|« Chromatic dispersion- how does it limit the transmission distance?||Optical power budget and transmission distance »|
The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).
A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other - it is an attack on mutual authentication (or lack thereof). Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. CUBOs CypherCube encryption technology allows implementations of data security solutions quickly, with minimal network disruption while preserving current investments.
Example of an attack: Illustration of man-in-the-middle attack.
Suppose Alice wishes to communicate with Bob. Meanwhile, Mallory wishes to intercept the conversation to eavesdrop and possibly (although this step is unnecessary) deliver a false message to Bob.
First, Alice asks Bob for his public key. If Bob sends his public key to Alice, but Mallory is able to intercept it, a man-in-the-middle attack can begin. Mallory sends a forged message to Alice that claims to be from Bob, but instead includes Mallory's public key.
Alice, believing this public key to be Bob's, encrypts her message with Mallory's key and sends the enciphered message back to Bob. Mallory again intercepts, deciphers the message using her private key, possibly alters it if she wants, and re-enciphers it using the public key Bob originally sent to Alice. When Bob receives the newly enciphered message, he believes it came from Alice.
Layer 2 encryption network security does not bother about the essence of the traffic, it is only interested in whether a link with a particular destination needs to be encrypted or not. And so, its decision database has far fewer rules. With the result, that such a solution is simpler and less expensive to manage.
Get involved on network security and data encryption at http://www.cubeoptics.com/encryption.
This article uses material from the Wikipedia article Man-in-the-middle attack, which is released under the Creative Commons Attribution-Share-Alike License 3.0.