If the communication protocol is based on packet, each packet must have a tag that indicates who sent it (so that the attacker can't send traffic from one party back to itself) and some kind of sequence number (so that the attacker can't resend an old packet, which may now have a different effect). A secure channel provides not only encryption, but authentication - a verification that the data comes from the legitimate source. He might not know what the plaintext is, but that can still cause trouble - the recipient is getting garbled data, which could even trigger a parser bug. With only encryption, the man-in-the-middle can inject some traffic by coming up with some ciphertext. This also prevents the attacker from injecting arbitrary traffic, because he doesn't know the encryption key. This prevents the attacker from decoding the traffic, because he doesn't know the decryption key. but there are subtleties.Įncrypting the traffic is only part of the protection against man-in-the-middle attacks. The simple way to establish a secure channel is to use SSL/TLS. Encryption alone does not make a secure channel. Terminology: a secure channel is a communication channel that is protected against man-in-the-middle attacks and eavesdropping.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |