IoT and Man-in-the-Middle Attacks

This paper provides an overview of the Internet of Things (IoT) and its significance. It discusses the concept of Man-in-the-Middle (MitM) attacks in detail, including their causes, potential solutions, and challenges in detecting and preventing such attacks. The paper also addresses the current issues related to IoT security and explores future methods and facilities for improving detection and prevention mechanisms against MitM

Bluetooth Security Protocol Analysis and Improvements

Since its creation, Bluetooth has transformed itself from a cable replacement technology to a wireless technology that connects people and machines. Bluetooth has been widely adapted on mobile phones and PDAs. Many other vendors in other industries are integrating Bluetooth into their products. Although vendors are adapting to the technology, Bluetooth hasn’t been a big hit among users. Security remains a major concern. Poor implementation of the Bluetooth architecture on mobile devices leads to some high profiled Bluetooth hacks. Weak security protocol designs expose the Bluetooth system to some devastating protocol attacks. This paper first explores four Bluetooth protocol-level attacks in order to get deeper insights into the weakness of the Bluetooth security design. It then proposes enhancements to defense against those attacks. Performance comparison will be given based on the implementation of those enhancements on a software based Bluetooth simulator

Man-in-the-Middle Attacks on MQTT based IoT networks

“The use of Internet-of-Things (IoT) devices has increased a considerable amount in recent years due to decreasing cost and increasing availability of transistors, semiconductor, and other components. Examples can be found in daily life through smart cities, consumer security cameras, agriculture sensors, and more. However, Cyber Security in these IoT devices are often an afterthought making these devices susceptible to easy attacks. This can be due to multiple factors. An IoT device is often in a smaller form factor and must be affordable to buy in large quantities; as a result, IoT devices have less resources than a typical computer. This includes less processing power, battery power, and random access memory (RAM). This limits the possibilities of traditional security in IoT devices. To help evaluate the state of IoT devices and further enforce them, we present an easy to use program that requires little to no prior knowledge of the target infrastructure. The process is a Man-in-the-Middle (MITM) attack that hijacks packets sent between IoT devices using the popular MQTT protocol. We do this by using a WiFi Pineapple from Hak5, in the device’s raw form, is a WiFi access point with specific offensive capabilities installed as software. We then pass these packets into a custom General Adversarial Network (GAN) that utilizes a Natural Language Processing (NLP) model to generate a malicious message. Once malicious messages are generated, the messages are passed back to the WiFI Pineapple and sent as a legitimate packet among the network. We then look at the efficiency of these malicious messages through different NLP algorithms. In this particular work, we analyze an array of BERT variants and GPT-2”--Abstract, page iv

Man-in-the-Middle Attack and its Countermeasure in Bluetooth Secure Simple Pairing

With the development of more types of devices which have Bluetooth as a primary option to communicate, the importance of secure communication is growing. Bluetooth provides a short range wireless communication between devices making convenient for users and thus eliminating the need for messy cables. The proliferation of the Bluetooth devices in the workplace exposes organizations to security risks. Bluetooth technology and associated devices are susceptible to general wireless networking threats, such as denial of service attack, eavesdropping, man-in-the-middle attacks, message modification, and resource misappropriation. Preventing unauthorized users from secure communication is a challenge to the pairing process. The Man-in-the-Middle attack is based on sending random signals to jam the physical layer of legitimate user and then by falsification of information sent during the input/output capabilities exchange; also the fact that the security of the protocol is likely to be limited by the capabilities of the least powerful or the least secure device type. In addition, proposed a countermeasure that render the attack impractical. We have shown that, the proposed method can withstand the MITM attack and achieving all the security needs like authenticity, confidentiality, integrity and availability as well as it is an improvement to the existing Bluetooth secure simple pairing in order to make it more secure

Seeing the Unseen: The REVEAL protocol to expose the wireless Man-in-the-Middle

A Man-in-the-Middle (MiM) can collect over-the-air packets whether from a mobile or a base station, process them, possibly modify them, and forward them to the intended receiver. This paper exhibits the REVEAL protocol that can detect a MiM, whether it has half duplex capability, full duplex capability, or double full duplex capability. Protocol is based on synchronizing clocks between the mobile and the base station, with the MiM being detected if it interferes in the synchronization process. Once synchronized, the REVEAL protocol creates a sequence of challenge packets where the transmission times of the packets, their durations, and their frequencies, are chosen to create conflicts at the MiM, and make it impossible for the MiM to function. We implement the REVEAL protocol for detecting a MiM in 4G technology. We instantiate a MiM between the 4G/5G base station and a mobile, and exhibit the successful detection mechanisms. With the shared source code, our work can be reproduced using open software defined cellular networks with off-the-shelf device

MAN-IN-THE-MIDDLE-ATTACK: UNDERSTANDING IN SIMPLE WORDS

These days cyber-attack is a serious criminal offense and it is a hot debated issue moreover. A man-in-the-middle-attack is a kind of cyberattack where an unapproved outsider enters into an online correspondence between two users, remains escaped the two parties. The malware that is in the middle-attack often monitors and changes individual/classified information that was just realized by the two users. A man-in-the-middle-attack as a protocol is subjected to an outsider inside the system, which can access, read and change secret information without keeping any tress of manipulation. This issue is intense, and most of the cryptographic systems without having a decent authentication security are threatened to be hacked by the malware named ‘men-in-the-middle-attack’ (MITM/MIM). This paper essentially includes the view of understanding the term of ‘men-in-the-middle-attack’; the current work is mainly emphasized to accumulate related data/information in a single article so that it can be a reference to conduct research further on this topic at college/undergraduate level. This paper likewise audits most cited research and survey articles on ‘man-in-the-middle-attack’ recorded on 'Google Scholar'. The motivation behind this paper is to help the readers for understanding and familiarizing the topic 'man-in-the-middle attack'

Security Threats Analysis in Bluetooth-Enabled Mobile Devices

Exponential growth of the volume of Bluetooth-enabled devices indicates that it has become a popular way of wireless interconnections for exchanging information. The main goal of this paper is to analyze the most critical Bluetooth attacks in real scenarios. In order to find out the major vulnerabilities in modern Bluetooth-enabled mobile devices several attacks have performed successfully such as- Surveillance, Obfuscation, Sniffing, Unauthorized Direct Data Access (UDDA) and Man-in-the-Middle Attack (MITM). To perform the testbed, several devices are used such as mobile phones, laptops, notebooks, wireless headsets, etc. and all the tests are carried out by pen-testing software like hcittml, braudit, spoafiooph, hridump, bluesnarfer, bluebugger and carwhisperer. KEYWORDS: Bluetooth, Security, Surveillance, Obfuscation, Sniffing, Denial of service, Man-in-the-middle.Comment: 16 page