Man-in-the-middle Research Articles

Hybrid Cyber-Physical Intrusion Detection System for Smart Manufacturing

Smart manufacturing is an important part of our critical infrastructure and is the current age of industry where physical components such as robotic arms, 3-D Printers, CNC machine, etc. are all interconnected and remotely controlled or automated to provide a major boost in efficiency. While being more effective, the cyber-physical integration expands the attack surface of these systems for any potential threats to act on and exploit. This integration also creates gaps in the current intrusion detection systems (IDS) and the research of such systems as they focus on either the cyber or physical components of these system, which leaves blind spots when an attack can only be detected by using either cyber or physical features. This paper fill that research gap by creating a cyber-physical testbed, launching denial of service and physical hijacking attacks, collecting benign and malicious data, and creating a hybrid IDS using K-Nearest Neighbors and Decision Tree models that consider both cyber and physical features. Our proposed hybrid IDS achieves an accuracy of 97.2% which was roughly the same as separate cyber and physical IDSs, but there was a significant boost in precision (98.4%), recall (94.2%), and F1 score (96.1%) when using the hybrid IDS compared to the separate IDSs.

Enhancing MQTT security for internet of things: Lightweight two-way authorization and authentication with advanced security measures

The MQTT (Message Queuing Telemetry Transport) protocol used the pub-sub model for IoT communication. Bolstering security with two-way authentication becomes a critical necessity. This paper presents a novel algorithm that fortifies MQTT with enhanced security measures, utilizing a refined MQTT implementation that integrates with a Merkle tree. HBMQTT Broker increases security as it uses different plugins, like the authentication plugin and the authorization plugin. These plugins serve to add extra layers of protection, reinforcing security protocols and heightening resilience to potential threats. The Merkle tree integration enhances data security during data transmission, effectively distinguishing between authentic and inauthentic data streams. Merkle trees generate tokens, which are used for secure data transmission. The algorithm is tested with four different hacking adversarial attacks: man-in-The-Middle (MITM), malware attack, denial of service (DoS), and phishing attack. Space and time complexity are also calculated for these attacks.

GOVERNMENT SCHEME SPECULATION SYSTEM

The public authority presents a ton of plans for general society, however a large number of them don't fulfill every one individuals. They think their thought is superior to else's. Individuals might communicate their complaints, however it depends on the public authority to conclude which plan to execute. Individuals might feel like their complaints are not being heard and that their thoughts are not considered, at the end of the day, settling on the most ideal choice for everyone is the public authorities. This venture's purpose is to focus on open ideas and afterward carry out the new plan. The Chatbot-Based Government Plan Hypothesis Framework presents a creative way to deal with upgrade resident commitment and availability to government plans. In this framework, chairmen are enabled to enter plot subtleties, view appraisals, and examine client ideas, cultivating straightforwardness and responsibility. A critical element of the framework is the reconciliation of a complex chatbot, utilizing normal language handling to determine client questions and give itemized data about government plans. Residents can undoubtedly interface with the chatbot to ask about qualification standards, application strategies, and other plan related subtleties, smoothing out the most common way of getting to essential data. By joining managerial functionalities with client driven chatbot help, the framework expects to overcome any barrier among residents and government plans, at last advancing more noteworthy interest and comprehension of public drives. Keywords: Privacy Preserving, E-Government, middle-man attack, Government plan Hypothesis framework (GHF)

A Lightweight Symmetric Cryptography based User Authentication Protocol for IoT based Applications

The utilization of IoT is expanding across various domains, including telecare, intelligent home systems, and transportation networks. In these environments, IoT devices generate data gathered on remote servers, requiring external users to authenticate themselves to access the data. However, existing authentication protocols for IoT must meet the crucial requirements of speed, security against multiple attacks, and ensuring user anonymity and un-traceability. The main objective of this work is to find lightweight symmetric cryptography-based user authentication protocol tailored for IoT-based applications, focusing on MIM (Man-in-the-Middle) attack prevention, enhanced anonymity, and secure communication between IoT nodes and remote servers via IoT gateways. Existing protocols often lack sufficient defenses against MIM attacks and do not adequately address the need for enhanced user anonymity and secure communication channels within the IoT framework. Our research has identified that authentication techniques based on pairing are susceptible to attacks targeting temporary session-specific data, impersonation, privileged insiders, and offline password guessing. Furthermore, using bilinear pairing in these techniques requires significant computational and communication resources to address the security as mentioned above concerns. A new authentication mechanism must be proposed and designed explicitly for IoT scenarios. The proposed approach exclusively utilizes hash and exclusive-or operations to ensure suitability within the IoT context; thoroughly evaluated the recommended protocol against existing authentication protocols, employing both informal and formal analytical routines like BAN logic, ROR model, and AVISPA simulation. Our findings suggest protocol not only enhances performance but also enhances security. The proposed approach is a tried-and-true strategy for improving security rules in practical Internet of Things (IoT) settings addressing the inherent challenges posed by authentication requirements in IoT environments. The accuracy 98.93%, and Node detection rate 46.57% were improved which is a better outcome.

Authentication, Authorization, Access Control, and Key Exchange in Internet of Things

The Internet of Things (IoT) is a dynamic network of devices and infrastructure supporting instances composed to platforms being based on cloud/fog and blockchain technologies. Its intervention in more and more sensitive areas requires IoT entities (devices and platform instances) to communicate with each other via secure channels generally established by using cryptographical methods. This needs an authentic key exchange, which in turn requires an authentication process. Moreover, it has to be ensured that client entities can access only authorized services provided by authorized server entities. Additionally, requirements specifically introduced by IoT complicate realizing these security goals even more. This article introduces a novel approach providing authentication, authorization, access control, and key exchange in instance-to-instance, device-to-instance, and device-to-device communications to handle cloud/fog-based and blockchain-based platforms. In contrast to related work, realizations of these security goals are not disjunct processes and are integrated with each other in our approach combining zero-knowledge and identity-based schemes while meeting the IoT security requirements. Thus, it does not require any public data pre-distribution or secret pre-sharing between communicating entities, and no entity has to hold any device-specific or instance-specific data to be used for authentication or authorization. While supporting the autonomous character of IoT, our approach is independent of application and platform types without requiring additional components or procedures. Moreover, it is resistant to active man-in-the-middle attacks and does not include costly cryptographic operations. This article also demonstrates the high performance of our approach with regard to multiple affecting factors.

PIoT-blockchain-enabled security framework for strengthening IoT device identity and data access

The Internet of Things (IoT) connects billions of devices, but concerns about data security and device identification have grown. This study introduces Proof of IoT (PIoT), a novel consensus method using blockchain-based smart contracts to ensure secure data transfer and device authentication in IoT networks. PIoT employs NuCypher-based security computations for authentication and data updating, ensuring only authorized parties access blockchain-recorded information. A reward-based filtering mechanism identifies malicious nodes, bolstering consensus integrity. Simulations demonstrate PIoT's superior performance compared to conventional methods, showing a 74.7% and 96.8% improvement over LPBFT and DAC4SH Consensus, respectively. PIoT enhances blockchain security under IoT by 15% compared to DAC4SH. Beyond facilitating secure IoT device communication, this approach mitigates various IoT attacks, offering a comprehensive solution to emerging IoT security challenges. ABBREVIATION: DAC4SH, Data access control scheme for smart home; DDoS, Distributed denial of service; DoS, Denial of Service; DTLS, Datagram Transport Layer Security; IoT, Internet of Things; LPBFT, Lightweight Particle Byzantine fault tolerance; MAC, Message authentication code; MITM, Man in the Middle; PBFT, Practical Byzantine Fault Tolerance; PIoT, Proof of IoT; TLS, Transport Layer Security

Enhancing Trust and Security in IoT Architecture for Low-Cost Microcontroller Devices using Elliptic Curve Cryptography

Abstract—In the rapidly expanding universe of the Internet of Things (IoT), low-cost microcontroller devices, such as the NodeMCU, have become ubiquitous. While these devices have transformed how we interact with the physical world, they also introduce significant security vulnerabilities. Chief among these is susceptibility to man-in-the-middle (MITM) attacks, which pose a serious risk to the confidentiality and integrity of data transmitted across these networks. This study addresses this critical issue by proposing the adoption of Elliptic Curve Cryptography (ECC), a cryptographic method known for its efficiency and strong security, despite the computational limitations of low-cost IoT devices. We conducted an experiment demonstrating the ease with which an MITM attack can intercept data from a NodeMCU device. Following this, we implemented ECC to secure data transmission, showcasing its viability as a lightweight yet robust security solution. Our research not only highlights the pressing need for enhanced security measures in the IoT ecosystem but also provides a practical framework for securing low-cost microcontroller devices against sophisticated cyber threats. Through our findings, we contribute to the development of more secure, trustworthy IoT architectures, ensuring that these devices can continue to safely serve as integral components of our digital lives. Keywords—NodeMCU, ESP8266, Data theft, Elliptic Curve Cryptography, Man-in-the-middle attack

MitM attacks on intellectual property and integrity of additive manufacturing systems: A security analysis

Additive Manufacturing (AM) was originally invented to reduce the cost of the prototyping process. Over time, the technology evolved to be faster, more accurate, and affordable. These factors, in addition to the potential use of AM in parts production, have helped rapidly drive the growth of AM in both industrial and personal uses. Thus, there is an accompanying demand to understand the cybersecurity implications of such systems. In our research, we present an in-depth security review of Stratasys Dimension Elite and show how manufacturers of such high-end 3D printers failed to protect the confidentiality and integrity of the printed 3D models. Revealing the intricate dimensions of cyber threats within the realm of AM and laying the foundation for understanding the multifaceted nature of attacks, offering insights into vulnerabilities and potential consequences. Moreover, we demonstrate the massive impact network attacks can have on 3D printers' communication channels. Our sniffing attack stole transmitted models with a minimal overhead of 0.015 seconds to evade detection. The developed replacement attack targeted and replaced specific models with offline-prepared models. Also, we automated a sabotaging attack to alter the interior model structure on the fly with minimal visual but significant strength differences. By revealing these attacks, this research not only improves the security posture of 3D printers but also enhances the understanding of security challenges in additive manufacturing as a whole.

Multi-Layered Coordinated Countermeasures for DC Microgrid Clusters Under Man in the Middle Attack

Multi-Layered Coordinated Countermeasures for DC Microgrid Clusters Under Man in the Middle Attack

Exploring the EV Charging Ecosystem and Performing an Experimental Assessment of its Cloud and Mobile Application Infrastructure Security

The security of Electric Vehicle (EV) charging has gained momentum after the increase in the EV adoption in the past few years. Mobile applications have been integrated into EV charging systems that mainly use a cloud-based platform to host their services and data. Like many complex systems, cloud systems are susceptible to cyberattacks if proper measures are not taken by the organization to secure them. In this paper, we explore the security of key components in the EV charging infrastructure, including the mobile application and its cloud service. We conducted an experiment that initiated a Man in the Middle attack between an EV app and its cloud services. Our results showed that it is possible to launch attacks against the connected infrastructure by taking advantage of vulnerabilities that may have substantial economic and operational ramifications on the EV charging ecosystem. We conclude by providing mitigation suggestions and future research directions.

A Review about Internet of Things (IoT) integration with Cloud Computing with a Limelight on Security

Cloud computing has become a pivotal and widely embraced technology due to its accessibility and cost-effectiveness. This review explores the intersection of cloud computing and Internet-of-Things (IoT) devices, highlighting the remarkable advancements made in resource utilization and storage methods. However, this rapid growth has also raised concerns about security. Through an in-depth analysis of recent research, we examine the security challenges associated with IoT-based cloud computing, including account hacking, phishing, malware, middleman attacks, and service denial. We also discuss the potential benefits, architectural integration options, and the impact of IoT on cloud computing. This review paper categorizes findings and solutions from recent research papers, ultimately shedding light on the vulnerabilities and weaknesses of IoT-based cloud computing, along with its performance and stability issues.

BGP hijack attack policy against AS topology map

We focus on the activities of the adversary group targeting Autonomous Systems (AS). Many cases of large-scale disruptions and eavesdropping have been caused by Border Gateway Protocol (BGP) hijack, we evaluate the possibility of attack tactics and propose an attack strategy against AS connections using BGP hijack. Our computer simulations derive a local topology map of AS based on public log data. Using such a topology map, we evaluate the impact of the adversary group’s activity. From the results of computer simulations, we suggest two policies that allow adversary groups to execute attacks more efficiently; how to select the target area from the viewpoint of the attack Scenario and how to select the best attack Scenario from the given target area. Additionally, we analyze trends in the location of the ASes to be attacked. This allows AS managers to estimate the effective protection for more reliable operations.

Evaluating the Impact of Cyberattacks on PLC Performance: A Systematic Implementation and Empirical Investigation

Programmable Logic Controller plays a pivotal role in the operation of Industrial Control Systems, which are widely used to monitor and control critical infrastructure and manufacturing processes. However, the rise of Industry 4.0, coupled with the increasing sophistication of cyber threats poses a significant risk to the security of PLC. This study implements a wide range of attacks on a PLC, including Code Injection, Man in the Middle, and a Denial-of-Service attack. The study further scrutinizes the impact of these attacks on the performance of the PLC with a view to developing effective security measures to mitigate cyber risks in Operational Technology systems. The study employs throughput and round trip time as the key metrics to evaluate PLC performance under normal conditions and during cyberattacks. The results indicate a significant degradation in the PLC performance metrics during the attacks, with DoS having the highest impact followed by Man in the Middle attack. These results highlight the need for robust cybersecurity measures to secure PLC from potential cyber threats.

A Secure Scheme to Counter the Man in the Middle Attacks in SDN Networks-Based Domain Name System

A Secure Scheme to Counter the Man in the Middle Attacks in SDN Networks-Based Domain Name System

Unveiling Vulnerabilities of Web Attacks Considering Man in the Middle Attack and Session Hijacking

Unveiling Vulnerabilities of Web Attacks Considering Man in the Middle Attack and Session Hijacking

Securing MQTT: unveiling vulnerabilities and innovating cyber range solutions

The Message Queuing Telemetry Transport (MQTT) protocol, widely used in various industries for Machine-to-Machine (M2M) communication, plays a central role in the IoT architecture. However, despite its widespread adoption, an analysis conducted on the shodan search engine revealed up to 540531 vulnerabilities worldwide as of April 2024, underscoring the security challenges facing this protocol. How can an innovative cyber range system be designed to assess and improve the security of MQTT protocols, focusing on in-depth vulnerability analysis, authentication strategy development, and targeted countermeasures against specific attacks? The study includes an analysis of relevant articles, followed by classification into five different categories. Furthermore, the presentation of a cyber range that exposes various attacks, such as replay attacks, Man-In-The-Middle (MITM), Denial of Service (DoS)/Distributed DoS(DDoS), and cam-hackers, enhances the understanding of MQTT protocol vulnerabilities, emphasizes the critical importance of strengthening security, and serves as a reference for new researchers in the field.

BIDS: Blockchain and Intrusion Detection System Coalition for Securing Internet of Medical Things Networks.

The benefits of the Internet of Medical Things (IoMT) in providing seamless healthcare to the world are at the forefront of technological advancement. However, security concerns of any IoMT systems are high since they threaten to compromise personal information of patients and can even cause health hazards. Researchers are exploring the use of various techniques to ensure a high level of security of IoMT systems. One key concern is that the computing power of any Internet of Things (IoT) device is relatively low, hence mechanisms that require low computational power are appropriate for designing Intrusion Detection Systems (IDS). In this research work, a blockchain IDS coalition is proposed for securing IoMT networks and devices. The blockchain ledger is compact and uses less processing resources. Additionally, the ledger requires less communication overhead. The cryptographic hashes in the suggested architecture ensure complete data secrecy and integrity between parties who are trusted and those who are untrustworthy. Peer-to-peer networks in both central and cluster networks are also included in this work for complete decentralization. The proposed model can counter various attacks, including Denial of Service (DoS), anonymity attacks, impersonation attacks, Man-In-The-Middle (MITM), and Cross-Site Scripting (XSS). The proposed method achieved an F1- score as high as 100% and reported an AUC value of over 99%.

On the Complexity of the Web’s PKI: Evaluating Certificate Validation of Mobile Browsers

Digital certificates are frequently used to secure communications between users and web servers. Critical to the Web's PKI is the secure validation of digital certificates. Nonetheless, certificate validation itself is complex and error-prone. Moreover, it is also undermined by particular constraints of mobile browsers. However, these issues have long been overlooked. In this paper, we undertook the first systematic and large-scale study of the certificate validation mechanism within popular mobile browsers to highlight the necessity of reassessing it among all released browsers. To this end, we first compile a comprehensive test suite to identify security flaws in certificate validation from various aspects. By designing and implementing a generic, automated testing pipeline, we effectively evaluate 30 popular browsers on two mobile OS versions and compare them with five representative desktop browsers. We found the latest mobile browsers Accept as many as 33.2% invalid certificates and Reject merely 5.4% invalid ones on average, leaving the majority of them to be decided by users who usually have little expertise. Our findings shed light on the severity and inconsistency of certificate validation flaws across mobile browsers, which are likely to expose users to MITM attacks, spoofing attacks, and so forth.

The development of countermeasures against session hijacking

This article provides information about Session Hijacking and discusses countermeasures to prevent Session Hijacking attacks. In modern web applications and sites much vulnerability, which developers often do not pay attention to, are occurred. The paper presents a practical implementation of one of the attacks (MITM), and also proposes methods to counteract and protect against most types of attacks. The main purpose of this paper is to study Session Hijacking attacks and to propose countermeasures against them and existing vulnerabilities.

Unlocking Security : The World of Ethical Hacking

As nowadays all the information is available online, a large number of users are accessing it, some of them use this information for gaining knowledge and some use it to know how to use this information to destroy or steal the data of websites or databases without the knowledge of the owner. The purpose of this paper is to tell what is hacking, who is hackers, what is ethical hacking, what is the code of conduct of ethical hackers and the need of them. A small introduction of Linux Operating System is given in this paper. All the techniques are performed on the Linux operating system named Kali Linux. After this some basic hacking attacks covered in the paper are MiTM Attack (Man in The Middle Attack), Phishing Attack, DoS Attack (Denial of Services Attack). Further what is Wi-Fi, what are the techniques used in the Wi-Fi protection and the methods used by the hackers to hacks Wi-Fi passwords is covered in the paper.