Communication infrastructure security and the Man in the middle
How to encrypt and decrypt a message between two parties?
As seen previously, the best way to counter passive attacks is communication encryption between a device and the server.
When two entities want to exchange encrypted data, the first issue is the key transmission: to make sure that secret informations are only available to the parties, they should be able to exchange keys in a confidential way. With asymetrical cryptography, each party has a private key (that must remain confidential) et transmits the corresponding public key. The message encrypted with the private key of the first party and the public key of the second party can only be decrypted by the former's public key and the latter's private key.
The second issue is authentication: how to ensure that the other party is really the entity with which one wants to communicate with, and thus that the transmitted public key is valid? The public key infrastructure was created for this purpose. It is based on the principle of confidence in the certification authorities (CA) and their delegates, and provides a mechanism for certifying that the transmitted public key is valid. It is composed of certification authorities that validate the key by signing it off. Mobile devices and browsers have an internal list fo trusted authorities.
However, there are over 600 certificate authorities and delegates allowed to sign public keys.
Breaches in the world of certificate authorities
- Unauthorized Secure Sockets Layer (SSL) certificates issued by MCS Holdings, a Cairo-based networking and security company, that would have allowed [MCS Holdings] to spy on communications between Google and users. MCS holdings is a certification delegate of a major certification authority which is trusted by browsers and mobile operating systems (2015-03),
- Superfish pre-install on Lenovo machines of a universal self-signed certificate authority allowed a man-in-the-middle attack to introduce ads even on encrypted pages (2015-02),
- Issuance of faked SSL credentials by Trustwave (2012-02),
- Penetration in Netherlands-based DigiNotar authority certificate issuance systems allowed altering of credentials and was used to spy on Iranians accessing their Gmail accounts (2011-09).
If a third party, the Man in the Middle, managed to tamper a certificate, it would be possible for him to replace exchanged public keys by his own public keys, and thus pretend to be the other party for each correspondant.
Man-in-the-Middle attack ("MITM")
A man-in-the-middle attack occurs when the attacker managed to insert transparently itself into the communication between a device and a server, without neither of them being aware of the security concerns. The attacker can then actively monitor, capture, control and alter the communication with the injection of new messages. The hazardous pattern of this attack is high, because it is invisible and allows the communication monitoring of a large number of users.
This attack is preceded by a traffic analysis and, in certain cases:
- an ARP Spoofing,
- a DNS Cache Poisoning.
(to be continued...)