False MS. While
in standby mode the MS connects to the best received BTS. Therefore, False BTS should be more pow-
erful than the original one, or closer to the target. If the victim is already connected, then the attacker
requires to drawn any present real stations. The algorithm of the FBS-based MITM attack on GSM is the
following:
1) Attacker sets-up connection between False BTS and Legitimate MS.
2) False MS impersonates the victim’s MS to the real network by resending the identity information,
which was received from the step 1.
3) Victim’s MS sends its authentication information and cipher-suites to the False BTS.
4) Attacker forwards message from step 3 to the Legitimate BTS, with changed authentication abilities
of the MS to do not support encryption (A5/0 algorithm (Su X. et al. 2018)), or to weak encryption
algorithm (e.g., A5/2).
5) Legitimate MS and Legitimate BTS exchange authentication challenge (RAND), and authentication
response (SRES), attacker forwards them.
Fig. 4 below shows a graphical representation of the example stated above.
Fig. 4. MITM in GSM network Fig. 5. MITM on GSM network via FBS method
Finally, the authentication is finished. All following messages between the victim and real network are
going through attacker’s entities, with encryption specified by an attacker, or no encryption at all. This
manipulation is possible since GSM does not provide the data integrity (Chen et al., 2007), as a result,
the attacker can catch, modify, and resend messages. At the designing phase of the GSM protocol, FBS
seemed impractical due to costly required equipment, but currently, this kind of attack is completely
applicable since costs decreased (Feher et al., 2018). Paik et. al. (2010); besides describing GSM security
concerns, pointed out that nowadays attackers are better equipped. Among the reasons we can identify
opensource projects (e.g., Open BTS (Burgess & Samra, 2008)) and low-cost hardware (e.g., Ettus
Research (A. N. I. C. Ettus Research. Ettus research - the leader in software-defined radio (SDR))). In
particular, an attacker can build its own false BTS for less than $1000. An algorithm of FBD based MITM
attack on GSM network is given below in Fig. 5. Table 3 discusses various FBS based MITM attacks
prevention approaches and different attacks with regarding references.
Table 3
FBS based MITM attacks preventions
Preventions Ou et al., 2010 Huang et al., 2011 Hwang et al., 2014 Saxena and
Chaudhari, 2014
Saxena and
Chaudhari, 2014
MITM attacks Yes Yes Yes Yes Yes
Replay attacks Yes Yes Yes Yes Yes
Active attack in
unauthorized network
Yes Yes Yes Yes Yes
Redirection Yes Yes Yes Yes Partially
Do
S
attack No Partially Yes No Yes
A. Mallik et al. / International Journal of Data and Network Science 3 (2019) 85
7. Statistical analysis of MITM attack
For statistical analysis of the MiM attacks, we refer to the usual finite lattice of security levels,
(,,⨅
,⨆
,⊺,
) and based on it define : as a mapping from names to their security levels.
Now, we can define the name integrity property as follows.
Property [Name integrity]
We say that a name, , has the integrity property with respect to a environment if
∀ 󰇛󰇜:󰇛󰇜 󰇛󰇜
The predicate integrity 󰇛, 󰇜 indicates that upholds the above property with respect to . A MITM
attack is defined as an attack in which the intruder is capable of breaching the integrity of names of two
processes.
Property [Man-in-the-Middle Attack]
A context, (a process with a hole) succeeds in launching a MiM attack on two processes, and, if
the result of the abstract interpretation, 󰇛|󰇛||󰇜󰇝||󰇞 
proves that∈
󰇛󰇜,
󰇛󰇜:󰇛
󰇛,󰇜󰇛, 󰇜󰇜.
8. Preventing MITM
Blocking MITM attacks requires a few down to earth ventures with respect to clients, and additionally a
combination of encryption and check techniques for applications. For clients, this implies:
• Avoiding WiFi associations that aren't password encrypted.
• Paying consideration regarding browser warnings reporting a site as being unsecured.
• Immediately logging out of a protected application when it's not in utilize.
• Not using open systems (e.g., cafés, lodgings) when conducting sensitive financial exchanges.
For site administrators, secure correspondence conventions, including TLS and HTTPS, help relieve
spoofing attacks by vigorously encrypting and authenticating transmitted information (Fatima, 2011).
Doing so keeps the interception of site activity and hinders the decoding of delicate information, for
example, authentication tokens. It is viewed as best practice for applications to utilize SSL/TLS to anchor
each page of their site and not only the pages that expect clients to sign in. Doing so helps diminishes the
possibility of an attacker stealing session treats from a client browsing on an unsecured segment of a site
while signed in.
To counter MITM, Antivirus frameworks furnishes its clients with a streamlined end-to-end SSL/TLS
encryption, as a component of its suite of security administrations (‘Man-in-the-middle attack’ (Wikipe-
dia); ‘man-middle-attack’ (CA Tech.); ‘man-in-the-middle-attack-mitm’ (Techpedia); “man-in-the-mid-
dle-attack” (Rapid Web Ser.), Blog Post; ‘What is a Man In The Middle attack?’ (Symantec Corp.),
Norton Security Blog; ‘What is UMTS?’ (Tech Target Web), Blog Post; ‘Flaw in Windows DNS client
exposed millions of users to hacking’ (SC Mag. UK), News Article). Facilitated on well-known Anti-
spam administrations content conveyance arrange (CDN), the authentications are ideally executed to
forestall SSL/TLS compromising attacks, for example, minimize attacks (e.g. SSL stripping), and to
guarantee compliance with most recent PCI DSS demands. Offered as a managed benefit, SSL/TLS ar-
rangement is stayed up with the latest maintained by an expert security, both to stay aware of compliance
demands and to counter emerging dangers (e.g. Heartbleed) (‘What is a Man In The Middle attack?’
(Symantec Corp.), Norton Security Blog). Finally, with Antivirus dashboards, the client can likewise
design HTTP Strict Transport Security (HSTS) arrangements to implement the utilization of SSL/TLS
86
security over different subdomains. This furthers secure site and web application from convention mini-
mize attacks and treat hijacking endeavors. Table 4 gives a typical review of different types of prevention
methodologies.
Table 4
Various MITM prevention Mechanisms studied from
Approaches
Detection Cryptography Voting Hardware Other
OSI Application BGP: (Mayer and
Susanne, 2014;
Hypponen and Keijo,
2007; Ouafi et al., 2008;
Callegati et al., 2009;
Joshi et al., 2009; Yvo
Desmedt, 2011;
Sounthiraraj et al.,
2014; Khader and Lai,
2015; Yu-Chih Tung et
al., 2016; Wallace and
Miller, 2017; Conti et
al., 2016; Li et al., 2017;
Rahim, 2017; Yang-
Yang Fei et al., 2018;
Howell et al., 2018; Da-
Zhi Sun et al., 2018;
Usman et al., 2018;
Valluri 2018; En-Chun
Kuo et al., 2018; Saif et
al., 2018), Stiansen,
2018; Chaz & Kim-
Kwang Raymond Choo,
2018; T. Stiansen et al.,
2018)
DNS: (Yong Wan Ju et
al., 2007; Chopra and
MichaelKauf man, 2014;
Naqash et al. 2012;
Kaminsky 2008; Li ndell
2018; Li Xiang et al.,
2018; D. Zhang, Yuezhi
Zhou and Yaoxue
Zhang, 2018)
BGP:(Mitseva et al.,
2018; Preneel and
Frederik Vercauteren,
2015; Haya Shulman,
2018; Flores et al.,
2018)
DCHP: (Ou et al.,
2010; Huang et al.,
2017; Hwang and
Prosanta Gope, 2014;
Saxena and
Chaudhari, 2014 (1 &
2))
DNS:(‘man-in-the-middle-
attack’(CA.Tech.)), (Duan
et al., 2006; Andersen et
al., 2008; SAMSUNG
ELECTRONICS
SUSTAINABILITY
REPORT, 2017; Su et al.,
2018; Hardin 2018; Su Xin
et al., 2005), (Flores et al.,
2018; Fernàndez-València
et al., 2018; Hanna et al.,
2018)
DCHP: (Ettus
Research. Ettus
research; Ou et al.
2010; Huang et al.,
2011; Hwang et al.,
2014; Saxena And
N.S. Chaudhari
2014), (M. Xie et al.,
2018, A. Karina et
al., 2018)
BGP: (Naqash et al.,
2012; Kaminsky, 2008;
Lindell, 2018; Xiang,
2018; Zhang, 2018)
DNS: (Stiansen et al.,
2018; Mitseva et al.,
2018; Preneel and
Frederik Vercauteren,
2015)
Presentation SSL/TLS: (M. Ulrike
and Susanne Wetzel,
2004; Laszlo and Kish,
2006; Hypponen and
Haataja, 2007; Ouafi et
al., 2008; Callegati et
al., 2009; Joshi et al.,
2009; Yvo Desmedt,
2011; Sounthiraraj et
al., 2014; Khader and
David Lai, 2015; Yu-
Chih Tung et al., 2016;
Wallace and Miller,
2018; Conti et al., 2016;
Xiaohong Li et al.,
2017), (Logan Scott,
2001)
SSL/TLS: (Wallace
and Miller, 2016;
Conti et al., 2016;
Stiansen, 2018; Chaz
and Kim-Kwang
Raymond Choo,
2018; Stiansen et al.,
2018; Li et al., 2017),
(Karina et al., 2015;
Nath et al., 2018;
Hossain et al., 2018;
Sinor, 2018)
SSL/TLS: (L. Scott, 2001;
M. Oh et al., 2012)
- SSL/TLS: (Sinor , 2018;
Gunawan, 2018)
Transport - IP: (Ulrike Meyer
and Susanne Wetzel,
2004; Laszlo B. Kish,
2006; K. Hypponen
and Keijo MJ
Haataja, 2007; K.
Ouafi et a l., 2008; F.
Callegati et al., 2009;
Y. Joshi et al., 2009;
Yvo Desmedt, 2011;
D. Sounthiraraj et al.,
2014; A. S. Khader
and David Lai, 2015;
Yu-Chih Tung et al.,
2016; B. M. Wallace
and W. S. Miller,
2016; M. Conti et al.,
2016; X. Li et al.,
2017; R. Rahim,
2017; Yang-Yang Fei
et al., 2018; C.
- - IP: (Huang et al., 2018;
Goodman et al., 2018;
Wang et al., 2018)
A. Mallik et al. / International Journal of Data and Network Science 3 (2019) 87
Howell et al., 2018;
Da-Zhi Sun et al.,
2018; K. Usman et
al., 2018; M. R.
Valluri, 2018; En-
Chun Kuo et al 2018;
S. Saif et al., 2018;
‘MAN IN THE
MIDDLE (MITM)
ATTACK’
(Incapsula Co.);
‘Man-in-the-middle
attack’ (Wikipedia);
‘man-middle-attack’
(CA Tech.)), (M. I.
Gramegna et al.,
2018; M. F. Anagreh
et al., 2018; L. W.
Huang et al., 2018)
Network - || - - ||
Data Link ARP: (Ou et al., 2018;
Gramegna et al., 2018;
Anagreh et al., 2018;
Huang et al., 2018; R.
Rahim, 2017; Yang-
Yang Fei et al., 2018;
Howell et al., 2018; Da-
Zhi Sun et al., 2018;
Usman et al., 2018;
Valluri, 2018; En-Chun
Kuo et al., 2018; Saif et
al. 2018; ‘MAN IN
THE MIDDLE (MITM)
ATTACK’ (Incapsula
Co.); ‘Man- in-the-
middle attack’
(Wikipedia); ‘man-
middle-attack’ (CA
Tech.))
ARP: (Mayer and
Susanne,
2014;Hypponen and
Keijo, 2007; Ouafi et
al., 2008; Callegati et
al., 2009; Joshi et al.,
2009; Yvo Desmedt,
2011; Sounthiraraj et
al., 2014; Khader and
Lai, 2015; Yu-Chih
Tung et al., 2016;
Wallace and Miller,
2017;. Conti et al.,
2016; Li et al., 2017;
Rahim, 2017; Yang-
Yang Fei et al., 2018;
Howell et al., 2018;
Da-Zhi Sun et al.,
2018; Usman et al.,
2018; Valluri, 2018
En-Chun Kuo et al.,
2018; Saif et al.,
2018; Stiansen, 2008)
ARP: (Humphreys et al.,
2008; Scott, 2001;
Schuckers, 2002;
Myeongjin Oh, 2012)
ARP: (Huang et al.
2018; Goodman et
al., 2018; Wang et
al., 2018; Li et al.,
2018;.
MAHESWARI et al.,
2015; Truedsson et
al., 2018)
ARP: (Duan et al., 2006;
Andersen et al., 2008;
Timmermans,2018 )
Modular
Networks
GSM - (Trabelsi and El-Hajj,
2007; Philip, 2007;
Oh, 2012; Komori
and Saito, 2002; Ju
and Han, 2012; Duan,
Yuan, and
Chandrashekar,
2006; Andersen et
al., 2005), (
Siergiejczyk and
Adam Rosiński,
2018; Nayak and
Rohit Sharma, 2018;
Firdous et al., 2018)
- - -
UMTS - (Stiansen, 2018(a);
Vidal and Kim-Kwang
Raymond Choo,
2017;Stiansen,
2018(b)); (Jadhao et
al.,2018; Firdous et al.,
2018; Nayak and Rohit
Sharma. 2018;
Siergiejczyk and Adam
Rosiński, 2018;
Truedsson and Viktor
Hjelm, 2018)
- - -
9. Conclusion
The MITMs interrupt interchanges between two frameworks, and this phenomenon takes place when the
attacker is responsible for a switch along typical point of movement. The attacker in all cases is situated
on a similar communicated domain as the victim stands. Indeed, in a HTTP exchange, a TCP protocol
exists among the customer and the server. The attacker divides the TCP protocol into two connections –
one between the victim and the attacker and the other between the attacker and the server. On intercepting
88
the TCP protocol, the attacker goes about as an intermediary reading, altering and inserting information
in intercepted correspondence. In an unsecured connection (e.g. HTTP protocol), the communication of
two users can be hacked by an intruder without any difficulties. In a HTTPS connection, a single TCP
protocol is attained by building two independent SSL connections. A MITM attack exploits the short-
coming in arrange correspondence convention, convincing the casualty to course movement through the
attacker instead of ordinary switch and is by and large alluded to as ARP spoofing. This unethical phe-
nomenon can affect a country’s economy and may be a reason of instability between nations by steal-
ing/modifying classified/secret defense sector data/information. So, this unethical phenomenon has to be
prevented, and the necessary measures should be taken for ending. Although the paper did not focus on
extensive analysis for future research directions of MITM, but a good understanding about MITM and
the technologies for preventing MITM like Li-Fi were discussed briefly.
Acknowledgement
The authors are grateful to the Dept. of Mechanical Engineering and Dept. of Computer Science and
Engineering, RUET for providing technical and financial support to conduct this survey research.
References
A. N. I. C. Ettus Research. Ettus research - the leader in software defined radio (sdr). [Online]. Available:
http://www.ettus.com
Alabady, S. (2009). Design and Implementation of a Network Security Model for Cooperative Network. Int. Arab
J. e-Technol., 1(2), 26-36.
Altunbasak, H., Krasser, S., Owen, H., Sokol, J., & Grimminger, J. (2004, November). Addressing the weak link
between layer 2 and layer 3 in the Internet architecture. In Local Computer Networks, 2004. 29th Annual IEEE
International Conference on (pp. 417-418). IEEE.
Anagreh, M. F., Hilal, A. M., & Ahmed, T. M. (2018). Encrypted Fingerprint into VoIP Systems using Crypto-
graphic Key Generated by Minutiae Points. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCI-
ENCE AND APPLICATIONS, 9(1), 151-154.
Andersen, D. G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., & Shenker, S. (2008, August). Account-
able internet protocol (aip). In ACM SIGCOMM Computer Communication Review (Vol. 38, No. 4, pp. 339-
350). ACM.
Ataullah, M., & Chauhan, N. (2012, March). ES-ARP: an efficient and secure address resolution protocol. In Elec-
trical, Electronics and Computer Science (SCEECS), 2012 IEEE Students' Conference on (pp. 1-5). IEEE
Burgess, D. A., & Samra, H. S. (2008). The openbts project. Report available at http://openbts. sourceforge. net,
http://openBTS. org.
Caceres, R., & Padmanabhan, V. N. (1998). Fast and scalable wireless handoffs in support of mobile Internet
audio. Mobile Networks and Applications, 3(4), 351-363
Callegati, F., Cerroni, W., & Ramilli, M. (2009). Man-in-the-Middle Attack to the HTTPS Protocol. IEEE Security
& Privacy, 7(1), 78-81.
Chen, Z., Guo, S., Zheng, K., & Yang, Y. (2007, September). Modeling of man-in-the-middle attack in the wireless
networks. In Wireless Communications, Networking and Mobile Computing, 2007. WiCom 2007. International
Conference on(pp. 2255-2258). IEEE.
Chomsiri, T. (2008, November). Sniffing packets on LAN without ARP spoofing. In Third 2008 International
Conference on Convergence and Hybrid Information Technology (pp. 472-477). IEEE.
Chopra, A., & Kaufman, M. (2014). Man In the Middle (MITM) DNS Spoofing Explained.
Conti, M., Dragoni, N., & Lesyk, V. (2016). A survey of man in the middle attacks. IEEE Communications Surveys
& Tutorials, 18(3), 2027-2051
Conti, M., Dragoni, N., & Lesyk, V. (2016). A survey of man in the middle attacks. IEEE Communications Surveys
& Tutorials, 18(3), 2027-2051.
Demuth, T., & Leitner, A. (2005). ARP spoofing and poisoning: Traffic tricks. Linux magazine, 56, 26-31.
Desmedt, Y. (2011). Man-in-the-middle attack. In Encyclopedia of cryptography and security (pp. 759-759).
Springer, Boston,
Duan, Z., Yuan, X., & Chandrashekar, J. (2006, March). Constructing Inter-Domain Packet Filters to Control IP
Spoofing Based on BGP Updates. In INFOCOM.
Fatima, A. (2011). E-Banking Security Issues-Is There A Solution in Biometrics?. Journal of Internet Banking
and Commerce, 16(2), 1
A. Mallik et al. / International Journal of Data and Network Science 3 (2019) 89
Feher, B., Sidi, L., Shabtai, A., Puzis, R., & Marozas, L. (2018). WebRTC security measures and weaknesses. In-
ternational Journal of Internet Technology and Secured Transactions, 8(1), 78-102.
Fei, Y. Y., Meng, X. D., Gao, M., Wang, H., & Ma, Z. (2018). Quantum man-in-the-middle attack on the calibra-
tion process of quantum key distribution. Scientific reports, 8(1), 4283.
Fernàndez-València, R., Caubet, J., & Vila, A. (2018). Cryptography Working Group Introduction to Blockchain
Technology.
Firdous, G. S., & Kumar, R. S. (2018). SUPPORT DATA ACCESS ORGANIZE MECHANISM OF RELEASE
ENCRYPTION PRIVACY AND SECURITY PROTECTION. IJITR, 6(2), 7937-7939.
‘Flaw in Windows DNS client exposed millions of users to hacking’ (SC Mag. UK), News Article, 2017, Retrieved
from: https://www.scmagazineuk.com/flaw-in-windows-dns-client-exposed-millions-of-users-to-hacking/arti-
cle/699416/
Flores, M., Wenzel, A., Chen, K., & Kuzmanovic, A. (2018, March). Fury Route: Leveraging CDNs to Remotely
Measure Network Distance. In International Conference on Passive and Active Network Measurement (pp. 87-
99). Springer, Cham.
Ford, M. (2005, January). New internet security and privacy models enabled by ipv6. In Applications and the
Internet Workshops, 2005. Saint Workshops 2005. The 2005 Symposium on (pp. 2-5). IEEE.
Goodman, J. L., Maher, H. B., Komanduri, R., & Raj, R. K. (2018). U.S. Patent Application No. 15/211,272.
Gramegna, M., Berchera, I. R., Kueck, S., Porrovecchio, G., Chunnilall, C. J., Degiovanni, I. P., ... & Castagna,
N. (2018, May). European coordinated metrological effort for quantum cryptography. In Quantum Technolo-
gies 2018 (Vol. 10674, p. 106741K). International Society for Optics and Photonics.
Gunawan, D., Sitorus, E. H., Rahmat, R. F., & Hizriadi, A. (2018, March). SSL/TLS Vulnerability Detection Using
Black Box Approach. In Journal of Physics: Conference Series (Vol. 978, No. 1, p. 012121). IOP Publishing.
Hanna, D., Veeraraghavan, P., & Pardede, E. (2018). PrECast: An Efficient Crypto-Free Solution for Broadcast-
Based Attacks in IPv4 Networks. Electronics, 7(5), 65.
Hardin, N. V. (2018). UNCOVERING THE SECRECY OF STINGRAYS: What Every Practitioner Needs to
Know. Criminal Justice, 32(4), 20-24.
Hasan, S., Awais, M., & Shah, M. A. (2018, April). Full Disk Encryption: A Comparison on Data Management
Attributes. In Proceedings of the 2nd International Conference on Information System and Data Mining (pp.
39-43). ACM.
Hiltunen, M. A., Miluzzo, E., & Srivastava, A. (2017). U.S. Patent No. 9,818,315. Washington, DC: U.S. Patent
and Trademark Office.
Hossain, M. S., Paul, A., Islam, M. H., & Atiquzzaman, M. (2018). Survey of the Protection Mechanisms to the
SSL-based Session Hijacking Attacks. Network Protocols and Algorithms, 10(1), 83-108.
Howell, C., Statica, R., & Coppa, K. L. (2018). U.S. Patent No. 9,906,506. Washington, DC: U.S. Patent and
Trademark Office.
Huang, L. W., Hsu, H. L., & Kao, H. T. (2018). U.S. Patent No. 9,984,225. Washington, DC: U.S. Patent and
Trademark Office.
Huang, Y. L., Shen, C. Y., & Shieh, S. W. (2011). S-AKA: A provable and secure authentication key agreement
protocol for UMTS networks. IEEE Transactions on Vehicular Technology, 60(9), 4509-4519.
Hudaib, A. A. Z. (2014). Comprehensive Social Media Security Analysis & XKeyscore Espionage Technol-
ogy. International Journal of Computer Science and Security (IJCSS), 8(4), 97
Humphreys, T. E., Ledvina, B. M., Psiaki, M. L., O'Hanlon, B. W., & Kintner, P. M. (2008). Assessing the spoof-
ing threat: Development of a portable GPS civilian spoofer. In Radionavigation Laboratory Conference Pro-
ceedings.
Hwang, T., & Gope, P. (2014). Provably secure mutual authentication and key exchange scheme for expeditious
mobile communication through synchronously one-time secrets. Wireless personal communications, 77(1),
197-224.
Hypponen, K., & Haataja, K. M. (2007, September). “Nino” man-in-the-middle attack on bluetooth secure simple
pairing. In Internet, 2007. ICI 2007. 3rd IEEE/IFIP International Conference in Central Asia on (pp. 1-5).
IEEE.
Jadhao, M. M., Gothe, M. S., & Nimkarde, M. S. Specific Location Based Privacy protecting Access Control
System.
Joshi, Y., Das, D., & Saha, S. (2009, December). Mitigating man in the middle attack over secure sockets layer.
In Internet Multimedia Services Architecture and Applications (IMSAA), 2009 IEEE International Conference
on (pp. 1-5). IEEE.
90
Ju, H., & Han, J. (2007). DHCP message authentication with an effective key management. World Academy of
Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic
and Communication Engineering, 1(8), 1199-1202.Z.
Ju, Y. W., Song, K. H., Lee, E. J., & Shin, Y. T. (2007, February). Cache poisoning detection method for improving
security of recursive DNS. In Advanced Communication Technology, The 9th International Conference
on (Vol. 3, pp. 1961-1965). IEEE.
Kaminsky, D. (2008). Black ops 2008: It’s the end of the cache as we know it. Black Hat USA.
Karina, A., Avila-Pesántez, D., Vaca-Cárdenas, L., Arellano, A., & Mantilla, C. Towards a Security Model against
Denial of Service Attacks for SIP Traffic. World Academy of Science, Engineering and Technology, Interna-
tional Journal of Social, Behavioral, Educational, Economic, Business and Industrial Engineering, 12(1), 82-
87.
Khader, A. S., & Lai, D. (2015). Preventing man-in-the-middle attack in Diffie-Hellman key exchange protocol.
In 22nd International Conference on Telecommunications: ICT 2015(p. 204). Engineers Australia
Kish, L. B. (2006). Protection against the man-in-the-middle-attack for the Kirchhoff-loop-Johnson (-like)-noise
cipher and expansion by voltage-based security. Fluctuation and Noise Letters, 6(01), L57-L63.
Klink, J., & Little, H. (2018). U.S. Patent Application No. 15/332,057.
Komori, T., & Saito, T. (2002, November). The secure DHCP system with user authentication. In Local Computer
Networks, 2002. Proceedings. LCN 2002. 27th Annual IEEE Conference on (pp. 123-131). IEEE.
Kozaczuk, W. (1984). Enigma: How the German Machine Cipher was Broken, and How it was Read by the Allies
in World War Two (Foreign Intelligence Book Series). Lanham, MD: University Publications of America.
Kuo, E. C., Chang, M. S., & Kao, D. Y. (2018, February). User-side evil twin attack detection using time-delay
statistics of TCP connection termination. In Advanced Communication Technology (ICACT), 2018 20th Inter-
national Conference on(pp. 211-216). IEEE.
Kurose, J. F. (2005). Computer networking: A top-down approach featuring the internet, 3/E. Pearson Education
India.
Lan, P. C., Low, T. P., & Moon, J. (2018). U.S. Patent No. 9,876,655. Washington, DC: U.S. Patent and Trademark
Office.
Li, X., Li, S., Hao, J., Feng, Z., & An, B. (2017, February). Optimal Personalized Defense Strategy Against Man-
In-The-Middle Attack. In AAAI (pp. 593-599).
Li, Y., Eastlake 3rd, D., Dunbar, L., Perlman, R., & Umair, M. (2018). Transparent Interconnection of Lots of
Links (TRILL): ARP and Neighbor Discovery (ND) Optimization (No. RFC 8302).
Lindell, Y. (2018). The Security of Intel SGX for Key Protection and Data Privacy Applications.
MAHESWARI, D., KAUSHIKA, A., & JENIFER, A. A STUDY ON DATA ENCRYPTION AND DECRYP-
TION USING HILL CIPHER ALGORITHM.
Mallem, S., & Yahiaoui, C. (2018, March). A Secure, Green and Optimized Authentication and Key Agreement
Protocol for IMS Network. In World Conference on Information Systems and Technologies (pp. 1108-1118).
Springer, Cham.
Mallem, S., & Yahiaoui, C. (2018, March). A Secure, Green and Optimized Authentication and Key Agreement
Protocol for IMS Network. In World Conference on Information Systems and Technologies (pp. 1108-1118).
Springer, Cham.
‘MAN IN THE MIDDLE (MITM) ATTACK’ (Incapsula Co.), 2016, Retrieved from: https://www.incap-
sula.com/web-application-security/man-in-the-middle-mitm.html
‘Man-in-the-middle attack’ (Wikipedia), 2018, Retrieved from: https://en.wikipedia.org/wiki/Man-in-the-mid-
dle_attack
‘man-in-the-middle-attack” (Rapid Web Ser.), Blog Post, 2017, Retrieved from: https://www.thess-
lstore.com/blog/man-in-the-middle-attack/
‘man-in-the-middle-attack-mitm’ (Techpedia), 2018, Retrieved from: https://www.techopedia.com/defini-
tion/4018/man-in-the-middle-attack-mitm
‘man-middle-attack’ (CA Tech.), 2018, Retrieved from: https://www.veracode.com/security/man-middle-attack
Meyer, U., & Wetzel, S. (2004, October). A man-in-the-middle attack on UMTS. In Proceedings of the 3rd ACM
workshop on Wireless security (pp. 90-97). ACM
Mitseva, A., Panchenko, A., & Engel, T. (2018). The State of Affairs in BGP Security: A Survey of Attacks and
Defenses. Computer Communications.
Naqash, T., Ubaid, F. B., & Ishfaq, A. (2012, October). Protecting DNS from cache poisoning attack by using
secure proxy. In Emerging Technologies (ICET), 2012 International Conference on (pp. 1-5). IEEE.
A. Mallik et al. / International Journal of Data and Network Science 3 (2019) 91
Nath, U., Sharma, G., & Fletcher, W. (2018). U.S. Patent No. 9,992,192. Washington, DC: U.S. Patent and Trade-
mark Office.
Nayak, N., & Sharma, R. (2018). Designing security and Surveillance System Using GSM Technology. Journal
of Network Communications and Emerging Technologies (JNCET) www. jncet. org, 8(4).
Oh, M., Kim, Y. G., Hong, S., & Cha, S. (2012). ASA: agent-based secure ARP cache management. IET commu-
nications, 6(7), 685-693.
Oh, M., Kim, Y. G., Hong, S., & Cha, S. (2012). ASA: agent-based secure ARP cache management. IET commu-
nications, 6(7), 685-693.
Ornaghi, A., & Valleri, M. (2003). Man in the middle attacks. In Blackhat Conference
Ou, H. H., Hwang, M. S., & Jan, J. K. (2010). A cocktail protocol with the authentication and key agreement on
the UMTS. Journal of Systems and Software, 83(2), 316-325.
Ouafi, K., Overbeck, R., & Vaudenay, S. (2008, December). On the security of HB# against a man-in-the-middle
attack. In International Conference on the Theory and Application of Cryptology and Information Security (pp.
108-124). Springer, Berlin, Heidelberg.
Paik, M. (2010, February). Stragglers of the herd get eaten: security concerns for GSM mobile banking applica-
tions. In Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications (pp. 54-59).
ACM.
Pansa, D., & Chomsiri, T. (2008, November). Architecture and protocols for secure LAN by using a software-
level certificate and cancellation of ARP protocol. In Convergence and Hybrid Information Technology, 2008.
ICCIT'08. Third International Conference on (Vol. 2, pp. 21-26). IEEE
Parne, B. L., Gupta, S., & Chaudhari, N. S. (2018). ESAP: Efficient and secure authentication protocol for roaming
user in mobile communication networks. Sādhanā, 43(6), 89.
Philip, R. (2007). Securing wireless networks from ARP cache poisoning.
Preneel, B., & Vercauteren, F. Applied Cryptography and Network Security.
Rahim, R. (2017). Man-in-the-middle-attack prevention using interlock protocol method. ARPN J. Eng. Appl.
Sci, 12(22), 6483-6487.
Rupprecht, D., Dabrowski, A., Holz, T., Weippl, E., & Pöpper, C. (2018). On Security Research towards Future
Mobile Network Generations. IEEE Communications Surveys & Tutorials.
Saif, S., Gupta, R., & Biswas, S. (2018). Implementation of Cloud-Assisted Secure Data Transmission in WBAN
for Healthcare Monitoring. In Advanced Computational and Communication Paradigms (pp. 665-674).
Springer, Singapore.
Salim, H., Li, Z., Tu, H., & Guo, Z. (2012, October). Preventing ARP spoofing attacks through gratuitous decision
packet. In Distributed Computing and Applications to Business, Engineering & Science (DCABES), 2012 11th
International Symposium on (pp. 295-300). IEEE
SAMSUNG ELECTRONICS SUSTAINABILITY REPORT 2017 (https://images.samsung.com/is/content/sam-
sung/p5/global/ir/docs/Samsung_Electronics_Sustainability_Report_2017.pdf )
Saxena, N., & Chaudhari, N. S. (2014). Secure-AKA: An efficient AKA protocol for UMTS networks. Wireless
personal communications, 78(2), 1345-1373.
Saxena, N., & Chaudhari, N. S. (2014, March). NS-AKA: An improved and efficient AKA protocol for 3G
(UMTS) networks. In International conference on advances in computer science and electronics engineering
(CSEE’14), Kuala Lampur, Malaysia (pp. 220-224).
Schuckers, S. A. (2002). Spoofing and anti-spoofing measures. Information Security technical report, 7(4), 56-
62.Oh, Myeongjin, Y-G
Scott, L. (2001, March). Anti-spoofing & authenticated signal architectures for civil navigation systems. In Pro-
ceedings of the 16th International Technical Meeting of the Satellite Division of The Institute of Navigation
(ION GPS/GNSS 2003)(pp. 1543-1552).
Senie, D., & Ferguson, P. (1998). Network ingress filtering: Defeating denial of service attacks which employ IP
source address spoofing. Network.
Shulman, H. (2018). Implications of Vulnerable Internet Infrastructure. In Digital Marketplaces Unleashed (pp.
921-935). Springer, Berlin, Heidelberg.
Siergiejczyk, M., & Rosiński, A. (2018, July). Analysis of Information Transmission Security in the Digital Rail-
way Radio Communication System. In International Conference on Dependability and Complex Systems (pp.
420-429). Springer, Cham.
Sinor, D. (2018). U.S. Patent No. 9,965,645. Washington, DC: U.S. Patent and Trademark Office.
92
Sounthiraraj, D., Sahs, J., Greenwood, G., Lin, Z., & Khan, L. (2014). Smv-hunter: Large scale, automated detec-
tion of ssl/tls man-in-the-middle vulnerabilities in android apps. In In Proceedings of the 21st Annual Network
and Distributed System Security Symposium (NDSS’14.
Stiansen, T. (2018). U.S. Patent No. 9,923,914. Washington, DC: U.S. Patent and Trademark Office.
Stiansen, T., Perlstein, A., & Foss, S. (2018). U.S. Patent No. 9,942,250. Washington, DC: U.S. Patent and Trade-
mark Office.
Su, X., Wang, Z., Liu, X., Choi, C., & Choi, D. (2018). Study to Improve Security for IoT Smart Device Controller:
Drawbacks and Countermeasures. Security and Communication Networks, 2018.
Su, Z., Timmermans, W., Zeng, Y., Schulz, J., John, V. O., Roebeling, R. A., ... & Swinnen, E. (2018). An over-
view of European efforts in generating climate data records. Bulletin of the American Meteorological Soci-
ety, 99(2), 349-359.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud compu-
ting. Journal of network and computer applications, 34(1), 1-11
Sun, D. Z., Mu, Y., & Susilo, W. (2018). Man-in-the-middle attacks on Secure Simple Pairing in Bluetooth stand-
ard V5. 0 and its countermeasure. Personal and Ubiquitous Computing, 22(1), 55-67.
Trabelsi, Z., & El-Hajj, W. (2007, June). Preventing ARP attacks using a fuzzy-based stateful ARP cache. In Com-
munications, 2007. ICC'07. IEEE International Conference on (pp. 1355-1360). IEEE.
Truedsson, M., & Hjelm, V. (2018). Situation-aware Adaptive Cryptography.
Tung, Y. C., Shin, K. G., & Kim, K. H. (2016, July). Analog man-in-the-middle attack against link-based packet
source identification. In Proceedings of the 17th ACM International Symposium on Mobile Ad Hoc Networking
and Computing(pp. 331-340). ACM.
Usman, K., Richard, A. T., Moses, A. D., & Pius, U. T. (2018). A Novel Approach to Enhance the Security of
Keys Shared by Users in WLAN Environments Using 3DES Algorithm. International Journal of Advanced
Studies in Computers, Science and Engineering, 7(2), 1-7.
Valluri, M. R. (2018). Cryptanalysis of Xinyu et al.'s NTRU-lattice based key exchange protocol. Journal of In-
formation and Optimization Sciences, 39(2), 475-479.
Vidal, C., & Choo, K. K. R. (2018). Situational Crime Prevention and the Mitigation of Cloud Computing Threats.
In Security and Privacy in Communication Networks: SecureComm 2017 International Workshops, ATCS and
SePrIoT, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings 13 (pp. 218-233). Springer Interna-
tional Publishing.
Wallace, Brian Michael, and Jonathan Wesley Miller. "Endpoint-based man in the middle attack detection using
multiple types of detection tests." U.S. Patent 9,680,860, issued June 13, 2017.
Wang, X., Zhou, H., Su, J., Wang, B., Xing, Q., & Li, P. (2018). T-IP: A self-trustworthy and secure Internet
protocol. China Communications, 15(2), 1-14.
Weiser, S., Spreitzer, R., & Bodner, L. (2018, May). Single Trace Attack Against RSA Key Generation in Intel
SGX SSL. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (pp.
575-586). ACM.
‘What is a Man In The Middle attack?’ (Symantec Corp.), Norton Security Blog, 2018, Retrieved from:
https://us.norton.com/internetsecurity-wifi-what-is-a-man-in-the-middle-attack.html
‘What is UMTS?’ (Tech Target Web), Blog Post, 2018, Retrieved from: https://searchmobilecomputing.tech-
target.com/definition/UMTS
Xiang, L., Ng, D. W. K., Schober, R., & Wong, V. W. (2018). Cache-enabled physical layer security for video
streaming in backhaul-limited cellular networks. IEEE Transactions on Wireless Communications, 17(2), 736-
751.
Xie, M., May, R. A., Yang, J., & Marwah, K. (2016). U.S. Patent Application No. 14/882,769.
Zhang, D., Zhou, Y., & Zhang, Y. (2018). A Multi-Level Cache Framework for Remote Resource Access in
Transparent Computing. IEEE Network, 32(1), 140-145.
© 2019 by the authors; licensee Growing Science, Canada. This is an open access article
distributed under the terms and conditions of the Creative Commons Attribution (CC-
BY) license (http://creativecommons.org/licenses/by/4.0/).
... komputer adalah Distributed Denial of Service (DDoS), Sniffing, Spoofing, dan Man In The Middle Attack [1]. Man in the Middle Attack adalah jenis serangan siber di mana pihak ketiga memasuki korespondensi online antara dua pengguna [2]. Dengan cara ini penyerang mampu mengendus data frame dan melakukan modifikasi traffic (ARP poisoning) [3]. ...
Network Forensic: Analysis of Client Attack and Quality of Service Measurement by ARP Poisoning using Network Forensic Generic Process (NFGP) Model
Article
  • Mar 2024
In computer network, communication from one computer to another computer can be intercepted, the way to intercept communication between network devices is with Address Resolution Protocol Poisoning attack. This attack can steal data such as usernames and passwords, modify traffic, and stop the traffic itself. This research implements the Network Forensic Generic Process model as a reference in Network Forensics practice. Apart from that, this research also measures quality of service to compare parameters before the attack and when the attack occurred. The tools used in this research are Wireshark, XArp, and Snort. This research succeeded in obtaining authentic information from the evidence obtained. The results of quality of service measurements showed that the quality of service parameters changed when the attack occurred. This research can be a reference in improving network security by better understanding the threats that may be encountered and providing valuable insight for future security prevention and response efforts.
View
... The upper layer of the OSI model also faces security threats. In some cases, adversaries use various tools to launch attacks, such as Man-in-the-Middle (MitM), which intercepts the legal conversation and modifies it with his malicious message or accesses encrypted data to extract sensitive information [44]. Most of the time, denial of service attacks also occur via the communication phase, where the adversary's access to legal conversation is altered with their own information to participate in communication as a legal client for communication disruption with the server [45,46]. ...
Comprehensive framework for implementing blockchain-enabled federated learning and full homomorphic encryption for chatbot security system
Article
Full-text available
  • May 2024
  • CLUSTER COMPUT
Chatbot is an artificial intelligence application that can provide a conversational environment between humans and machines. Most organizations and industries are willing to lay out their services through chatbots because they can provide 24/7 customer support. Meanwhile, it raises security and privacy challenges like access control, data leakage during transmission, SQL injection attacks, and language model attacks, which make the users concerned about their data, performance, and accuracy. Therefore, this research paper proposes a comprehensive framework integrating blockchain, federated learning, and a fully homomorphic encryption algorithm with face recognition to solve the above-mentioned chatbot’s challenges. The experimental result shows that a distributed system improves chatbot accuracy (90%) and that more transactions in less time with more clients do not affect the performance. In contrast, more iterations and clients will decrease the accuracy, performance, and transactions in a centralized system. In addition, fully homomorphic encryption improves and speeds up the data encryption process. It encrypted more data (1792 MB) in a small amount of 1240 times per second, and conversations and transactions can be transferred via a secure network to ensure the confidentiality, integrity, and authenticity of users’ data. The implementation of such a comprehensive framework in real-life situations can improve chatbot security when it actively works as a customer agent in an organization.
View
... This attack is usually carried out using address resolution protocol (ARP) security vulnerabilities. ARP is a protocol that helps match an IP address with the device's MAC address in the local network [37]. ...
A novel approach detection for IIoT attacks via artificial intelligence
Article
Full-text available
  • May 2024
  • CLUSTER COMPUT
The Industrial Internet of Things (IIoT) is a paradigm that enables the integration of cyber-physical systems in critical infrastructures, such as power grids, water distribution networks, and transportation systems. IIoT devices, such as sensors, actuators, and controllers, can provide various benefits, such as performance optimization, efficiency improvement, and remote management. However, these devices also pose new security risks and challenges, as they can be targeted by malicious actors to disrupt the normal operation of the infrastructures they are connected to or to cause physical damage or harm. Therefore, it is essential to develop effective and intelligent solutions to detect and prevent attacks on IIoT devices and to ensure the security and resilience of critical infrastructures. In this paper, we present a comprehensive analysis of the types and impacts of attacks on IIoT devices based on a literature review and a data analysis of real-world incidents. We classify the attacks into four categories: denial-of-service, data manipulation, device hijacking, and physical tampering. We also discuss the potential consequences of these attacks on the safety, reliability, and availability of critical infrastructures. We then propose an expert system that can detect and prevent attacks on IIoT devices using artificial intelligence techniques, such as rule-based reasoning, anomaly detection, and reinforcement learning. We describe the architecture and implementation of our system, which consists of three main components: a data collector, a data analyzer, and a data actuator. We also present a table that summarizes the main features and capabilities of our system compared to existing solutions. We evaluate the performance and effectiveness of our system on a testbed consisting of programmable logic controllers (PLCs) and IIoT protocols, such as Modbus and MQTT. We simulate various attacks on IIoT devices and measure the accuracy, latency, and overhead of our system. Our results show that our system can successfully detect and mitigate different types of attacks on IIoT devices with high accuracy and low latency and overhead. We also demonstrate that our system can enhance the security and resilience of critical infrastructures by preventing or minimizing the impacts of attacks on IIoT devices.
View
... Although encryption protocols such as SSL and TLS secure the communication channel, they are not entirely infallible [40]- [42]. For instance, Man-in-the-Middle (MITM) [43] attacks can still occur due to various factors, such as protocol misconfiguration, compromised certificate authorities, SSL stripping, and social engineering. As a result of a successful MITM attack, an attacker can intercept, alter, and capture the data between two communicating parties. ...
DP Patch: ROI-Based Approach of Privacy-Preserving Image Processing With Robust Classification
Article
Full-text available
  • Jan 2024
As machine and deep learning spread across diverse aspects of our society, the concerns about the privacy of the data are getting stronger, particularly in scenarios where sensitive information could be exposed as a result of various privacy attacks. This paper introduces a novel framework, DP Patch, aimed at addressing these privacy concerns in image data by considering sensitive objects that could be located within the image rather than considering the entire image as sensitive. DP Patch involves a multi-step pipeline, which consists of differential privacy image denoising and ROI-based sensitive object localization, followed by incorporating DP noise patches to obscure sensitive content. This process yields privacy-preserving images with enhanced utility compared to DP images. Furthermore, a custom model is presented that harnesses privacy-preserving and differentially private images to enrich feature representation and compensate for potential information loss, explicitly excluding the noisy patch from the training process. Experimental evaluations are conducted to assess the quality of the generated privacy-preserving images and to compare the performance of the custom model against state-of-the-art counterparts. Additionally, the proposed method undergoes evaluation under model inversion attacks, providing practical insights into its effectiveness.
View
... However, accessing a revocation method remotely can cause privacy concerns due to transferring data to a third party. Further, security threats such as man-in-the-middle attacks [MAST19] can be performed to manipulate the revocation status verification. Therefore, this approach is not recommended due to security, privacy, and trustworthiness concerns. ...
URS : a universal revocation service for applying in self-sovereign identity
Thesis
Full-text available
  • May 2023
Self-sovereign identity (SSI) systems use verifiable credentials (VC) to represent digital identity data. A revocation mechanism is required to ensure the validity of these data. Cryptographic accumulators, compressed lists, and smart contracts deployed on a distributed ledger are among the revocation mechanisms developed so far. However, each revocation method requires different data for issuing, verifying, and revoking credentials based on the underlying architecture. There is no generic mechanism for invoking different revocation methods using a single interface during VC issuance, revocation, and verification. This thesis investigates various revocation mechanisms and proposes the Universal Revocation Service (URS), which offers a generalized interface to support different revocation mechanisms. The benefit of having such a URS is that the service provider, VC issuer, or user can verify the revocation status of credentials without worrying about the individual revocation mechanism. Utilization of the URS is visible while issuing, revoking, and verifying credentials. Furthermore, the thesis analyzes the privacy-preserving levels of different revocation mechanisms. Finally, the thesis proposes an architecture for a new revocation method with enhanced privacy preservation using the knowledge from the previous analysis.
View
... IoT devices frequently communicate with each other and with central servers. Attackers can intercept and manipulate this communication using MitM attacks [1]. By eavesdropping on data exchanges, attackers can steal sensitive information or inject malicious commands, potentially leading to device compromise or unauthorized actions. ...
Detecting and Mitigating MitM Attack on IoT Devices Using SDN
Chapter
Full-text available
  • Apr 2024
The Software-Defined Network (SDN) is an innovative network architecture designed to offer enhanced flexibility and operational simplicity in network management through a centralized controller. While these qualities empower SDN AQ1 to effectively address evolving network demands, they also expose security vulnerability. Given its centralized structure, SDN becomes susceptible to cyber attacks, particularly those targeting internet of things (IoT) devices. These attacks aim to target IoT devices and can lead to congestion and disruption. In this study, we introduce an Intrusion Detection and Prevention System (IDPS) framework based on SDN to detect Man-in-the-Middle (MitM) Attacks by decodes network packets , extracting ARP headers with source and destination Internet Protocol (IP) and Media Access Control (MAC) addresses, monitors Address Resolution Protocol (ARP) packet counts during flood attacks and add flow table to block attackers if the count exceeds a threshold. The research covers simulation outcomes as well as AQ2 the implementation of a practical SDN model for applying our methodology. The results highlight the model's ability to rapidly and accurately detect MitM attacks targeting IoT devices and mitigate it in real time.
View
View
View
View
A multi-level random key cryptosystem based on DNA encoding and state-changing mealy machine
Article
  • Apr 2024
Cryptography allows our data to be transmitted without giving sensitive information away. This is the art of hiding the information from the malicious third party and making the data accessible to only the sender and the receiver. Building a complex cryptosystem has always been a challenge that can provide relentless security and is infeasible to break. This paper discusses a hybrid cryptosystem that is inspired by the concepts of DNA cryptography and it is further strengthened using multiple components. A random key is used which is generated using the run test of randomness, different DNA encoding combinations, and a state-changing random state mealy machine is used for further strengthening the security. This paper provides a detailed discussion regarding every component the authors used to build the system and also discusses about the vulnerabilities that they found in the existing works with also an overview on how they have addressed them. This paper also discusses the effectiveness and the performance of the proposed system to give an overview of its security measures and also provides some comparative analysis with existing works to back the claim on improved security features.
View
Study to Improve Security for IoT Smart Device Controller: Drawbacks and Countermeasures
Article
Full-text available
  • May 2018
Including mobile environment, conventional security mechanisms have been adapted to satisfy the needs of users. However, the device environment-IoT-based number of connected devices is quite different to the previous traditional desktop PC- or mobile-based environment. Based on the IoT, different kinds of smart and mobile devices are fully connected automatically via device controller, such as smartphone. Therefore, controller must be secure compared to conventional security mechanism. According to the existing security threats, these are quite different from the previous ones. Thus, the countermeasures applied should be changed. However, the smart device-based authentication techniques that have been proposed to date are not adequate in terms of usability and security. From the viewpoint of usability, the environment is based on mobility, and thus devices are designed and developed to enhance their owners’ efficiency. Thus, in all applications, there is a need to consider usability, even when the application is a security mechanism. Typically, mobility is emphasized over security. However, considering that the major characteristic of a device controller is deeply related to its owner’s private information, a security technique that is robust to all kinds of attacks is mandatory. In this paper, we focus on security. First, in terms of security achievement, we investigate and categorize conventional attacks and emerging issues and then analyze conventional and existing countermeasures, respectively. Finally, as countermeasure concepts, we propose several representative methods.
View
PrECast: An Efficient Crypto-Free Solution for Broadcast-Based Attacks in IPv4 Networks
Article
Full-text available
  • May 2018
Broadcasting is one of the essential features in the Internet Protocol Ver 4 (IPv4). Attackers often exploit this feature of the IP protocol to launch several attacks against a network or an individual host. Attackers may either be a part of a Local Area Network (LAN) or outside a LAN to launch these attacks. There are numerous papers available in the literature to solve problems resulting from IP broadcasting. However, all these solutions target a specific problem that results from IP broadcasting. Furthermore, these solutions use either a computationally-intensive cryptographic scheme, the a priori relation between the host and the network or a modified protocol stack at every host. In this paper, we provide a seamless and transparent solution to eliminate IP broadcasting and thus eliminate all problems related to IP broadcasting. Our proposed solution is crypto-free and does not need any modification to the protocol stack.
View
Optimal Personalized Defense Strategy Against Man-In-The-Middle Attack
Article
  • Feb 2017
The Man-In-The-Middle (MITM) attack is one of the most common attacks employed in the network hacking. MITM attackers can successfully invoke attacks such as denial of service (DoS) and port stealing, and lead to surprisingly harmful consequences for users in terms of both financial loss and security issues. The conventional defense approaches mainly consider how to detect and eliminate those attacks or how to prevent those attacks from being launched in the first place. This paper proposes a game-theoretic defense strategy from a different perspective, which aims at minimizing the loss that the whole system sustains given that the MITM attacks are inevitable. We model the interaction between the attacker and the defender as a Stackelberg security game and adopt the Strong Stackelberg Equilibrium (SSE) as the defender's strategy. Since the defender's strategy space is infinite in our model, we employ a novel method to reduce the searching space of computing the optimal defense strategy. Finally, we empirically evaluate our optimal defense strategy by comparing it with non-strategic defense strategies. The results indicate that our game-theoretic defense strategy significantly outperforms other non-strategic defense strategies in terms of decreasing the total losses against MITM attacks.
View
Full Disk Encryption: A Comparison on Data Management Attributes
Conference Paper
  • Apr 2018
It is important to secure personally identifiable and confidential information stored on portable devices such as laptops, and smartphones. Data is more appealing for thieves than the hardware itself. Encryption is the paramount protection measure to secure the confidential data. Full disk encryption (FDE) is a technique used when there is need to encrypt the hole hard drive. There are different tools available which can perform the FDE through software or hardware. This paper investigates different issues of FDE and its impact on system's performance. An insight of FDE on different data presentation issues, security attacks, performance degradation, key management, energy consumption and cost effectiveness form part of this paper. With this comparison, an easy and concise view of the different performance enhancement attributes for the FDE is provided.
View
ESAP: Efficient and secure authentication protocol for roaming user in mobile communication networks
Article
  • Jun 2018
The Global System for Mobile communication (GSM) network is proposed to mitigate the security problems and vulnerabilities observed in the mobile telecommunication system. However, the GSM network is vulnerable to different kinds of attacks such as redirection attack, impersonation attack and Man in-the Middle (MiTM) attack. The possibility of these attacks makes the wireless mobile system vulnerable to fraudulent access and eavesdropping. Different authentication protocols of GSM were proposed to overcome the drawbacks but many of them lead to network signalling overload and increases the call set-up time. In this paper, an efficient and secure authentication and key agreement protocol (ESAP-AKA) is proposed to overcome the flaws of existing authentication protocol for roaming users in the GSM network. The formal verification of the proposed protocol is presented by BAN logic and the security analysis is shown using the AVISPA tool. The security analysis shows that the proposed protocol avoids the different possible attacks on the communication network. The performance analysis based on the fluid flow mobility model shows that the proposed protocol reduces the communication overhead of the network by reducing a number of messages. On an average, the protocol reduces 60% of network signalling congestion overhead as compared with other existing GSM-AKA protocols. Moreover, the protocol not only removes the drawbacks of existing protocols but also accomplishes the needs of roaming users.
View
View
View
View
The State of Affairs in BGP Security: A Survey of Attacks and Defenses
Article
  • Apr 2018
  • COMPUT COMMUN
The Border Gateway Protocol (BGP) is the de facto standard interdomain routing protocol. Despite its critical role on the Internet, it does not provide any security guarantees. In response to this, a large amount of research has proposed a wide variety BGP security extensions and detection-recovery systems in recent decades. Nevertheless, BGP remains vulnerable to many types of attack. In this work, we conduct an up-to-date review of fundamental BGP threats and present a methodology for evaluation of existing BGP security proposals. Based on this, we introduce a comprehensive and up-to-date survey of proposals intended to make BGP secure and methods for detection and mitigation of routing instabilities. Last but not least, we identify gaps in research, and pinpoint open issues and unsolved challenges.
View
View