A new wireless security scheme that protects against man-in-the-middle (MITM) attacks does not require password protection or some additional communications mechanism.
A team from the Massachusetts Institute of Technology recently demonstrated the scheme on a Wi-Fi network at the 20th Usenix Security Symposium. In an MITM attack, the attacker tries to interpose himself between two other wireless devices when they establish a secure connection. When the devices swap cryptographic keys, the attacker tries to broadcast his own key at the exact same moment, in an attempt to get one or both to mistake him for the other. If successful, the attacker will be able to intercept their transmissions.
However, the new system ensures that attempts to drown out the signal from the legitimate sender will be detected. After transmitting its encryption key, the legitimate sender transmits a second string of numbers related to the key by a known mathematical operation. The key is converted into a wireless signal in the ordinary way, but the second string of numbers is encoded as alternative bursts of radiation and silences, which means an attacker's substitute key would result in an overlapping sequence that would look to the receiver like a new sequence, that would not match up with the transmitted key, and would indicate an MITM attack.
From MIT News
View Full Article
Abstracts Copyright © 2011 Information Inc. , Bethesda, Maryland, USA