A Survey of Man in the Middle Attacks

Mauro Conti, Nicola Dragoni, Viktor Lesyk

Research output: Contribution to journalJournal articleResearchpeer-review

Abstract

The Man-In-The-Middle (MITM) attack is one of the most well known attacks in computer security, representing one of the biggest concerns for security professionals. MITM targets the actual data that flows between endpoints, and the confidentiality and integrity of the data itself. In this paper, we extensively review the literature on MITM to analyse and categorize the scope of MITM attacks, considering both a reference model, such as the open systems interconnection (OSI) model, as well as two specific widely used network technologies, i.e., GSM and UMTS. In particular, we classify MITM attacks based on several parameters, like location of an attacker in the network, nature of a communication channel, and impersonation techniques. Based on an impersonation techniques classification, we then provide execution steps for each MITM class. We survey existing countermeasures and discuss the comparison among them. Finally, based on our analysis, we propose a categorisation of MITM prevention mechanisms, and we identify some possible directions for future research.
Original languageEnglish
JournalI E E E Communications Surveys and Tutorials
Volume18
Issue number3
Pages (from-to)2027-2051
ISSN1553-877X
DOIs
Publication statusPublished - 2016

Keywords

  • Man-In-The-Middle (MITM) attack
  • MITM classification
  • MITM defence techniques
  • Security

Fingerprint

Dive into the research topics of 'A Survey of Man in the Middle Attacks'. Together they form a unique fingerprint.

Cite this