Ahead of Print article · Journal article
A Survey of Man in the Middle Attacks
University of Padua1
Copenhagen Center for Health Technology, Centers, Technical University of Denmark2
Department of Applied Mathematics and Computer Science, Technical University of Denmark3
Embedded Systems Engineering, Department of Applied Mathematics and Computer Science, Technical University of Denmark4
Technical University of Denmark5
The Man-In-The-Middle (MITM) attack is one of the most well known attacks in computer security, representing one of the biggest concerns for security professionals. MITM targets the actual data that flows between endpoints, and the confidentiality and integrity of the data itself. In this paper, we extensively review the literature on MITM to analyse and categorize the scope of MITM attacks, considering both a reference model, such as the open systems interconnection (OSI) model, as well as two specific widely used network technologies, i.e., GSM and UMTS.
In particular, we classify MITM attacks based on several parameters, like location of an attacker in the network, nature of a communication channel, and impersonation techniques. Based on an impersonation techniques classification, we then provide execution steps for each MITM class. We survey existing countermeasures and discuss the comparison among them.
Finally, based on our analysis, we propose a categorisation of MITM prevention mechanisms, and we identify some possible directions for future research.
Language: | English |
---|---|
Publisher: | IEEE |
Year: | 2016 |
Pages: | 2027-2051 |
ISSN: | 2373745x and 1553877x |
Types: | Ahead of Print article and Journal article |
DOI: | 10.1109/COMST.2016.2548426 |
ORCIDs: | Dragoni, Nicola |
3G mobile communication Communication channels GSM IP networks MITM attack prevention mechanism Man-In-The-Middle (MITM) attack Open systems Tutorials computer network security computer security data confidentiality data integrity impersonation technique classification man in the middle attack reference model security