Man-in-the-middle attack in wireless and computer networking — A review

One of the most discussed attacks in computer security is Man-In-The-Middle attack and it is a serious concern for many security professionals. The attackers target the actual data flowing between the endpoints and also compromise the integrity and confidentiality of the data. Adversary can compromise the confidentiality by eavesdropping and the integrity by message modification by communication interception. Adversary can also intercept, modify or destroy the messages to cause end of communication for one of the parties thereby leading to compromise of availability issue. In this paper, we present an extensive review on MITM to categorize and analyse the MITM attacks scope. We considered OSI reference model and two basic networking technologies such as GSM and UMTS. MITM attacks are classified based on various parameters such as attacker location, impersonation techniques and nature of channel. The existing countermeasures are surveyed. The paper categorize MITM attacks into four categories namely spoofing based MITM, TLS/SSL MITM, BGP MIT M and false base station based MITM attack. Finally we present prevention mechanisms for all such attacks and also identify few future research directions.