International Journal of Recent Advancement in Engineering & Research

Volume 1, Issue 1; December -2015

MAN-IN-THE-MIDDLE ATTACK
Rakesh Rana1, Kisansing Darbar2
Student, Gujarat technological University
Abstract:Now a days MITMA is very harmful for the user of internet. This paper is describe the
different effect of MITMA. We also discuss about various method from prevention of MITMA.
Abbreviated as MITMA, a man-in-the-middle attack is an attack where a user gets between the
sender and receiver of information and sniffs any information being sent. In some cases, users may
be sending unencrypted data, which means the man-in-the-middle (MITM) can obtain any
unencrypted information. In other cases, a user may be able to obtain information from the attack,
but have to unencrypt the information before it can be read. In the picture below is an example of
how a man-in-the-middle attack works. The attacker intercepts some or all traffic coming from the
computer, collects the data, and then forwards it to the destination the user was originally intending
to visit
I. INTRODUCATION
.In cryptography and computer
security,
a man-in-the-middle
attack (often
abbreviated
to MITM, MitM, MIM, MiM attack or MITMA) is an attack where the attacker secretly relays and
possibly alters the communication between two parties who believe they are directly communicating
with each other. Man-in-the-middle attacks can be thought about through a chess analogy. Mallory,
who barely knows how to play chess, claims that she can play two grandmasters simultaneously and
either win one game or draw both. She waits for the first grandmaster to make a move and then
makes this same move against the second grandmaster. When the second grandmaster responds,
Mallory makes the same play against the first. She plays the entire game this way and cannot lose. A
man-in-the-middle attack is a similar strategy and can be used against many cryptographic
protocols.[1] One example of man-in-the-middle attacks is active eavesdropping, in which the
attacker makes independent connections with the victims and relays messages between them to make
them believe they are talking directly to each other over a private connection, when in fact the entire
conversation is controlled by the attacker. The attacker must be able to intercept all relevant
messages passing between the two victims and inject new ones. This is straightforward in many
circumstances; for example, an attacker within reception range of an unencrypted Wi-Fi wireless
access point, can insert himself as a man-in-the-middle.[2]
As an attack that aims at circumventing mutual authentication, or lack thereof, a man-in-the-middle
attack can succeed only when the attacker can impersonate each endpoint to their satisfaction as
expected from the legitimate other end. Most cryptographic protocols include some form of
endpoint authentication specifically to prevent MITM attacks. For example, TLS can authenticate
one or both parties using a mutually trusted certificate authority.[3]
1,2

International Journal of Recent Advancement in Engineering & Research

Volume 1, Issue 1; December -2015

Figure 1: Describing Different Scenarios

There are multiple types of attack which are possible on the data when the data is being transferred
over the network from one machine to another. One such attack is called Man-In-The-Middle.
What is it and what are the different types? (Other type of attacks may be IP Spoofing,
eavesdropping etc.)
II. EXISTING SOLUTION
A man-in-the-middle attack occurs when someone is actively monitoring, capturing, and controlling
the communication between two computers transparently (without the knowledge of sender or
receiver). For example, the attacker can modify the data, replay it, or just listen to it.[1]
When computers are communicating at low levels of the network layer, the computers might not be
able to determine with whom they are exchanging data.
Man-in-the-middle attacks are like someone assuming your identity in order to read your message.
The person on the other end might believe it is you because the attacker might be actively replying as
you to keep the exchange going and gain more information.

International Journal of Recent Advancement in Engineering & Research

Volume 1, Issue 1; December -2015

III.

EFFECTS OF MAN-IN-MIDDLE ATTACK

So the Man-In-The-Middle may be

Interception: Just listening to your communication. Imagine someone listening to the National
secrets.
Interruption: Receiving the messages and disallowing the receiver to receive them. The sender will
believe, that the receiver has received the message but the receiver has not received it. Suppose you
want to fire a missile, but the missile software is not receiving your commands, and worst is that you
think missile is fired
Modification: The middle man receives the message, modifies it and then send to the actual
receiver. Imagine if the target of missile is changed to your country itself :))
Replay: The middle man may receive your data.. and then keep sending it to the receiver (The
receiver will think you have send the data again).. More missiles getting fired then you ordered
Fabrication: The middle man will just fabricate a new message and will send it to the receiver. The
receiver will believe that the message came from the sender. Now the last one, Imagine Missile being
fired to your friendly nations
IV. HOW TO SAVE AGAINST ATTACKS
In practice, ARP spoofing is difficult to prevent with the conventional security tools that come with
your PC or Mac. However, you can make it difficult for people to view your network traffic by using
encrypted network connections provided by HTTPS or VPN (virtual private network) technology.
HTTPS uses the secure sockets layer (SSL) capability in your browser to mask your web-based
network traffic from prying eyes. VPN client software works in a similar fashion some VPNs also
use SSL but you must connect to a VPN access point like your company network, if it supports

International Journal of Recent Advancement in Engineering & Research

Volume 1, Issue 1; December -2015

VPN. To decrypt HTTPS and VPN, a man-in-the-middle attacker would have to obtain the keys used
to encrypt the network traffic which is difficult, but not impossible to do
.
When communicating over HTTPS, your web browser uses certificates to verify the identity of the
servers you are connecting to. These certificates are verified by reputable third party authority
companies like VeriSign.
If your browser does not recognize the authority of the certificate sent from a particular server, it will
display a message indicating that the servers certificate is not trusted, which means it may be
coming from a man-in-the-middle-attacker. In this situation you should not proceed with the HTTPS
session, unless you already know that the server can be trusted like when you or the company you
work for set up the server for employees only.
Method 1. VPN
The most common used for a secure connection is Virtual Private Network (VPN). A VPN extends a
private network across a

public network, e.g., the Internet. It enables a computer to send andreceive data across shared or
public networks as if it were directly connected to the private network, while benefiting from the
functionality, security and management policies of the private network. A VPN is created by
establishing a virtual point-to-point connection through the use of dedicated connections, virtual
tunneling protocols or traffic encryptions, such as PPTP (Point-to-point Tunneling Protocal) or
Internet Protocol Security (IPSec).
To take the advantage of VPN, you should have a remote VPN server set up & configured, you can
do it yourself or just employ some reliable VPN service such as HideMyAss, and once have it, you
can follow the steps below to establish a safe point-to-point connection with it. All data transmission
is encrypted so that even if being intercepted, the attacker will have no idea about the content of the
traffic.
Method 2. Proxy Server with Data Encryption
The 2nd technique is utilizing a reliable proxy server and encrypt the transmission between you and
the proxy. Some privacy software like Hide My IP provides proxy servers and option of encryption.
Method 3. Secure Shell Tunneling
The 3rd trick is to make use of Secure Shell(SSH), which is a network protocol for
remoteadministration of UNIX/LINUX hosts. SSH is typically used to log into a remote machine and
execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; A
Secure Shell (SSH) tunnel consists of an encrypted tunnel created through an SSH protocol
connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an
encrypted channel.

International Journal of Recent Advancement in Engineering & Research

Volume 1, Issue 1; December -2015

REFERENCES
1. http://www.computerhope.com/jargon/m/mitma.htm
2. https://en.wikipedia.org/wiki/Man-in-the-middle_attack
3. http://destroyadware.com/articles/security/3-effective-ways-defend-man-middle-attack-mitm/