Communications - Scientific Letters of the University of Zilina 2017, 19(2):166-172 | DOI: 10.26552/com.C.2017.2.166-172

Techno-Economic Aspect of the Man-in-the-Middle Attacks

Zoran Cekerevac1, Zdenek Dvorak2, Ludmila Prigoda3, Petar Cekerevac4
1 Faculty of Business and Law, "Union - Nikola Tesla" University in Belgrade, Serbia
2 Faculty of Security Engineering, University of Zilina, Slovakia
3 Faculty of Economics and Service, Maykop State Technological University, Maykop, Russia
4 Hilltop Strategic Services, Belgrade, Serbia

This paper analyzes some aspects of the man-in-the-middle (MITM) attacks. After a short introduction, which outlines the essence of this attack, there are presented used scientific methods and hypotheses. The next chapter presents technology of MITM attacks and benefits that a successful attack provides the attacker with. Some of the most significant examples of such attacks, which have a larger scale and significant impact on the broader Internet community, are presented. This part of the article ends with an analysis of possible protection against MITM attacks. Later, on the basis of available data, the analysis of MITM attack from an economic point of view is given. In Conclusion, the summary of the whole analysis is performed.

Keywords: man-in-the-middle; IT; internet; eavesdropping; ARP poisoning; DNS spoofing; SSL hijacking; internet of things

Published: April 30, 2017  Show citation

ACS AIP APA ASA Harvard Chicago Chicago Notes IEEE ISO690 MLA NLM Turabian Vancouver
Cekerevac, Z., Dvorak, Z., Prigoda, L., & Cekerevac, P. (2017). Techno-Economic Aspect of the Man-in-the-Middle Attacks. Communications - Scientific Letters of the University of Zilina19(2), 166-172. doi: 10.26552/com.C.2017.2.166-172
Share...
Download citation
  • BibTeX (.bib)
  • Bookends (.ris)
  • EasyBib (.ris)
  • EndNote (.enw)
  • EndNote 8 (.xml)
  • ISI WoS (.isi)
  • Medlars (.medlars)
  • Mendeley (.ris)
  • MODS (.xml)
  • Papers (.ris)
  • RefWorks (.txt)
  • RefManager (.ris)
  • RIS (.ris)
  • MS Word (.xml)
  • Zotero (.ris)
    • Open full article

    References

    1. PRIGODA, L., et al.: One Look at the Modern Information Security. Sustainable Development of Mountain Territories, vol. 4, No. 22, Apr 19, 2015.
    2. CEKEREVAC, Z., DVORAK, Z., CEKEREVAC, P.: Internet Safety of SMEs and E-mail Protection in the Light of Recent Revelations about Espionage of Internet Communication System. Chernivtsi : Bukovina University, Zbirnyk naukovykh prats' Bukovyns'koho universytetu. Ekonomichni nauky, vol. 10, 2014, 2219-5378.
    3. DuPAUL, N.: Man in the Middle (MITM) Attack. Veracode. [Online] [Cited: Nov 28, 2016.] http://www.veracode.com/security/man-middle-attack.
    4. GANGAN, S.: A Review of Man-in-the-Middle Attacks. arXivorg. [Na mrezi] 2015. https://arxiv.org/ftp/arxiv/papers/1504/1504.02115.pdf.
    5. OWASP.: Man-in-the-middle Attack. OWASP. [Online] Aug 31, 2015. https://www.owasp.org/index.php/Man-in-the-middle_attack.
    6. SANDERS, C.: Understanding Man-in-the-Middle Attacks - ARP Cache Poisoning, Part 1, Windowsecurity. [Online] Mar 17, 2010. http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part1.html.
    7. COVINGTON, M.: Free Wi-Fi and the dangers of mobile Man-in-the-Middle attacks, Betanews. [Online] Oct 8, 2016. http://betanews.com/2016/10/08/free-wi-fi-mobile-man-in-the-middle-attacks/.
    8. -. How to Conduct a Simple Man-in-the-middle Attack, Wonderhowto. [Online] 2014. http://null-byte.wonderhowto.com/how-to/hack-like-pro-conduct-simple-man-middle-attack-0147291/.
    9. KAPIL, J., MANOJ, J. and BORADE, J.: A Survey on Man in the Middle Attack. IJSTE, vol. 2, No. 9, 2016, pp. 277-280.
    10. EDWARDS, R.: Simple Man-in-the-Middle Script: For Script Kiddies. Wonderhowto. [Online] Aug 119, 2016. http://null-byte.wonderhowto.com/news/simple-man-middle-script-for-script-kiddies-0168192/.
    11. McAFEE.: McAfee Labs Threats Report, September 2016. CA: Santa Clara: Intel Security, 2016.
    12. BAKER, W., et al.: 2011 Data Breach Investigations Report, Part. l, Verizon, 2011. p. 74.
    13. VAAS, L.: 49 Busted in Europe for Man-in-the-Middle Bank Attacks. Naked Security. [Online] Jun 11, 2015. https://nakedsecurity.sophos.com/2015/06/11/49-busted-in-europe-for-man-in-the-middle-bank-attacks/.
    14. USER606723.: Are "man in the middle" attacks extremely rare? Information Security. [Online] Feb 22, 2012. http://security.stackexchange.com/questions/12041/are-man-in-the-middle-attacks-extremely-rare.
    15. HEX, M.: Are "Man in the Middle" Attacks Extremely Rare? Information Security. [Online] Feb 22, 2012. http://security.stackexchange.com/questions/12041/are-man-in-the-middle-attacks-extremely-rare.
    16. JUPP0R.: Are "Man in the Middle" Attacks Extremely Rare? Information Security. [Online] Feb 22, 2012. http://security.stackexchange.com/questions/12041/are-man-in-the-middle-attacks-extremely-rare.
    17. VIECCO, C, CAMP, J.: A Life or Death InfoSec Subversion. 5, 2008, Security & Privacy, Vol. 6, pp. 74-76. Go to original source...
    18. ERIKSSON, M.: An Example of a Man-In-The-Middle Attack Against Server Authenticated SSL-sessions. Stockholm: Simovits Consulting, 2016.
    19. SUNDARAM, R.: The Kevin Mitnick Attack. Northeastern University. [Online] Feb 16, 2011. http://www.ccs.neu.edu/course/cs6740/Lectures/Lecture-7.pdf.
    20. ORNAGHI, A., VALLERI, M.: Man in the Middle Attacks. Amsterdam: BlackHat, 2003. Blackhat Conference. p. 61.
    21. ORBITCO.: What is Man in the Middle Attacks ? Explained with Examples, Orbit-computer-solutions. [Online] Nov 9, 2015. http://www.orbit-computer-solutions.com/network-attack-man-in-the-middle-attacks/.
    22. SCHNEIER, B.: Attacking Tor: How the NSA Targets users' online Anonymity. The Guardian. [Online] Oct 4, 2013. https://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity.
    23. SIMKO, C.: Man-in-the-Middle Attacks in the IoT. GlobalSign. [Online] Feb 26, 2016. https://www.globalsign.com/en/blog/man-in-the-middle-attacks-iot/.
    24. NEWLAND, J.: Large Scale DDoS Attack on github.com. github. [Online] Mar 27, 2015. https://github.com/blog/1981-large-scale-ddos-attack-on-github-com.
    25. -. China's Man-on-the-Side Attack on GitHub. Netresec. [Online] Mar 31, 2015. http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub.
    26. COB, S.: 10 things to know about the October 21 IoT DDoS attacks, Welivesecurity. [Online] Oct 24, 2016. http://www.welivesecurity.com/2016/10/24/10-things-know-october-21-iot-ddos-attacks/.
    27. CISCO: Threats in Borderless Networks. LearnCisco. [Online] n.d. http://www.learncisco.net/courses/iins/common-security-threats/threats-in-borderless-networks.html.
    28. GREGG, M.: Six Ways You Could Become a Victim of Man-in-the-middle (MiTM) Attacks this Holiday Season. The Huffington Post. [Online] 12 11, 2015. http://www.huffingtonpost.com/michael-gregg/six-ways-you-could-become_b_8545674.html.
    29. SANDERS, C.: Understanding Man-In-The-Middle Attacks, Part 2: DNS Spoofing, Windowsecurity. [Online] Apr 7, 2010A. http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part2.html.
    30. -. Understanding Man-In-The-Middle Attacks, Part 3: Session Hijacking, Windowsecurity. [Online] May 05, 2010B. http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part3.html.
    31. -. Understanding Man-In-The-Middle Attacks, Part 4: SSL Hijacking. WindowSecurity. [Online] Jun 9, 2010C. http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part4.html.
    32. FRANKLIN, D.: Threatwatch: How much to MITM, how Quickly, how much Lost. Financial Criptography. [Online] July 23, 2007. http://financialcryptography.com/mt/archives/000941.html.
    33. LAFRANCE, A.: How Much Will Today's Internet Outage Cost? The Atlantic. [Online] Oct 21, 2016. http://www.theatlantic.com/technology/archive/2016/10/a-lot/505025/.
    34. MATTHEWS, T.: Incapsula Survey: What DDoS Attacks Really Cost Business, Incapsula. [Online] 2014. https://lp.incapsula.com/rs/incapsulainc/images/eBook%20-%20DDoS%20Impact%20Survey.pdf.
    35. PONEMON.: IBM - 2016 Cost of Data Breach Study: Global Analysis, US-MI: Traverse City : Ponemon Institute, 2016. p. 32.

    This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.


    Return to the content