Countering MitM Attacks Using Evolved PathFinder Algorithm

Countering MitM Attacks Using Evolved PathFinder Algorithm

Mouhcine Chliah (Mohammed V University in Rabat, Faculty of Sciences, Rabat, Morocco), Ghizlane Orhanou (Mohammed V University in Rabat, Faculty of Sciences, Rabat, Morocco) and Said El Hajji (Mohammed V University in Rabat, Faculty of Sciences, Rabat, Morocco)
Copyright: © 2017 |Pages: 21
DOI: 10.4018/IJCAC.2017040104

Abstract

In this paper, we focus on attacks based on sniffing like MitM, and how to counter them from the network layer perspective. We've already developed an algorithm called pathfinder that allows us to forward segments from same packets via different paths. Doing so, we'll ensure that an attacker will not be able to get hands on the entire message being transmitted. So, in this paper, we'll start by recalling the first version of pathfinder algorithm, followed by an introduction to the newest release that allows us to handle hundreds of nodes in the same network, finally we'll put this algorithm under test by simulating a sniffing attack with Wireshark. The simulation proves, in addition to its efficiency to handle a great number of nodes, that this new way of routing will help facing a lot of attacks based on sniffing, and other type of attacks like DoS.
Article Preview
Top

Introduction

One of the most prevalent network attacks used against individuals and large organizations alike are man-in-the-middle (MITM) attacks. Considered an active eavesdropping attack, MITM works by establishing connections to victim machines and relaying messages between them. In cases like these, one victim believes it is communicating directly with another victim, when in reality the communication flows through the host performing the attack. The end result is that the attacking host can not only intercept sensitive data, but can also inject and manipulate a data stream to gain further control of its victims (Nath Nayak & Ghosh Samaddar, 2010).

MiTM attacks pose a serious threat to online security, because they give the attacker the ability to capture and manipulate sensitive information in real-time. The attack is a type of eavesdropping in which the entire conversation is controlled by the attacker. Sometimes referred to as a session hijacking attack (Nath Nayak & Ghosh Samaddar, 2010), MiTM has a strong chance of success when the attacker can impersonate each party to the satisfaction of the other. A man in the middle attack happens in both wired and wireless networks (Hwang, Jung, Sohn, & Park, 2008).

A common method of executing a MiTM attack involves distributing malware that provides the attacker with access to a user’s Web browser and the data it sends and receives during transactions and conversations. Once the attacker has control, he can redirect users to a fake site that looks like the site the user is expecting to reach. The attacker can then create a connection to the real site and act as a proxy in order to read, insert and modify the traffic between the user and the legitimate site. Online banking and e-commerce sites are frequently the target of MITM attacks so that the attacker can capture login credentials and other sensitive data (Aljawarneh, 2011; Aljawarneh, 2016).

Most cryptographic protocols include some formes of endpoint authentication specifically to prevent MITM attacks. For example, the Transport Layer Security (TLS) (Dierks & Allen, 1999) protocol can be required to authenticate one or both parties using a mutually trusted certification authority. Unless users take heed of warnings when a suspect certificate is presented, however, a MITM attack can still be carried out with fake or forged certificates as demonstrated by (Clark & van Oorschot, 2013).

An attacker can also exploit vulnerabilities in a wireless router’s security configuration caused by weak or default passwords. For example, a malicious router, also called an evil twin (Nikbakhsh, Manaf, Zamani, & Janbeglou, 2012), can be setup in a public place like a café or hotel to intercept information traveling through the router. Other ways that attackers often carry out man-in-the-middle attacks include Address Resolution Protocol (ARP) spoofing (Jinhua & Kejian, 2013), domain name system (DNS) spoofing (Yu, Chen, & Xu, 2011), Spanning Tree Protocol (STP) mangling (Lai, Pan, Liu, Chen, & Zhou, 2014), port stealing (Nath Nayak & Ghosh Samaddar, 2010), Dynamic Host Configuration Protocol (DHCP) spoofing (Duangphasuk, Kungpisdan, & Hankla, 2011), and Internet Control Message Protocol (ICMP) redirection (Arote & Arya, 2015).

In order to face MitM, the researchers need to define two important stages at this point, detection and prevention ((Aljawarneh, 2011; Aljawarneh, 2016).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2020): 1 Released, 3 Forthcoming
Volume 9: 4 Issues (2019)
Volume 8: 4 Issues (2018)
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing