180 likes | 340 Views
MITM 中間人攻擊. 網路安全管理-. 期末報告. 指導教授:梁明章教授 學生 :王經維. 大綱. 何謂 MITM Public Key 加密下之 MITM 實例 可能的攻擊方式 Session hijacking 防護方法 參考文獻. 何謂 MITM.
E N D
MITM 中間人攻擊 網路安全管理- 期末報告 指導教授:梁明章教授 學生 :王經維
大綱 • 何謂MITM • Public Key加密下之MITM實例 • 可能的攻擊方式 • Session hijacking • 防護方法 • 參考文獻
何謂MITM • A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will messages between two parties without either party knowing that the link between them has been compromised. • The attacker must be able to observe and intercept messages going between the two victims.
何謂MITM (續) • The MITM attack can work against public-key cryptography and is also particularly applicable to the original Diffie-Hellman key exchange protocol, when used without authentication.
可能的攻擊方式 • Eavesdropping, including traffic analysis and possibly a known-plaintext attack • Chosen-ciphertext attack(CCA) , depending on what the receiver does with a message that it decrypts • Substitution attack. A man-in-the-middle attack, where the attacker replaces the public keys of the sender and receiver by his/her own public key is sometimes referred to as a bucket brigade attack.
可能的攻擊方式(續) • Replay attacks • DoS attack. • Phishing attacks. attacks, where victims are duped into entering their details into a website that imitates a genuine site (e.g., an online bank). By acting as a go-between to the genuine website, the proxy website allows the victims to log in and conduct business as usual without raising suspicion
Session hijacking • Replay attacks-Session hijacking
防護方法 • Public key infrastructures • Other criteria, such as voice recognition or other biometrics
防護方法(續) • Off-the-Record Messaging for instant messenging Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie-Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and deniable encryption.
參考文獻 • http://en.wikipedia.org/wiki/Man-in-the-middle_attack#Example_of_a_successful_MITM_attack_against_public-key_encryption
The End… Thanks for your Attention!