The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, also known as a bucket brigade attack, or sometimes Janus attack) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).
A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other — it is an attack on mutual authentication (or lack thereof). Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL can authenticate one or both parties using a mutually trusted certification authority.
Read more about Man-in-the-middle Attack: Need For Additional Transfer Over A Secure Channel, Example of An Attack, Defenses Against The Attack, Forensic Analysis of MITM Attacks, Quantum Cryptography, Beyond Cryptography, Implementations
Famous quotes containing the word attack:
“I make this direct statement to the American people that there is far less chance of the United States getting into war, if we do all we can now to support the nations defending themselves against attack by the Axis than if we acquiesce in their defeat, submit tamely to an Axis victory, and wait our turn to be the object of attack in another war later on.”
—Franklin D. Roosevelt (1882–1945)