Mitigating Man-In-The-Middle AttacksMan-in-the-middle attacks can be mitigated effectively only through cryptography. If communication is encrypted, the attacker can capture only the cipher text. If, however, the attacker can determine or capture the session key, man-in-the-middle attacks become possible. A man-in-the-middle attack against an encrypted session can succeed only if attackers can insert themselves into the key-exchange process. Before an encrypted session can be set up, both parties must agree on a session key that will be used to encrypt traffic in both directions. To do so, both parties must either perform a Diffie-Hellman key exchange, whereby the session key is derived from a combination of private and public encryption keys, or communicate in some other fashion (preferably out-of-band) to agree on the session key. An attacker can insert themselves between the two parties in a man-in-the-middle attack in such a way that the attacker negotiates a separate session key with both parties and relays the communication sufficiently fast enough to keep up with the other two computers, as shown in Figure 9-2. Figure 9-2. Man-In-The-Middle Attack During Session Setup![]() ![]() |