在线保护我们的数据绝非易事,尤其是现在攻击者经常发明一些新技术和漏洞来窃取您的数据。有时他们的攻击不会对个人用户造成如此大的伤害。但是对一些流行网站或金融数据库的大规模攻击可能非常危险。在大多数情况下,攻击者首先会尝试将一些恶意软件推送到用户的机器上。然而,有时这种技术并不奏效。
图片来源:卡巴斯基。
什么是中间人攻击
一种流行的方法是 中间人攻击(Man-In-The-Middle attack)。它也被称为 桶旅攻击(bucket brigade attack),或者有时 在密码学中被称为Janus 攻击。(Janus attack)顾名思义,攻击者将自己置于两方之间,使他们相信他们通过私人连接直接相互交谈,而实际上整个对话都由攻击者控制。
只有当攻击者在两方之间形成相互认证时,中间人攻击才能成功。大多数加密协议总是提供某种形式的端点身份验证,专门用于阻止对用户的MITM攻击。安全套接字层 (SSL)(Secure Sockets Layer (SSL))协议始终用于使用相互信任的证书颁发机构对一方或双方进行身份验证。
这个怎么运作
假设这个故事中有三个角色:Mike、Rob和Alex。Mike想与Rob交流。与此同时,Alex (攻击者)阻止谈话窃听并代表Mike与Rob进行虚假谈话。首先(First),Mike向Rob 索要(Rob)他的公钥。如果Rob将他的密钥提供给Mike,Alex拦截,这就是“中间人攻击”的开始。然后亚历克斯向(Alex)迈克(Mike)发送了一条伪造的消息声称来自Rob但包括Alex的公钥。Mike很容易相信收到的密钥确实属于Rob,但事实并非如此。Mike用(Mike)Alex的密钥无辜地加密了他的消息,并将转换后的消息发送回Rob。
在最常见的MITM攻击中,攻击者大多使用WiFi路由器来拦截用户的通信。这种技术可以通过利用带有一些恶意程序的路由器来拦截用户在路由器上的会话来实现。在这里,攻击者首先将他的笔记本电脑配置为WiFi热点,选择公共区域常用的名称,例如机场或咖啡店。一旦用户连接到该恶意路由器以访问在线银行站点或商业站点等网站,攻击者就会记录用户的凭据以供以后使用。
中间人攻击预防和工具
大多数针对MITM的有效防御措施只能在路由器或服务器端找到。您将无法对交易的安全性进行任何专门的控制。相反,您可以在客户端和服务器之间使用强加密。在这种情况下,服务器通过提供数字证书来验证客户端的请求,然后可以建立唯一的连接。
防止此类MITM攻击的另一种方法是,永远不要直接连接到开放的WiFi路由器。如果您愿意,可以使用HTTPS Everywhere或ForceTLS等浏览器插件。只要选项可用,这些插件将帮助您建立安全连接。
阅读下一篇(Read next):什么是浏览器中的人攻击(Man-in-the-Browser attacks)?
What is Man-In-The-Middle Attack (MITM): Definition, Prevention, Tools
Protecting our data online is never going to be an easy task, еspecially nowadays when attackers are regularly inventing some new techniques and exploits to steal your data. Sometimеs their attacks will not be so harmful to individual users. But large-scale attacks on some popular websites or financial databases could be highlу dangerous. In most cases, the attackers firѕt try to push sоme malware on to user’s machine. Sometimes this technique doesn’t work out, however.
Image source: Kaspersky.
What is Man-In-The-Middle Attack
A popular method is Man-In-The-Middle attack. It is also known as a bucket brigade attack, or sometimes Janus attack in cryptography. As its name suggests, the attacker keeps himself/herself between two parties, making them believe that they are talking directly to each other over a private connection, when actually the entire conversation is being controlled by the attacker.
A man-in-the-middle attack can be successful only when the attacker forms a mutual authentication between two parties. Most cryptographic protocols always provide some form of endpoint authentication, specifically to block MITM attacks on users. Secure Sockets Layer (SSL) protocol is always being used to authenticate one or both parties using a mutually trusted certification authority.
How it works
Let’s say there are three characters in this story: Mike, Rob, and Alex. Mike wants to communicate with Rob. Meanwhile, Alex (attacker) inhibits the conversation to eavesdrop and carries on a false conversation with Rob, behalf on Mike. First, Mike asks Rob for his public key. If Rob provides his key to Mike, Alex intercepts, and this is how “man-in-the-middle attack” begins. Alex then sends a forged message to Mike that claims to be from Rob but including Alex’s public key. Mike easily believes that the received key does belong to Rob when that’s not true. Mike innocently encrypts his message with Alex’s key and sends the converted message back to Rob.
In the most common MITM attacks, the attacker mostly uses a WiFi router to intercept the user’s communication. This technique can be work out by exploiting a router with some malicious programs to intercept user’s sessions on the router. Here, the attacker first configures his laptop as a WiFi hotspot, choosing a name commonly used in a public area, such as an airport or coffee shop. Once a user connects to that malicious router to reach websites such as online banking sites or commerce sites, the attacker then logs a user’s credentials for later use.
Man-in-the-middle attack prevention & tools
Most of the effective defenses against MITM can be found only on the router or server-side. You won’t be having any dedicated control over the security of your transaction. Instead, you can use strong encryption between the client and the server. In this case, the server authenticates the client’s request by presenting a digital certificate, and then the only connection could be established.
Another method to prevent such MITM attacks is, to never connect to open WiFi routers directly. If you wish to so, you can use a browser plug-in such as HTTPS Everywhere or ForceTLS. These plug-ins will help you in establishing a secure connection whenever the option is available.
Read next: What are Man-in-the-Browser attacks?