Man in the middle and secrity in multichannel - Essay Example

Man in the Middle and Security in Multichannel With the increasing advancement in computer and information technology, the efficiency in this sector encounters many challenges even as it registers significant success. The growth has led to better communication and improved modes of transacting business. However, there has been an equal growth on the number of computer attacks and hacking.Man in the middle in relation to computer security is a bucket brigade attack where the attacker intercepts a communication between two systems.

This happens when the attacker intercepts messages in a public key exchange and then resends them after substituting his own public key for the requested public key (Search security, 2012, p.1). Hence, the attacker makes two systems believe that they are communicating to one another while the attacker controls and modifies the communicated messages. The attacker achieves this by splitting the original TCP connection into two new connections and acting as a proxy where it can read, insert, and modify the data in the intercepted communication.

The man in the middle is unauthorized and attacks in real time. The attack can occur in two ways. It can occur where the attacker controls a router along the normal point of traffic communication between two communicating systems. It can also occur where the attacker is located on the same broadcast domain with one of the systems. The attacker uses several tools like packet creator, Ettercap, Cain e Abel and Dsniff that are efficient in LAN networks. The tools manifest Arp spoof capabilities that that permit interceptions.

The man in the middle can attack and modify a HTTP because the HTTP traffic is unencrypted and contains no authentication. It can also attempt to intercept HTTPS traffic by using a custom certificate. The attacker uses proxy tools like Paros Prox and Proxy Fuzz to interact with HTTP protocol (OWASP, 2009, p.1). The man in the middle attack takes advantage of weak network communication protocols to convince a host to route the information through the attacker instead of through the normal router.

However, the man in the middle attack is also affirmative in developing a step of a web application and in creating Web Vulnerability assessments. Because of these attacks, the computer technological sector has derived various ways to secure to the communications in the systems in Multichannel and Multi-level Authentication security protocols. To ensure data integrity and originator authenticity between devices such as Personal Digital Assistants (PDAs) whose owners has no past interactions and no access to a Public Key Infrastructure (PKI), a cryptographic key is required.

The Diffie-Hellman (DH) key exchange assures the user that the PDA keyboard is internally connected to the relevant crypto-module API during communication. For affectivity, the two PDAs must agree on a fresh strong cryptographic key. The DH depends on the existence of a high bandwidth channel and high data origin authenticity (Christianson and Li, 2012, p.135-136). This combination is suitable for mobile ad-hoc computing environments but very rare in the ubiquitous computing environment. Another security measure in multichannel involves multi-factor authentication of a user using an application server and an authentication server.

It involves receiving from the application server a first source IP address to the user browser program, requesting authentication. Then the user browser program requests additional authentification from the authentification server through a separate communication channel. The multi-factor authentification channel then compares the first source IP address with the second source IP address. If they do not match, the system fails (Lin, 2010, p.1). This security check is very efficient. Additional security tool in multichannel is the CHAT-SRP (CHAos based Tickets-Secure Registration Protocol).

It focuses on authenticity, secrecy, and usability. This protocol presents a collaborative and interactive platform with a cryptographic solution to security anomalies (Diaz et al, 2012, p.1). Other security tools are SecureLink, which ensures an SMS prevents users from compromising their ATM or other PINs. Conclusively, the XHTML browser employs automatic client device identification (CDI) which prevents phishing and man-in-the-middle attacks (Al-Fairuz and Renaud, 2010, p.1)Works CitedAl-Fairuz, M and Renaud, K 2010, Multi-channel, Multi-level Authentication for More Secure eBanking 2010, Viewed 9 March 2012, Christianson, B and Li, J 2012, Multi-channel Key Agreement using Encrypted Public Key Exchange 2012, Viewed 9 March 2012, Diaz, J et al 2012, Formal security analysis of registration protocols for interactive systems: a methodology and a case of study2012, Viewed 9 March 2012, Lin, P 2010, IP ADDRESS SECURE MULTI-CHANNEL AUTHENTICATION FOR ONLINE TRANSACTIONS 2010, Viewed 9 March 2012, OWASP 2009, Man-in-the-middle attack 2009, Viewed 9 March 2012, Search Security 2012, man in the middle attack (fire brigade attack) 2012, Viewed 9 March 2012, < http://searchsecurity.

techtarget.com/definition/man-in-the-middle-attack>