A Survey of Man In The Middle Attacks
2016 (English)In: IEEE Communications Surveys and Tutorials, ISSN 1553-877X, E-ISSN 1553-877X, Vol. 18, no 3, 2027-2051 p.Article in journal (Refereed) Published
The Man-In-The-Middle (MITM) attack is one of the most well known attacks in computer security, representing one of the biggest concerns for security professionals. MITM targets the actual data that flows between endpoints, and the confidentiality and integrity of the data itself. In this paper, we extensively review the literature on MITM to analyse and categorize the scope of MITM attacks, considering both a reference model, such as the open systems interconnection (OSI) model, as well as two specific widely used network technologies, i.e., GSM and UMTS. In particular, we classify MITM attacks based on several parameters, like location of an attacker in the network, nature of a communication channel, and impersonation techniques. Based on an impersonation techniques classification, we then provide execution steps for each MITM class. We survey existing countermeasures and discuss the comparison among them. Finally, based on our analysis, we propose a categorisation of MITM prevention mechanisms, and we identify some possible directions for future research.
Place, publisher, year, edition, pages
IEEE Communications Society, 2016. Vol. 18, no 3, 2027-2051 p.
Man-In-The-Middle (MITM) attack, MITM defence techniques, MITM classification, security
Research subject Computer Science
IdentifiersURN: urn:nbn:se:oru:diva-53387DOI: 10.1109/COMST.2016.2548426ISI: 000384887100020ScopusID: 2-s2.0-84983732361OAI: oai:DiVA.org:oru-53387DiVA: diva2:1044359
Marie Curie Fellowship - European Commission PCIG11-GA-2012-321980
EU TagItSmart! Project H2020-ICT30-2015-688061
EU-India REACH Project ICI+/2014/342-896
TENACE PRIN Project - Italian MIUR 20103P34XC
University of Padua
Erasmus Mundus Scholarship - European Commission2016-11-032016-11-032016-11-03Bibliographically approved