Man in the Middle - Hacker's Playground

Abstract

There has been an increase in potential sources of threats to the security of information systems and data of governments, companies and individuals in the present day, due to the growing number of information systems types and devices, the expanding availability of freely-downloadable open source tools, the degree of interconnectivity made possible by the internet, and the concentration of more self help power in the hands of individual end users. A numerically-insignificant number of the total population of information systems end users is made up of black hat users who have caused significant economic losses and reputational damages for organizations and governments through exploitation of security vulnerabilities. One of the most common and widespread security threats is that of Man-in-the Middle (MitM), which has remained a major source of concern to security professionals for many years, and continues to pose a threat to information security as the focus of attack continues to be data, and the black hat users continue to look for new ways to circumvent security safeguards implemented for existing technologies and countermeasures planned for new and emerging technologies. Many papers have been written about Man-in-the-Middle attack, that have described different kinds of such attacks and explained solutions to the attacks but not illustrated how the attack can be carried out and showed how the risks arising from such attacks can be mitigated. This paper presents a step-by-step account of one way in which MitM attack can be realized and how the confidentiality and integrity of data can be prevented from being compromised through use of PKI (Public Key Infrastructure).