Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Quis custodiet the custard?

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


                                                                                   

NSA/GCHQ-proof emails

Simple, yet effective
  (+2)
(+2)
  [vote for,
against]

Don't like the idea of Big Brother snooping on you?

Here's a way of making their lives just a tad more difficult.

Both you and the person you wish to communicate with set up a dozen webmail accounts with diiferent ISPs - Yahoo, Gmail, hotmail whatever.

When you wish to send a message (plain text only), enter your text and run it through the steganography tool.

The output is anything from six to twelve innocent looking plain text files.

Now, using public wifi hotspots, mobile telephony, whatever, use the client software to send one message via each bearer to one of your recipient's email addresses.

Your recipient similarly visits numerous web access points, each time checking just one account. The software decyphers the multiple emails to reveal the original message.

This is very difficult for the snoopers to crack, as no one email contains more than a small portion of the message, and each eemail follows a different path. They must correctly identify and intercept all the emails to have a chance of decyphering. The waters are further muddied by dummy emails containing spoof data.

The complete message is never available outside the transmitting and receiving computers.

The cypher/decyphering software doesn't have to be that clever. It's splitting the message through multiple independant paths that is the trick.

8th of 7, Jan 07 2013

sample article describing SSL insecurity : SSL authority stops issuing certificates following breach http://www.theregis..._hopelessly_broken/
The url includes a summary [Loris, Jan 08 2013]

How is SSL hopelessly broken? Let us count the ways http://www.theregis...te_of_ssl_analysis/
"Such an attacker would be able to perfectly forge the identity of your organization's webmail server in a 'man-in-the-middle' attack!" [Loris, Jan 08 2013]

Man-in-the-middle attack http://en.wikipedia...n-the-middle_attack
You probably shouldn't trust this page, since I may have changed it before posting the link. [Loris, Jan 10 2013]

[link]






       That whole tor/dark internet thing should pretty much do the same thing - in a similar distributed fashion.
zen_tom, Jan 07 2013
  

       But as long as your messages are plaintext, you'll still have to communicate in veiled terms or Echelon will still pick out the frequency of flag terms in your traffic and alert a flunkie. Then the alert will make its way upstream where A) it will be lost forever in jungles of sticky red tape, or B) somebody with actual executive control will decide that you're not overtly plotting against the government but are still shady as fuck and bear watching.   

       It might even backfire on you, because once they take a closer look at you, they'll discover that you're generating a disproportianately high volume of traffic, a small amount of which contains flag terms.
Alterother, Jan 08 2013
  

       This is called an “all-or-nothing transform”.   

       An even better way to do it is to set up multiple email accounts, but not send any emails at all. Simply have an account that the person you and whomever you want to communicate with share. That's what the real spooks do. For two people, it's no less secure than regular email in terms of password management, and it avoids the problem of the man-in-the-middle attack.   

       //Of course another way would be to setup a website where the users can post their messages, perhaps in reply to far-fetched ideas, and hide their real messages distributed across many annotations.//   

       /This/ is known as “null cipher”.   

       Okay, so what's up with everyone coming up with ideas lately that are so widely known about in the security community (or to anyone who spends ten minutes reading about security on Wikipedia) that they already have cool spy names coined for them?
ytk, Jan 08 2013
  

       Bammm YTK TKO's 8th of 7 in the 4th round
Brian the Painter, Jan 08 2013
  

       There's no point in having some fiendishly complex means of sending messages if it makes you look really, really suspicious.
hippo, Jan 08 2013
  

       //An even better way to do it is to set up multiple email accounts, but not send any emails at all. Simply have an account that the person you and whomever you want to communicate with share. [...] it avoids the problem of the man-in-the-middle attack.//   

       I don't think it does. Not unless the emails are stored on one computer and never transmitted over a network. Which is not going to solve the general problem.   

       //There's no point in having some fiendishly complex means of sending messages if it makes you look really, really suspicious.//   

       The point of steganography is to hide the presence of the message entirely. In this case, 8th specifies "innocent looking" messages. So presumably at the very least words like "assassinate" (if not the entire message) would be shrouded. There are ways and ways, many of which are not particularly difficult to do.
Loris, Jan 08 2013
  

       Right, thanks [bella]. I meant to explain that part but must have gotten distracted someh… Ooo shiny!
ytk, Jan 08 2013
  

       I understood what you meant.   

       Why do you think that a draft email transferred over the internet to and from a mail-server managed by a third party is immune to man-in-the-middle attacks?
Loris, Jan 08 2013
  

       You can guarantee secure encryption between yourself and the mail server via SSL with a signed certificate. You cannot guarantee any sort of encryption between two third party mail servers.   

       And before you get all, “Oh, it's not perfect!”—no, it's not. Nothing is, short of a good one time pad. But it specifically avoids the problem of your message being intercepted in transit between two mail servers, which is something you otherwise have no control over. That is all.
ytk, Jan 08 2013
  

       //You can guarantee secure encryption between yourself and the mail server via SSL with a signed certificate.//   

       Well. not strictly, no. (links)   

       //You cannot guarantee any sort of encryption between two third party mail servers.//   

       You also cannot guarantee the security of the message while held on the server. There are numerous avenues of attack.   

       //And before you get all, “Oh, it's not perfect!”.//   

       It's not that I don't think such a system is not quite perfect. I think your statement was entirely wrong. That is, communicating by draft messages does *not* avoid the problem of the man-in-the-middle attack.
To be clear, using such a system does have advantages, just not the one you posit.
Loris, Jan 08 2013
  

       //That is, communicating by draft messages does *not* avoid the problem of the man-in-the-middle attack.//   

       What are you talking about? If you're not sending messages from one server to another, there is no middle. Thus, there can be no man-in-the-middle.   

       Can there be /other/ man-in-the-middle attacks, e.g. between the client and the mail server itself? Sure. That's always true (but at least you can do something about that). I did not say it avoids the problem of ALL man-in-the-middle attacks. I said it avoids the specific problem of THE man-in-the- middle attack involved in sending a message between two servers.
ytk, Jan 08 2013
  

       //What are you talking about? If you're not sending messages from one server to another, there is no middle. Thus, there can be no man-in-the-middle.//   

       You have misunderstood what "man-in-the-middle attack" means.   

       The 'middle' here is the state of the message while it is between sending and receipt by the two would-be communicators. A 'man-in-the-middle' can read and potentially change the message while it is 'in transit'.
When I say transit, I don't mean that the message has to be moving (whatever that means). The attacker could gain access to the mail-server where the 'draft' is stored, read and edit it.
Loris, Jan 08 2013
  

       //The 'middle' here is the state of the message while it is between sending and receipt by the two would-be communicators.//   

       Right. In this case, the two communicators are the mail servers. Avoiding communication between the two servers effectively prevents the MITM attack /between those two servers/.   

       As best I can tell, your definition of a MITM attack is just plain wrong. Someone storing a message on a server, then somebody else breaking into that server and changing it is NOT a man-in-the-middle attack. A MITM attack is a specific type of attack where the attacker is impersonating the victims to each other, and relaying all messages with the ability to intercept and/or modify them as they are being relayed. Simply modifying a message in place before it happens to be read does not meet the definition.
ytk, Jan 09 2013
  

       [ytk] I'm not so sure - in cryptographic terms, while it is normally assumed that Alice, Bob and whomever else is involved are separated by geographic distance, in reality it's just trust (or the lack of it) that separates them. The technical implementations are unimportant, so by saving a message onto server, even if it's sitting right under Alice's desk, it is just as prone to a conceptual Man-In-The-Middle attack (say the server is physically removed and replaced with a duplicate by Charles after Alice leaves the building and before Bob turns up to logon and read the message) as if Bob tries to connect from thousands of miles away over ssh.   

       All that matters is that Bob *trusts* the host of the message, and that Charles has found a way to control/switch/impersonate that node.   

       A man-in-the-middle attack could be described using the technology available in rennaissance Florence, albeit with a lot more waving of handkerchiefs, studious use of floral scents, ink and joinery.   

       It may require mad ninja skills to actually perform the switch - and practically, that might be more difficult (depending on the level of physical security employed by Alice and Bob) but "man-in-the-middle" is a conceptual idea, not something bound to any specific technology or implementation.
zen_tom, Jan 10 2013
  

       Unless you are the subject of an active investigation, all the encryption malarkey is pointless. If you are accessing the accounts from random locations then there is no link between you and the IP address you are using. So it doesn't matter if a random someone reads the messages as they won't know who sent them and who the recipient was.

On the other hand, if you are the subject of an active investigation then all the running around is pointless as the 'agency' will probably have you under physical observation. In that event strong encryption is the thing. 'They' will crack it eventually but the point of encryption is to delay 'them' long enough that by the time they read the message it is too late/no longer relevant.
DrBob, Jan 10 2013
  

       [zen_tom]: Not every instance where a message has been intercepted or modified is a man-in-the-middle attack. A man-in-the-middle attack is a specific type of attack where the connection itself is compromised. The attack you're describing, where a message is modified while it is on a server before it has been retrieved, is an attack on the storage system, not the connection.   

       The difference is that, for a MITM attack, the communicators believe they have a secure channel directly to each other, but actually their channel is routed through a third party that is impersonating the victims to each other. In your example, Alice and Bob aren't communicating directly with each other. They are each leaving messages for later retrieval with a third party, which itself may or may not be secure. Once you get a known third party (for example, the message server) involved in storing the message, the attack can no longer be considered a man-in-the-middle attack. What if Bob were logged in at the same time as Alice? The message could go through unmolested. By definition, an attacker in a MITM situation needs to be able to transparently intercept and/or modify every message /while it is in transit/.   

       Again, though, I don't know what the point of all of this is. The attack that [Loris] described originally, while entirely possible, is not the attack I was referring to in the first place—that is, the potential for a MITM attack /between two email servers/. There could still be a MITM attack between Alice and the mail server, or Bob and the mail server; there could also be some other attack on the server itself (though it would be wrong to call it a MITM attack). All I was saying is it eliminates this one specific vector for attack, not the potential for any other attacks, MITM or otherwise. Sheesh.
ytk, Jan 10 2013
  

       I guess we're going to have to disagree then, because our definitions are just plain different.
I did put up a link to the wikipedia article yesterday. I'm pretty sure it approximates the canonical definition.
  

       // By definition, an attacker in a MITM situation needs to be able to transparently intercept and/or modify every message /while it is in transit/.//   

       It's not clear what 'in transit' means for a message, particularly for electronic data. Suppose Alice posts Bob a letter. Would you say it wasn't a MiTM attack if Mallory takes the letter out of the post-box (or anywhere else en-route where it's just sitting around)?
I think that the only reasonable interpretation of MitM attacks is that an attacker can intercept and modify messages between the two communicators (that is, the person sending and the person receiving the message).
  

       //I don't know what the point of all of this is.//   

       Well, basically in my eyes you made a mistake, and I was hoping to put you straight. I still think you're wrong, but you're free to stick to your guns of course. I think this is pretty much played out.
Loris, Jan 11 2013
  

       // Suppose Alice posts Bob a letter. Would you say it wasn't a MiTM attack if Mallory takes the letter out of the post- box (or anywhere else en-route where it's just sitting around)?//   

       No, absolutely not. Read the Wikipedia definition again carefully and you'll see why.   

       If Mallory were the postal /carrier/, and thus acting as a trusted channel for the message, it would be a MITM attack. The attacker must have absolute control over the channel itself. But in your example, what if Mallory misses the pickup time and the letter is gone before she can modify it, or even know it exists? If there is even the slightest chance that a message could go from Alice to Bob without passing through Mallory, it is not a MITM attack.   

       The key part is /passing through/. If you define a MITM attack as any attack where the message is intercepted before it happens to be received by the intended final recipient, then that's pretty much going to be cover any type of attack you can think of. Look at it this way: If the message were read by Mallory /after/ Bob had received it, would it still be a MITM attack? Under your definition, it would be, because the attack is the same regardless of /when/ it happens. But the actions of the victims cannot fundamentally change the type of attack. Its success or failure, sure. But the nature of the attack itself is determined solely by the actions of the attacker.   

       A simple test for whether it is an MITM attack: Once the attack has been initiated, does Mallory need to actively ensure that each message is passed between Alice and Bob (or modified or discarded)? In other words, if Mallory stopped taking any actions at all, would messages still get through? If the answer is yes, then Mallory is not acting as the channel, and thus it is /not/ a man-in-the-middle attack.
ytk, Jan 11 2013
  

       I think you should read more carefully. Or you're just taking the piss.   

       //The key part is /passing through/. If you define a MITM attack as any attack where the message is intercepted before it happens to be received by the intended final recipient, then that's pretty much going to be cover any type of attack you can think of. Look at it this way: If the message were read by Mallory /after/ Bob had received it, would it still be a MITM attack? Under your definition, it would be, because the attack is the same regardless of /when/ it happens.//   

       The key part of the MitM attack is that the attacker can MODIFY the messages between the two people attempting to communicate. In the absence of time travel, that's not possible after receipt.
Loris, Jan 12 2013
  

       //I think you should read more carefully.//   

       Actually, the very first sentence of the Wikipedia article you linked to reveals you are completely mistaken here.   

       //The key part of the MitM attack is that the attacker can MODIFY the messages between the two people attempting to communicate.//   

       No. From Wikipedia: “The man-in-the-middle attack[…] is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.”   

       There is nothing there about modifying the message. Note the word “eavesdropping”, which does not necessarily mean that the attacker must be able or even willing to modify the messages. The defining characteristic of a man-in- the-middle attack is that messages are being /relayed/ by the attacker.   

       Modifying a message while it is sitting on a storage system is a completely different type of attack. In that case, Alice and Bob both know they are connecting to a storage system, and thus have no belief that they are /talking directly to each other/. They are making independent and asynchronous connections to a third party. A MITM attack can /only/ take place over a (supposedly) direct connection between two parties.   

       So, yes, the type of attack you describe could take place, but it is NOT a man-in-the-middle attack just because it happens to occur before Bob gets the message. You might want to take a look at the “Example of an attack” section of the Wikipedia article for a more thorough explanation.
ytk, Jan 14 2013
  

       //There is nothing there about modifying the message. //   

       Well... actually there is.   

       "The attacker must be able to intercept all messages going between the two victims and inject new ones,..."   

       That follows on _directly_ from the bit you quoted.
I can see how you might have missed that; it doesn't use the word "modify" or "edit", so a simple search will report a blank.
  

       //You might want to take a look at the “Example of an attack” section of the Wikipedia article for a more thorough explanation.//   

       Well, since you brought it up :
"Suppose Alice wishes to communicate with Bob. Meanwhile, Mallory wishes to intercept the conversation to eavesdrop and possibly deliver a false message to Bob." [1]
  

       The example given then has Mallory changing the messages between Alice and Bob.   

         

       You could also look at the definition for Mallory, in the "Characters in cryptography" / "Alice and Bob" page.   

       [1] Feel free to check the history of the page - these sentences have been present for years (I just checked 6th Jan, 2011)
Loris, Jan 14 2013
  

       //I don't think its such a technical term.//   

       Actually, it's about as technical as such terms get. Referring to a “man in the middle” in conversation may be vague, but a “man-in-the-middle attack” has a very precise and widely understood definition in the field of computer security.   

       //Bonus points for naming the actress who invented that technology.//   

       Hedy Lamarr, of course.
ytk, Jan 14 2013
  

       “6. However, because it was actually encrypted with Mallory's key, Mallory can decrypt it, read it, modify it (if desired), re-encrypt with Bob's key, and forward it to Bob”   

       So, the message does not /have/ to be modified, you see. A MITM attack can be conceived of where the attacker can intercept, but not modify the messages (e.g., if the communication system uses an out-of-band hashing system to verify the accuracy of the transmitted messages). It would still be considered a man-in-the-middle attack, because the messages are being intercepted as they are being relayed.   

       The ability to modify the messages is not the defining characteristic of the attack (although it would generally be possible for an attacker to do so). What is key is that the messages are being relayed by a third party /without the knowledge/ of Alice and Bob, who believe they are talking /directly/ to each other.
ytk, Jan 14 2013
  

       //See my point ?//   

       Uh, no.
ytk, Jan 14 2013
  

       I have to second the people who are limiting the use of "man in the middle", and YTKs approach does eliminate it unless the attacker is impersonating the mail server to the users.   

       It refers very specifically to attacks where the interloper is independently communicating with the primary parties, and impersonating each to the other. This can be done by re-transmitting messages sent by one to the other, with or without alteration as needed, but the critical thing is that every single message stops at the interloper and a new message is sent by the interloper to the intended recepient.   

       In the case with a physical letter, a man in the middle attack would occur when Alice thinks Malcom's address is Bob, and Bob thinks Malcom's is Alice. Thus when either mails a letter it goes to the interloper, who then reads it (and alters it if desired) before passing it on. If Alice and Bob are sending it to the correct address, and Malcolm is somehow intercepting it, that is not a man in the middle attack, not even if he's the letter carrier (sorry [ytk]).
MechE, Jan 14 2013
  

       //If Alice and Bob are sending it to the correct address, and Malcolm is somehow intercepting it, that is not a man in the middle attack, not even if he's the letter carrier//   

       Well, the thing is that concepts originating in the digital realm are tricky to translate into meatspace. I agree it's not the best example, but I think it still has some validity for the purposes of illustrating the network topology of a man-in-the-middle attack.   

       The MITM attack actually has more to do with encryption key forgery than address modification. That is, Alice and Bob are labeling their messages to go the right place, but encrypting them with public keys provided by Mallory (who has inserted herself between Alice and Bob) instead of the keys they provided to each other.   

       So in the example of the mail carrier, Alice sends a letter to Bob, and writes his correct address on it. The letter asks for an encryption key for future messages. Mallory, the mail carrier, intercepts the return message from Bob providing the key, and substitutes her own (and likewise does so the other way). All subsequent letters now go through Mallory, who has the decryption keys because she is the one who provided the public keys in the first place. Both Alice and Bob are sending messages to the correct place according to the phone book, but Mallory is intercepting them without the knowledge of either party.   

       Take away the encryption factor, and you're left with Mallory simply acting as a compromised relay, which was the case in the example I provided. Again, not the greatest example in the world, but I stand by it.
ytk, Jan 14 2013
  

       //So, the message does not /have/ to be modified, you see.//   

       Well, duh. If you're thinking I insist on an attacker changing every message then you're trying to fight some kind of semantic straw man.   

       // A MITM attack can be conceived of where the attacker can intercept, but not modify the messages (e.g., if the communication system uses an out-of-band hashing system to verify the accuracy of the transmitted messages). It would still be considered a man-in-the-middle attack, because the messages are being intercepted as they are being relayed.//   

       No, I don't think it would.   

       "A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other — it is an attack on mutual authentication (or lack thereof)." (--the wikipedia article)   

       //What is key is that the messages are being relayed by a third party /without the knowledge/ of Alice and Bob, who believe they are talking /directly/ to each other.//   

       I think that's the critical difference between our definitions. You think it matters that the message has "passed through" the attacker, I think that's irrelevant and they just need to be able to change it, potentially "in-place".
Again, not the easiest thing to map to meatspace wording. If someone could read the data in an account on a mail-server and change it, that would satisfy my definition. In practice the message would generally be read by copying to the attacker, then potentially changed and the original overwritten - this has technically been relayed through the attacker.
  

       The example interaction goes:
A -> M -> B
where A is trying to talk to B and M is the MitM attacker.
  

       A communication via mailserver would be represented as:
A -> C -> B
  

       If M has access to the mailserver then it could be described one-dimensionally as:
A -> C -> M -> C -> B
I am satisfied that fits the definition of a MitM attack.
If you consider the technicalities of reading and editing a message stored on a server on the web somewhere, perhaps you do too?
  

       It's harder to do a two-dimensional diagram here, but I will attempt one.   

       B
^
C <-> M
^
A
  

       Even if M were only able to read and directly flip bits in the server memory (to change the message), I think that also would count as a MitM attack.
Loris, Jan 15 2013
  

       The problem with that definition is that it requires specific action on the part of Malcolm to capture the message. He has to go on the mail server and read it before Bob picks it up. A MITM attack requires no specific effort on the part of Malcolm to capture the message, since the message is directed to him. It does require an effort on the part of Malcolm to send the message on, in that they have to, at the least, re-head or re-encrypt the message appropriately for Bob.
MechE, Jan 15 2013
  

       //No, I don't think it would.//   

       Okay, let me describe a MITM attack where the attacker is capable of reading the messages, but not modifying them or injecting new ones.   

       Alice thinks she is connecting to Bob, but is really connecting to Mallory. The same with Bob in reverse. Alice and Bob trade keys as usual, but those keys are intercepted by Mallory and modified. Alice is now sending messages to Mallory, who reads them (and could modify them) before re-encrypting them and sending them on to Bob. So far, just like a normal MITM attack.   

       However, whenever Alice sends an encrypted message, she also sends, via a separate, unencrypted channel, a hash of the /unencrypted/ message for verification purposes. Since this is over a separate channel that Mallory does not control, Mallory cannot modify this hash. Whenever Bob receives a message, he decrypts it and runs the same hashing algorithm on the decrypted message, and compares it to the hash that he has received separately. If the hash matches, he knows the message has not been modified in transit. If his message hash does not match the verification hash, he discards the message.   

       In this instance, Mallory can intercept messages between Alice and Bob, and can read them, but cannot modify them, because any modified message will be rejected. Mallory has done nothing different in this case as in the case where it is a normal MITM attack, so it's really the exact same attack. Mallory /could/ attempt to inject new messages or modify existing messages, but this would reveal the presence of the attacker immediately.   

       //I think that's the critical difference between our definitions. You think it matters that the message has "passed through" the attacker, I think that's irrelevant and they just need to be able to change it, potentially "in-place".//   

       It's not just a matter of semantics, though. A MITM attack refers specifically to the attack where a message passes through the attacker, who is impersonating each victim of the attacker to the other one. The defenses against this type of attack are very different from the ones where a message is modified in place while it is stored on a server.   

       Anyway, it's not just my definition, or what I think matters: “the attacker makes independent connections with the victims and ***relays messages between them***, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.”
ytk, Jan 15 2013
  

       //The problem with that definition is that it requires specific action on the part of Malcolm to capture the message. He has to go on the mail server and read it before Bob picks it up. A MITM attack requires no specific effort on the part of Malcolm to capture the message, since the message is directed to him. It does require an effort on the part of Malcolm to send the message on, in that they have to, at the least, re-head or re-encrypt the message appropriately for Bob.//   

       I've not seen any requirement for effort or it's absense in any definition. I think that's irrelevant. Yes the attacker might have to poll the server frequently - and I suppose there's the potential for the attack to be discovered if the originating party looks at the message out of turn (and the attacker hasn't managed to somehow split the account to display differently to A & B). But there also isn't any requirement of a guarantee of success for any form of attack before it can be described as such.   

       ....   

       //However, whenever Alice sends an encrypted message, she also sends, via a separate, unencrypted channel, a hash of the /unencrypted/ message for verification purposes. Since this is over a separate channel that Mallory does not control, Mallory cannot modify this hash.//   

       I'd say that the MitM attack fails in that case. From the wiki article:   

       "A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other — it is an attack on mutual authentication (or lack thereof)."   

       There's also a list of "Defenses against the attack". One of those is "Second (secure) channel verification", which covers this.   

       //It's not just a matter of semantics, though. A MITM attack refers specifically to the attack where a message passes through the attacker, who is impersonating each victim of the attacker to the other one. The defenses against this type of attack are very different from the ones where a message is modified in place while it is stored on a server.//   

       Well okay. that's why I went to the trouble of discussing this (with ASCII diagrams) in my post above. If the attacker has access to the server, then the messages are effectively routed through him. Modifying something in-place which is stored in non-volatile memory (i.e. a hard-disk) on a remote computer is quite a bit (massively) harder than copying, modifying and overwriting or replacing the original. So much so that I'm confident in saying that if you access email or saved drafts using any generally recognised email system (Outlook, GMail, etc) then you're taking a copy, then saving to overwrite or replace the original. Thus, you have relayed the data.   

       Notwithstanding that, even in the case that an attacker decided to handicap themselves to the extent of needing special software to patch the data in-place on a hard-disk (having taken a copy so they can determine the desired changes) - I would still call that a MitM attack. And I would lay money on a large majority of cryptographers saying the same.
Loris, Jan 15 2013
  

       No they wouldn't. Your approach simply does not put the interceptor in the middle, they are accessing the stream from the side.
MechE, Jan 15 2013
  

       I'd love to take you up on that bet. You'd lose your money.   

       //I'd say that the MitM attack fails in that case. From the wiki article://   

       You're glossing over the fact that the impersonation is necessary simply to relay the messages between the two parties. Whether or not you can modify the messages in place, just to be able to insert yourself as part of a MITM attack requires you to impersonate both parties. The attack succeeds if both parties believe they are talking to each other directly, but are actually talking to the invisible (to them) “man-in-the-middle”, who looks to each of them like the opposite party. It doesn't matter whether the attacker has the ability to modify messages or not. In the general case, and absent any other security measures, such an attacker WOULD by definition have the ability to do so, but it is not the defining characteristic of such an attack.   

       //There's also a list of "Defenses against the attack". One of those is "Second (secure) channel verification", which covers this.//   

       Exactly. It's not a perfect defense, however.   

       //If the attacker has access to the server, then the messages are effectively routed through him.//   

       This is not correct. If Alice and Bob are aware they are storing their messages on a third party server for later retrieval, it is not a MITM attack even if the message is modified while on the server. A MITM attack can ONLY occur when Alice and Bob believe they are talking DIRECTLY to each other, but are actually talking through an unknown third party who is controlling the conversation.   

       //So much so that I'm confident in saying that if you access email or saved drafts using any generally recognised email system (Outlook, GMail, etc) then you're taking a copy, then saving to overwrite or replace the original. Thus, you have relayed the data.//   

       You're confusing “relaying” with “transmitting” here. Relaying refers specifically to taking a message from party A, and forwarding it to party B. Taking data from party C and sending it back to party C isn't the same thing at all, because absent your involvement the message could still continue on to party B. If you are responsible for relaying the message, it will NOT be received by party B unless you take active steps to send it on to party B.   

       What you're failing to grasp is that in a MITM attack, Alice does NOT send a message to Bob. She sends it to Mallory, believing Mallory to be Bob. In the example with the server, she does send it to Bob, and it happens to be intercepted by Mallory before Bob gets it. See the difference? Let's say the message is encrypted. In the latter case, Mallory would have to break the message's encryption on the server in order to modify and re-encrypt it. In a MITM attack, there would be no need to do so, because Mallory is the one providing the encryption keys in the first place. Even if Bob somehow got the message directly from Alice, he would be unable to decrypt it, because it's not encrypted with his public key. In your example, Alice encrypts the message with Bob's key, so the channel it goes through is irrelevant. It cannot be modified in place, period, because we assume the encryption to be effectively unbreakable.   

       Even weak encryption can provide some defense from the attack you describe. But not even the strongest encryption provides any protection at all from a MITM attack.
ytk, Jan 15 2013
  

       //I'd love to take you up on that bet. You'd lose your money.//   

       I'm not going to back out of that, but we'll need to arrange the details privately.   

       Regarding the rest of your post, I'll have to defer my response until I have time to do it justice (i.e. I'm not at work).
Loris, Jan 17 2013
  

       //What you're failing to grasp is that in a MITM attack, Alice does NOT send a message to Bob. She sends it to Mallory, believing Mallory to be Bob. In the example with the server, she does send it to Bob, and it happens to be intercepted by Mallory before Bob gets it. See the difference? //   

       I think this is the nub of the argument here - and depends on Alice and Bob's relative sophistication regards understanding the technical implementation details of the medium through which they are communicating. That opens up a *wide* subjective window in terms of whether a particular attack is a MiTM attack or not. Like I said earlier - it's all about *trust* and expectation.   

       Let's simplify this so that we're not talking about computers any more.   

       Here's an example situation. Alice writes a note and puts it into an envelope. She seals it with wax and stamps it with her own personal seal.   

       Alice and Bob both believe that when Bob opens that envelope, having verified the integrity of the seal, that the contents are the authentic content of the message. She might put the envelope in a post-box, or give it to a trusted messenger, she might leave it in a dead-drop location.   

       For Mallory to successfully perform a MiTM attack, he needs to do the following things:
i) intercept the message (interception)
ii) open the envelope and read the message(decryption)
iii) <Optionally> alter the message
iv) "re-seal" the message to the later satisfaction of Bob (encryption)
v) Allow the envelope to continue unhindered to Bob (relay/transmission)
  

       If by the time Bob gets the envelope, he continues to trust that it contains Alice's original message - then Mallory has acted as a Man in The Middle. Neither Alice or Bob are aware of what's happened.   

       It's all about trust.   

       If either Alice or Bob fail to trust the integrity of the communication channel, for any number of reasons, then the MiTM attack will have failed.   

       If the channel is a dead-drop - it just needs to be *trusted* by Alice and Bob as being safe in order for it to continue to be an attackable vector. As long as Mallory can get in there, and do steps i-v without leaving any trace to alert Bob that anything has happened, to the extent that they continue to use that compromised channel, then he's succeeded in being a MiTM.
zen_tom, Jan 17 2013
  

       Again no.   

       For it to be a man in the middle attack Mallory has to be able to reseal the message with HIS OWN seal and have Bob believe that it comes from Alice. Likewise, going from Bob to Alice, Alice believes that Mallory's seal is evidence that the letter came from Bob.   

       This also means that if, somehow, a message passed directly from Alice to Bob, it would be rejected for having the wrong seal.   

       That being said, it should not be possible for that to happen, as there should be no path from Alice to Bob that does not pass through Mallory.   

       Your approach still fails absolutely as written on the second criteria, in that a dead drop has the possibility of passing from A to B without M intercepting, and by implication on the first criteria, since it implies that Alice's seal is not visibly disturbed, instead of being replaced.
MechE, Jan 17 2013
  

       What would make the dead-drop example into a MITM attack is if Alice were to agree with Mallory on a certain dead-drop location, and Mallory were to agree with Bob on a different dead-drop location (but Alice and Bob both /think/ they are dealing with each other, and have no idea Mallory even exists). In addition, the seals would have to operate as [MechE] describes above. In this case, Alice sends a message to Mallory via dead-drop (thinking it's Bob), Mallory opens it, modifies it if desired, reseals it with her own seal, and places it in the dead-drop for Bob.   

       Having a single dead-drop that either Mallory or Bob might be able to access depending on who gets there first (i.e., a race condition) means it is not a MITM attack.
ytk, Jan 17 2013
  

       On the basis of the comments since mine on the 15th jan, I see what you're getting at now.   

       //If Alice and Bob are aware they are storing their messages on a third party server for later retrieval, it is not a MITM attack even if the message is modified while on the server. A MITM attack can ONLY occur when Alice and Bob believe they are talking DIRECTLY to each other, but are actually talking through an unknown third party who is controlling the conversation. //   

       You do realise that if you insist on direct communication without intermediate carriers - the only way this exists is to face to face? MitM attacks could still exist, but they'd be people physically impersonating others.
I think what you really meant is that M has to be effectively faking A and B to each other, rather than merely manipulating the information as it goes past.
I do see the distinction - it was very clear from MechE's example. However, I'm just not convinced that it's actually an important distinction. If you look at examples of claimed MitM attacks, they often don't have this process[1].
  

       Anyway, regardless of that, I think it's unarguable that for the original case (accessing a shared account) account compromise could easily[2] be promoted to the creation of two separate channels, satisfying both our understandings of the term.   

         

       [1] For example, the Aspidistra transmitter (a link on the wiki MitM page, and which article claims it to be a MitM attack) simply waited until the targetted transmitter switched off, then started transmitting misinformation.   

       For some time I've not being particularly happy with relying on Wikipedia for this; I've been looking for more authoratative definitions online - and haven't found any.   

       [2] easy in the general scheme of these things, anyway.
Loris, Jan 19 2013
  

       //Anyway, regardless of that, I think it's unarguable that for the original case (accessing a shared account) account compromise could easily[2] be promoted to the creation of two separate channels, satisfying both our understandings of the term.//   

       I guess maybe if you somehow intercepted the logins from both sides and passed them to faked alternate servers, then relayed messages saved on one server to the other and vice versa, /that/ would constitute a MITM attack. Regardless, I was referring specifically to the MITM attack that could occur between two mail servers. Plain SMTP is a notoriously insecure protocol, and any server that happens to lie between the two mail servers (or rather, “happens” to lie between them) can simply pretend to be the destination server and accept the message, modify it if desired, and relay it on.   

       Anyway, glad we've apparently resolved this to our mutual satisfaction. If I give any more thought to man-in-the-middle attacks I'll go utterly batshit.
ytk, Jan 19 2013
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle