MIT scientists have come up with a relatively simple idea how those nasty man-in-the-middle-attacks can be thwarted.
The idea is based on a second security key that does not require an additional password.
In a usual wireless connection, two devices exchange cryptographic keys which are used to encrypt the data in their transmission. To successfully intercept such a transmission, an attacker needs to inject his own key at the very moment the key exchange. Nickolai Zeldovich and Dina Katabi from MIT propose a second key that is sent right after the first key.
“The trick is that, after transmitting its encryption key, the legitimate sender transmits a second string of numbers related to the key by a known mathematical operation,” the researchers said. However, that second key is converted into a wireless signal and is encoded “as changes in the amplitude of a radio wave.” Essentially, the second key is a string of “alternating bursts of radiation and silences.”
This would require an attacker to send the same signal, which is rather unlikely.
“Through the silences of one, the receiver will hear the bursts of the other. The overlapping sequences will look to the receiver like a wholly new sequence, which won’t match up with the transmitted key, indicating an man in the middle attack,” the researchers added.
An attacker may attempt to drown a signal, but an unusually long signal would also be interpreted as an attack.
The researchers said that the technology could be used in any wireless connection type.
No comments:
Post a Comment