Menu
If we consider Man In the Middle Attack; Can such an attack occur if symmetric keys are used?
365
asked May 11 '09 00:05
A man-in-the-middle (MiTM) attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. The attack is a type of eavesdropping in which the attacker intercepts and then controls the entire conversation.
One of the best practices for network security is to use a VPN (virtual private network) when connecting online. A VPN encrypts the data you send online. This encryption stops the MITM attack from infiltrating your network traffic.
Each unit of DES cipher needs multiple key for encryption which enhance the size of the key (112 bit) creating it more secure. But in the double DES can be destroyed by known plaintext attack known as meet-in-themiddle attack.
Sure. All you need to do is intercept the key exchange. Then you can pass on your own (fake) key to the other end. You intercept the messages using the key you obtained fraudulently and re-encrypt with your fake key and pass on to the other end.
155
The trick is to agree on the symmetric key in the first place. Man-in-the-middle attacks usually occur during the key exchange phase (making you agree on the key with the middle-man instead of your real partner).
So what usually happens (in web browsers' SSL sessions) is that you use asymmetric cryptography to exchange the symmetric key. However, that depends on your partner's public key really belonging to who you think it does. Usually, you take Verisign's or (some other CA's) word for that.
At some point, a secure and authenticated key exchange has to have taken place.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
