h a l f b a k e r ySee website for details.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Don't like the idea of Big Brother snooping on you?
Here's a way of making their lives just a tad more difficult.
Both you and the person you wish to communicate with set up a
dozen
webmail accounts with diiferent ISPs - Yahoo, Gmail, hotmail
whatever.
When you wish to send a message
(plain text only), enter your text
and
run it through the steganography tool.
The output is anything from six to twelve innocent looking plain text
files.
Now, using public wifi hotspots, mobile telephony, whatever, use the
client software to send one message via each bearer to one of your
recipient's email addresses.
Your recipient similarly visits numerous web access points, each
time
checking just one account. The software decyphers the multiple
emails to
reveal the original message.
This is very difficult for the snoopers to crack, as no one email
contains
more than a small portion of the message, and each eemail follows a
different path. They must correctly identify and intercept all the
emails
to have a chance of decyphering. The waters are further muddied
by
dummy emails containing spoof data.
The complete message is never available outside the transmitting
and
receiving computers.
The cypher/decyphering software doesn't have to be that clever. It's
splitting the message through multiple independant paths that is
the trick.
sample article describing SSL insecurity : SSL authority stops issuing certificates following breach
http://www.theregis..._hopelessly_broken/ The url includes a summary [Loris, Jan 08 2013]
How is SSL hopelessly broken? Let us count the ways
http://www.theregis...te_of_ssl_analysis/ "Such an attacker would be able to perfectly forge the identity of your organization's webmail server in a 'man-in-the-middle' attack!" [Loris, Jan 08 2013]
Man-in-the-middle attack
http://en.wikipedia...n-the-middle_attack You probably shouldn't trust this page, since I may have changed it before posting the link. [Loris, Jan 10 2013]
[link]
|
|
That whole tor/dark internet thing should pretty
much do the same thing - in a similar distributed
fashion. |
|
|
But as long as your messages are plaintext, you'll still have
to communicate in veiled terms or Echelon will still pick
out the frequency of flag terms in your traffic and alert a
flunkie. Then the alert will make its way upstream where
A) it will be lost forever in jungles of sticky red tape, or B)
somebody with actual executive control will decide that
you're not overtly plotting against the government but are
still shady as fuck and bear watching. |
|
|
It might even backfire on you, because once they take a
closer look at you, they'll discover that you're generating a
disproportianately high volume of traffic, a small amount
of which contains flag terms. |
|
|
This is called an all-or-nothing transform. |
|
|
An even better way to do it is to set up multiple email
accounts, but not send any emails at all. Simply have
an account that the person you and whomever you
want to communicate with share. That's what the
real spooks do. For two people, it's no less secure
than regular email in terms of password management,
and it avoids the problem of the man-in-the-middle
attack. |
|
|
//Of course another way would be to setup a website
where the users can post their messages, perhaps in
reply to far-fetched ideas, and hide their real
messages distributed across many annotations.// |
|
|
/This/ is known as null cipher. |
|
|
Okay, so what's up with everyone coming up with ideas
lately that are so widely known about in the security
community (or to anyone who spends ten minutes
reading about security on Wikipedia) that they already
have cool spy names coined for them? |
|
|
Bammm YTK TKO's 8th of 7 in the 4th round |
|
|
There's no point in having some fiendishly complex means of sending messages if it makes you look really, really suspicious. |
|
|
//An even better way to do it is to set up multiple email accounts, but not send any emails at all. Simply have an account that the person you and whomever you want to communicate with share. [...] it avoids the problem of the man-in-the-middle attack.// |
|
|
I don't think it does. Not unless the emails are stored on one computer and never transmitted over a network. Which is not going to solve the general problem. |
|
|
//There's no point in having some fiendishly complex means of sending messages if it makes you look really, really suspicious.// |
|
|
The point of steganography is to hide the presence of the message entirely. In this case, 8th specifies "innocent looking" messages. So presumably at the very least words like "assassinate" (if not the entire message) would be shrouded. There are ways and ways, many of which are not particularly difficult to do. |
|
|
Right, thanks [bella]. I meant to explain that part but must
have gotten distracted someh
Ooo shiny! |
|
|
I understood what you meant. |
|
|
Why do you think that a draft email transferred over the internet to and from a mail-server managed by a third party is immune to man-in-the-middle attacks? |
|
|
You can guarantee secure encryption between yourself and
the mail server via SSL with a signed certificate. You
cannot guarantee any sort of encryption between two third
party mail servers. |
|
|
And before you get all, Oh, it's not perfect!no, it's not.
Nothing is, short of a good one time pad. But it specifically
avoids the problem of your message being intercepted in
transit between two mail servers, which is something you
otherwise have no control over. That is all. |
|
|
//You can guarantee secure encryption between yourself and the mail server via SSL with a signed certificate.// |
|
|
Well. not strictly, no. (links) |
|
|
//You cannot guarantee any sort of encryption between two third party mail servers.// |
|
|
You also cannot guarantee the security of the message while held on the server. There are numerous avenues of attack. |
|
|
//And before you get all, Oh, it's not perfect!.// |
|
|
It's not that I don't think such a system is not quite perfect. I think your statement was entirely wrong. That is, communicating by draft messages does *not* avoid the problem of the man-in-the-middle attack.
To be clear, using such a system does have advantages, just not the one you posit. |
|
|
//That is, communicating by draft messages does
*not* avoid the problem of the man-in-the-middle
attack.// |
|
|
What are you talking about? If you're not sending
messages from one server to another, there is no
middle. Thus, there can be no man-in-the-middle. |
|
|
Can there be /other/ man-in-the-middle attacks,
e.g.
between the client and the mail server itself?
Sure.
That's always true (but at least you can do
something about that). I did not say it avoids the
problem of ALL man-in-the-middle attacks. I said it
avoids the specific problem of THE man-in-the-
middle attack involved in sending a message
between two servers. |
|
|
//What are you talking about? If you're not sending messages from one server to another, there is no middle. Thus, there can be no man-in-the-middle.// |
|
|
You have misunderstood what "man-in-the-middle attack" means. |
|
|
The 'middle' here is the state of the message while it is between sending and receipt by the two would-be communicators. A 'man-in-the-middle' can read and potentially change the message while it is 'in transit'. When I say transit, I don't mean that the message has to be moving (whatever that means). The attacker could gain access to the mail-server where the 'draft' is stored, read and edit it. |
|
|
//The 'middle' here is the state of the message while it is
between sending and receipt by the two would-be
communicators.// |
|
|
Right. In this case, the two communicators are the mail
servers. Avoiding communication between the two
servers effectively prevents the MITM attack /between
those two servers/. |
|
|
As best I can tell, your definition of a MITM attack is just
plain wrong. Someone storing a message on a server,
then somebody else breaking into that server and
changing it is NOT a man-in-the-middle attack. A MITM
attack is a specific type of attack where the attacker is
impersonating the victims to each other, and relaying all
messages with the ability to intercept and/or modify
them as they are being relayed. Simply modifying a
message in place before it happens to be read does not
meet the definition. |
|
|
[ytk] I'm not so sure - in cryptographic terms, while it is normally assumed that Alice, Bob and whomever else is involved are separated by geographic distance, in reality it's just trust (or the lack of it) that separates them. The technical implementations are unimportant, so by saving a message onto server, even if it's sitting right under Alice's desk, it is just as prone to a conceptual Man-In-The-Middle attack (say the server is physically removed and replaced with a duplicate by Charles after Alice leaves the building and before Bob turns up to logon and read the message) as if Bob tries to connect from thousands of miles away over ssh. |
|
|
All that matters is that Bob *trusts* the host of the message, and that Charles has found a way to control/switch/impersonate that node. |
|
|
A man-in-the-middle attack could be described using the technology available in rennaissance Florence, albeit with a lot more waving of handkerchiefs, studious use of floral scents, ink and joinery. |
|
|
It may require mad ninja skills to actually perform the switch - and practically, that might be more difficult (depending on the level of physical security employed by Alice and Bob) but "man-in-the-middle" is a conceptual idea, not something bound to any specific technology or implementation. |
|
|
Unless you are the subject of an active investigation, all the encryption malarkey is pointless. If you are accessing the accounts from random locations then there is no link between you and the IP address you are using. So it doesn't matter if a random someone reads the messages as they won't know who sent them and who the recipient was.
On the other hand, if you are the subject of an active investigation then all the running around is pointless as the 'agency' will probably have you under physical observation. In that event strong encryption is the thing. 'They' will crack it eventually but the point of encryption is to delay 'them' long enough that by the time they read the message it is too late/no longer relevant. |
|
|
[zen_tom]: Not every instance where a message has been intercepted or
modified is a man-in-the-middle attack. A man-in-the-middle attack is a
specific type of attack where the connection itself is compromised. The
attack you're describing, where a message is modified while it is on a
server before it has been retrieved, is an attack on the storage system,
not the connection. |
|
|
The difference is that, for a MITM attack, the communicators believe
they have a secure channel directly to each other, but actually their
channel is routed through a third party that is impersonating the victims
to each other. In your example, Alice and Bob aren't communicating
directly with each other. They are each leaving messages for later
retrieval with a third party, which itself may or may not be secure.
Once you get a known third party (for example, the message server)
involved in storing the message, the attack can no longer be considered
a man-in-the-middle attack. What if Bob were logged in at the same
time as Alice? The message could go through unmolested. By definition,
an attacker in a MITM situation needs to be able to transparently
intercept and/or modify every message /while it is in transit/. |
|
|
Again, though, I don't know what the point of all of this is. The attack
that [Loris] described originally, while entirely possible, is not the attack
I was referring to in the first placethat is, the potential for a MITM
attack /between two email servers/. There could still be a MITM attack
between Alice and the mail server, or Bob and the mail server; there
could also be some other attack on the server itself (though it would be
wrong to call it a MITM attack). All I was saying is it eliminates this one
specific vector for attack, not the potential for any other attacks, MITM
or otherwise. Sheesh. |
|
|
I guess we're going to have to disagree then, because our definitions are just plain different.
I did put up a link to the wikipedia article yesterday. I'm pretty sure it approximates the canonical definition. |
|
|
// By definition, an attacker in a MITM situation needs to be able to transparently intercept and/or modify every message /while it is in transit/.// |
|
|
It's not clear what 'in transit' means for a message, particularly for electronic data. Suppose Alice posts Bob a letter. Would you say it wasn't a MiTM attack if Mallory takes the letter out of the post-box (or anywhere else en-route where it's just sitting around)?
I think that the only reasonable interpretation of MitM attacks is that an attacker can intercept and modify messages between the two communicators (that is, the person sending and the person receiving the message). |
|
|
//I don't know what the point of all of this is.// |
|
|
Well, basically in my eyes you made a mistake, and I was hoping to put you straight. I still think you're wrong, but you're free to stick to your guns of course. I think this is pretty much played out. |
|
|
// Suppose Alice posts Bob a letter. Would you say it wasn't
a MiTM attack if Mallory takes the letter out of the post-
box (or anywhere else en-route where it's just sitting
around)?// |
|
|
No, absolutely not. Read the Wikipedia definition again
carefully and you'll see why. |
|
|
If Mallory were the postal /carrier/, and thus acting as a
trusted channel for the message, it would be a MITM
attack. The attacker must have absolute control over the
channel itself. But in your example, what if Mallory misses
the pickup time and the letter is gone before she can
modify it, or even know it exists? If there is even the
slightest chance that a message could go from Alice to Bob
without passing through Mallory, it is not a MITM attack. |
|
|
The key part is /passing through/. If you define a MITM
attack as any attack where the message is intercepted
before it happens to be received by the intended final
recipient, then that's pretty much going to be cover any
type of attack you can think of. Look at it this way: If the
message were read by Mallory /after/ Bob had received it,
would it still be a MITM attack? Under your definition, it
would be, because the attack is the same regardless of
/when/ it happens. But the actions of the victims cannot
fundamentally change the type of attack. Its success or
failure, sure. But the nature of the attack itself is
determined solely by the actions of the attacker. |
|
|
A simple test for whether it is an MITM attack: Once the
attack has been initiated, does Mallory need to actively
ensure that each message is passed between Alice and Bob
(or modified or discarded)? In other words, if Mallory
stopped taking any actions at all, would messages still get
through? If the answer is yes, then Mallory is not acting as
the channel, and thus it is /not/ a man-in-the-middle
attack. |
|
|
I think you should read more carefully. Or you're just taking the piss. |
|
|
//The key part is /passing through/. If you define a MITM attack as any attack where the message is intercepted before it happens to be received by the intended final recipient, then that's pretty much going to be cover any type of attack you can think of. Look at it this way: If the message were read by Mallory /after/ Bob had received it, would it still be a MITM attack? Under your definition, it would be, because the attack is the same regardless of /when/ it happens.// |
|
|
The key part of the MitM attack is that the attacker can MODIFY the messages between the two people attempting to communicate. In the absence of time travel, that's not possible after receipt. |
|
|
//I think you should read more carefully.// |
|
|
Actually, the very first sentence of the Wikipedia
article
you linked to reveals you are completely mistaken
here. |
|
|
//The key part of the MitM attack is that the
attacker can
MODIFY the messages between the two people
attempting
to communicate.// |
|
|
No. From Wikipedia: The man-in-the-middle
attack[
] is
a form of active eavesdropping in which the
attacker
makes independent connections with the victims
and
relays messages between them, making them
believe that
they are talking directly to each other over a
private
connection, when in fact the entire conversation is
controlled by the attacker. |
|
|
There is nothing there about modifying the
message. Note
the word eavesdropping, which does not
necessarily
mean that the attacker must be able or even
willing to modify
the messages. The defining characteristic of a
man-in-
the-middle attack is that messages are being
/relayed/ by
the attacker. |
|
|
Modifying a message while it is sitting on a storage
system
is a completely different type of attack. In that
case,
Alice and Bob both know they are connecting to a
storage
system, and thus have no belief that they are
/talking
directly to each other/. They are making
independent
and asynchronous connections to a third party. A
MITM
attack can /only/ take place over a (supposedly)
direct
connection between two parties. |
|
|
So, yes, the type of attack you describe could take
place,
but it is NOT a man-in-the-middle attack just
because it
happens to occur before Bob gets the message. You
might
want to take a look at the Example of an attack
section
of the Wikipedia article for a more thorough
explanation. |
|
|
//There is nothing there about modifying the message. // |
|
|
Well... actually there is. |
|
|
"The attacker must be able to intercept all messages going between the two victims and inject new ones,..." |
|
|
That follows on _directly_ from the bit you quoted.
I can see how you might have missed that; it doesn't use the word "modify" or "edit", so a simple search will report a blank. |
|
|
//You might want to take a look at the Example of an attack section of the Wikipedia article for a more thorough explanation.// |
|
|
Well, since you brought it up :
"Suppose Alice wishes to communicate with Bob. Meanwhile, Mallory wishes to intercept the conversation to eavesdrop and possibly deliver a false message to Bob." [1] |
|
|
The example given then has Mallory changing the messages between Alice and Bob. |
|
|
You could also look at the definition for Mallory, in the "Characters in cryptography" / "Alice and Bob" page. |
|
|
[1] Feel free to check the history of the page - these sentences have been present for years (I just checked 6th Jan, 2011) |
|
|
//I don't think its such a technical term.// |
|
|
Actually, it's about as technical as such terms get.
Referring to a man in the middle in conversation
may be vague, but a man-in-the-middle attack
has a very precise and widely understood definition
in the field of computer security. |
|
|
//Bonus points for naming the actress who invented
that technology.// |
|
|
6. However, because it was actually encrypted with
Mallory's key, Mallory can decrypt it, read it, modify it (if
desired), re-encrypt with Bob's key, and forward it to Bob |
|
|
So, the message does not /have/ to be modified, you see.
A MITM attack can be conceived of where the attacker can
intercept, but not modify the messages (e.g., if the
communication system uses an out-of-band hashing system
to verify the accuracy of the transmitted messages). It
would still be considered a man-in-the-middle attack,
because the messages are being intercepted as they are
being relayed. |
|
|
The ability to modify the messages is not the defining
characteristic of the attack (although it would generally be
possible for an attacker to do so). What is key is that the
messages are being relayed by a third party /without the
knowledge/ of Alice and Bob, who believe they are talking
/directly/ to each other. |
|
|
I have to second the people who are limiting the
use of "man in the middle", and YTKs approach
does eliminate it unless the attacker is
impersonating the mail server to the users. |
|
|
It refers very specifically to attacks where the
interloper is independently communicating with
the primary parties, and impersonating each to
the other. This can be done by re-transmitting
messages sent by one to the other, with or
without alteration as needed, but the critical
thing is that every single message stops at the
interloper and a new message is sent by the
interloper to the intended recepient. |
|
|
In the case with a physical letter, a man in the
middle attack would occur when Alice thinks
Malcom's address is Bob, and Bob thinks Malcom's
is Alice. Thus when either mails a letter it goes to
the interloper, who then reads it (and alters it if
desired) before passing it on. If Alice and Bob are
sending it to the correct address, and Malcolm is
somehow intercepting it, that is not a man in the
middle attack, not even if he's the letter carrier
(sorry [ytk]). |
|
|
//If Alice and Bob are sending it to the correct
address, and Malcolm is somehow intercepting it,
that is not a man in the middle attack, not even if
he's the letter carrier// |
|
|
Well, the thing is that concepts originating in the
digital realm are tricky to translate into meatspace.
I agree it's not the best example, but I think it still
has some validity for the purposes of illustrating the
network topology of a man-in-the-middle attack. |
|
|
The MITM attack actually has more to do with
encryption key forgery than address modification.
That is, Alice and Bob are labeling their messages
to go the right place, but encrypting them with
public keys provided by Mallory (who has inserted
herself between Alice and Bob) instead of the keys
they provided to each other. |
|
|
So in the example of the mail carrier, Alice sends a
letter to Bob, and writes his correct address on it.
The letter asks for an encryption key for future
messages. Mallory, the mail carrier, intercepts the
return message from Bob providing the key, and
substitutes her own (and likewise does so the other
way). All subsequent letters now go through
Mallory, who has the decryption keys because she is
the one who provided the public keys in the first
place. Both Alice and Bob are sending messages to
the correct place according to the phone book, but
Mallory is intercepting them without the knowledge
of either party. |
|
|
Take away the encryption factor, and you're left
with Mallory simply acting as a compromised relay,
which was the case in the example I provided.
Again, not the greatest example in the world, but I
stand by it. |
|
|
//So, the message does not /have/ to be modified, you see.// |
|
|
Well, duh. If you're thinking I insist on an attacker changing every message then you're trying to fight some kind of semantic straw man. |
|
|
// A MITM attack can be conceived of where the attacker can intercept, but not modify the messages (e.g., if the communication system uses an out-of-band hashing system to verify the accuracy of the transmitted messages). It would still be considered a man-in-the-middle attack, because the messages are being intercepted as they are being relayed.// |
|
|
No, I don't think it would. |
|
|
"A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other it is an attack on mutual authentication (or lack thereof)." (--the wikipedia article) |
|
|
//What is key is that the messages are being relayed by a third party /without the knowledge/ of Alice and Bob, who believe they are talking /directly/ to each other.// |
|
|
I think that's the critical difference between our definitions. You think it matters that the message has "passed through" the attacker, I think that's irrelevant and they just need to be able to change it, potentially "in-place".
Again, not the easiest thing to map to meatspace wording. If someone could read the data in an account on a mail-server and change it, that would satisfy my definition. In practice the message would generally be read by copying to the attacker, then potentially changed and the original overwritten - this has technically been relayed through the attacker. |
|
|
The example interaction goes:
A -> M -> B
where A is trying to talk to B and M is the MitM attacker. |
|
|
A communication via mailserver would be represented as:
A -> C -> B |
|
|
If M has access to the mailserver then it could be described one-dimensionally as:
A -> C -> M -> C -> B
I am satisfied that fits the definition of a MitM attack.
If you consider the technicalities of reading and editing a message stored on a server on the web somewhere, perhaps you do too? |
|
|
It's harder to do a two-dimensional diagram here, but I will attempt one. |
|
|
Even if M were only able to read and directly flip bits in the server memory (to change the message), I think that also would count as a MitM attack. |
|
|
The problem with that definition is that it requires
specific action on the part of Malcolm to capture the
message. He has to go on the mail server
and read it before Bob picks it up. A MITM attack
requires no specific effort on the part of Malcolm to
capture the message, since the message is directed
to him. It does require an effort on the part of
Malcolm to send the message on, in that they have
to, at the least, re-head or re-encrypt the message
appropriately for Bob. |
|
|
//No, I don't think it would.// |
|
|
Okay, let me describe a MITM attack where the
attacker is capable of reading the messages, but
not modifying them or injecting new ones. |
|
|
Alice thinks she is connecting to Bob, but is really
connecting to Mallory. The same with Bob in
reverse. Alice and Bob trade keys as usual, but
those keys are intercepted by Mallory and modified.
Alice is now sending messages to Mallory, who reads
them (and could modify them) before re-encrypting
them and sending them on to Bob. So far, just like
a normal MITM attack. |
|
|
However, whenever Alice sends an encrypted
message, she also sends, via a separate,
unencrypted channel, a hash of the /unencrypted/
message for verification purposes. Since this is over
a separate channel that Mallory does not control,
Mallory cannot modify this hash. Whenever Bob
receives a message, he decrypts it and runs the
same hashing algorithm on the decrypted message,
and compares it to the hash that he has received
separately. If the hash matches, he knows the
message has not been modified in transit. If his
message hash does not match the verification hash,
he discards the message. |
|
|
In this instance, Mallory can intercept messages
between Alice and Bob, and can read them, but
cannot modify them, because any modified message
will be rejected. Mallory has done nothing
different in this case as in the case where it is a
normal MITM attack, so it's really the exact same
attack. Mallory /could/ attempt to inject new
messages or modify existing messages, but this
would reveal the presence of the attacker
immediately. |
|
|
//I think that's the critical difference between our
definitions. You think it matters that the message
has "passed through" the attacker, I think that's
irrelevant and they just need to be able to change
it, potentially "in-place".// |
|
|
It's not just a matter of semantics, though. A MITM
attack refers specifically to the attack where a
message passes through the attacker, who is
impersonating each victim of the attacker to the
other one. The defenses against this type of attack
are very different from the ones where a message
is modified in place while it is stored on a server. |
|
|
Anyway, it's not just my definition, or what I think
matters: the attacker makes independent
connections with the victims and ***relays messages
between them***, making them believe that they
are talking directly to each other over a private
connection, when in fact the entire conversation is
controlled by the attacker. |
|
|
//The problem with that definition is that it requires specific action on the part of Malcolm to capture the message. He has to go on the mail server and read it before Bob picks it up. A MITM attack requires no specific effort on the part of Malcolm to capture the message, since the message is directed to him. It does require an effort on the part of Malcolm to send the message on, in that they have to, at the least, re-head or re-encrypt the message appropriately for Bob.// |
|
|
I've not seen any requirement for effort or it's absense in any definition. I think that's irrelevant.
Yes the attacker might have to poll the server frequently - and I suppose there's the potential for the attack to be discovered if the originating party looks at the message out of turn (and the attacker hasn't managed to somehow split the account to display differently to A & B). But there also isn't any requirement of a guarantee of success for any form of attack before it can be described as such. |
|
|
//However, whenever Alice sends an encrypted message, she also sends, via a separate, unencrypted channel, a hash of the /unencrypted/ message for verification purposes. Since this is over a separate channel that Mallory does not control, Mallory cannot modify this hash.// |
|
|
I'd say that the MitM attack fails in that case. From the wiki article: |
|
|
"A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other it is an attack on mutual authentication (or lack thereof)." |
|
|
There's also a list of "Defenses against the attack". One of those is "Second (secure) channel verification", which covers this. |
|
|
//It's not just a matter of semantics, though. A MITM attack refers specifically to the attack where a message passes through the attacker, who is impersonating each victim of the attacker to the other one. The defenses against this type of attack are very different from the ones where a message is modified in place while it is stored on a server.// |
|
|
Well okay. that's why I went to the trouble of discussing this (with ASCII diagrams) in my post above. If the attacker has access to the server, then the messages are effectively routed through him. Modifying something in-place which is stored in non-volatile memory (i.e. a hard-disk) on a remote computer is quite a bit (massively) harder than copying, modifying and overwriting or replacing the original. So much so that I'm confident in saying that if you access email or saved drafts using any generally recognised email system (Outlook, GMail, etc) then you're taking a copy, then saving to overwrite or replace the original. Thus, you have relayed the data. |
|
|
Notwithstanding that, even in the case that an attacker decided to handicap themselves to the extent of needing special software to patch the data in-place on a hard-disk (having taken a copy so they can determine the desired changes) - I would still call that a MitM attack. And I would lay money on a large majority of cryptographers saying the same. |
|
|
No they wouldn't. Your approach simply does not
put the interceptor in the middle, they are
accessing the stream from the side. |
|
|
I'd love to take you up on that bet. You'd lose your money. |
|
|
//I'd say that the MitM attack fails in that case. From the wiki article:// |
|
|
You're glossing over the fact that the impersonation is necessary simply to
relay the messages between the two parties. Whether or not you can
modify the messages in place, just to be able to insert yourself as part of a
MITM attack requires you to impersonate both parties. The attack
succeeds if both parties believe they are talking to each other directly, but
are actually talking to the invisible (to them) man-in-the-middle, who
looks to each of them like the opposite party. It doesn't matter whether
the attacker has the ability to modify messages or not. In the general
case, and absent any other security measures, such an attacker WOULD by
definition have the ability to do so, but it is not the defining characteristic
of such an attack. |
|
|
//There's also a list of "Defenses against the attack". One of those is
"Second (secure) channel verification", which covers this.// |
|
|
Exactly. It's not a perfect defense, however. |
|
|
//If the attacker has access to the server, then the messages are
effectively routed through him.// |
|
|
This is not correct. If Alice and Bob are aware they are storing their
messages on a third party server for later retrieval, it is not a MITM attack
even if the message is modified while on the server. A MITM attack can
ONLY occur when Alice and Bob believe they are talking DIRECTLY to each
other, but are actually talking through an unknown third party who is
controlling the conversation. |
|
|
//So much so that I'm confident in saying that if you access email or saved
drafts using any generally recognised email system (Outlook, GMail, etc)
then you're taking a copy, then saving to overwrite or replace the original.
Thus, you have relayed the data.// |
|
|
You're confusing relaying with transmitting here. Relaying refers
specifically to taking a message from party A, and forwarding it to party B.
Taking data from party C and sending it back to party C isn't the same
thing at all, because absent your involvement the message could still
continue on to party B. If you are responsible for relaying the message, it
will NOT be received by party B unless you take active steps to send it on
to party B. |
|
|
What you're failing to grasp is that in a MITM attack, Alice does NOT send a
message to Bob. She sends it to Mallory, believing Mallory to be Bob. In
the example with the server, she does send it to Bob, and it happens to be
intercepted by Mallory before Bob gets it. See the difference? Let's say
the message is encrypted. In the latter case, Mallory would have to break
the message's encryption on the server in order to modify and re-encrypt
it. In a MITM attack, there would be no need to do so, because Mallory is
the one providing the encryption keys in the first place. Even if Bob
somehow got the message directly from Alice, he would be unable to
decrypt it, because it's not encrypted with his public key. In your
example, Alice encrypts the message with Bob's key, so the channel it goes
through is irrelevant. It cannot be modified in place, period, because we
assume the encryption to be effectively unbreakable. |
|
|
Even weak encryption can provide some defense from the attack you
describe. But not even the strongest encryption provides any protection at
all from a MITM attack. |
|
|
//I'd love to take you up on that bet. You'd lose your money.// |
|
|
I'm not going to back out of that, but we'll need to arrange the details privately. |
|
|
Regarding the rest of your post, I'll have to defer my response until I have time to do it justice (i.e. I'm not at work). |
|
|
//What you're failing to grasp is that in a MITM attack, Alice does NOT send a message to Bob. She sends it to Mallory, believing Mallory to be Bob. In the example with the server, she does send it to Bob, and it happens to be intercepted by Mallory before Bob gets it. See the difference? // |
|
|
I think this is the nub of the argument here - and depends on Alice and Bob's relative sophistication regards understanding the technical implementation details of the medium through which they are communicating. That opens up a *wide* subjective window in terms of whether a particular attack is a MiTM attack or not. Like I said earlier - it's all about *trust* and expectation. |
|
|
Let's simplify this so that we're not talking about computers any more. |
|
|
Here's an example situation. Alice writes a note and puts it into an envelope. She seals it with wax and stamps it with her own personal seal. |
|
|
Alice and Bob both believe that when Bob opens that envelope, having verified the integrity of the seal, that the contents are the authentic content of the message. She might put the envelope in a post-box, or give it to a trusted messenger, she might leave it in a dead-drop location. |
|
|
For Mallory to successfully perform a MiTM attack, he needs to do the following things:
i) intercept the message (interception)
ii) open the envelope and read the message(decryption)
iii) <Optionally> alter the message
iv) "re-seal" the message to the later satisfaction of Bob (encryption)
v) Allow the envelope to continue unhindered to Bob (relay/transmission) |
|
|
If by the time Bob gets the envelope, he continues to trust that it contains Alice's original message - then Mallory has acted as a Man in The Middle. Neither Alice or Bob are aware of what's happened. |
|
|
If either Alice or Bob fail to trust the integrity of the communication channel, for any number of reasons, then the MiTM attack will have failed. |
|
|
If the channel is a dead-drop - it just needs to be *trusted* by Alice and Bob as being safe in order for it to continue to be an attackable vector. As long as Mallory can get in there, and do steps i-v without leaving any trace to alert Bob that anything has happened, to the extent that they continue to use that compromised channel, then he's succeeded in being a MiTM. |
|
|
For it to be a man in the middle attack Mallory has
to be able to reseal the message with HIS OWN
seal and have Bob believe that it comes from
Alice. Likewise, going from Bob to Alice, Alice
believes that Mallory's seal is evidence that the
letter came from Bob. |
|
|
This also means that if, somehow, a message
passed directly from Alice to Bob, it would be
rejected for having the wrong seal. |
|
|
That being said, it should not be possible for that
to happen, as there should be no path from Alice
to Bob that does not pass through Mallory. |
|
|
Your approach still fails absolutely as written on
the second criteria, in that a dead drop has the
possibility of passing from A to B without M
intercepting, and by implication on the first
criteria, since it implies that Alice's seal is not
visibly disturbed, instead of being replaced. |
|
|
What would make the dead-drop example into a MITM attack is if Alice
were to agree with Mallory on a certain dead-drop location, and Mallory
were to agree with Bob on a different dead-drop location (but Alice and
Bob both /think/ they are dealing with each other, and have no idea
Mallory even exists). In addition, the seals would have to operate as
[MechE] describes above. In this case, Alice sends a message to Mallory via
dead-drop (thinking it's Bob), Mallory opens it, modifies it if desired,
reseals it with her own seal, and places it in the dead-drop for Bob. |
|
|
Having a single dead-drop that either Mallory or Bob might be able to
access depending on who gets there first (i.e., a race condition) means it
is not a MITM attack. |
|
|
On the basis of the comments since mine on the 15th jan, I see what you're getting at now. |
|
|
//If Alice and Bob are aware they are storing their messages on a third party server for later retrieval, it is not a MITM attack even if the message is modified while on the server. A MITM attack can ONLY occur when Alice and Bob believe they are talking DIRECTLY to each other, but are actually talking through an unknown third party who is controlling the conversation.
// |
|
|
You do realise that if you insist on direct communication without intermediate carriers - the only way this exists is to face to face? MitM attacks could still exist, but they'd be people physically impersonating others.
I think what you really meant is that M has to be effectively faking A and B to each other, rather than merely manipulating the information as it goes past.
I do see the distinction - it was very clear from MechE's example. However, I'm just not convinced that it's actually an important distinction. If you look at examples of claimed MitM attacks, they often don't have this process[1]. |
|
|
Anyway, regardless of that, I think it's unarguable that for the original case (accessing a shared account) account compromise could easily[2] be promoted to the creation of two separate channels, satisfying both our understandings of the term. |
|
|
[1] For example, the Aspidistra transmitter (a link on the wiki MitM page, and which article claims it to be a MitM attack) simply waited until the targetted transmitter switched off, then started transmitting misinformation. |
|
|
For some time I've not being particularly happy with relying on Wikipedia for this; I've been looking for more authoratative definitions online - and haven't found any. |
|
|
[2] easy in the general scheme of these things, anyway. |
|
|
//Anyway, regardless of that, I think it's unarguable
that for the original case (accessing a shared account)
account compromise could easily[2] be promoted to
the creation of two separate channels, satisfying both
our understandings of the term.// |
|
|
I guess maybe if you somehow intercepted the logins
from both sides and passed them to faked alternate
servers, then relayed messages saved on one server to
the other and vice versa, /that/ would constitute a
MITM attack. Regardless, I was referring specifically
to the MITM attack that could occur between two mail
servers. Plain SMTP is a notoriously insecure protocol,
and any server that happens to lie between the two
mail servers (or rather, happens to lie between
them) can simply pretend to be the destination server
and accept the message, modify it if desired, and
relay it on. |
|
|
Anyway, glad we've apparently resolved this to our
mutual satisfaction. If I give any more thought to man-in-the-middle
attacks I'll go utterly batshit. |
|
| |