Presentation

on

ANALYSIS OF DIFFERENT MITM

ATTACK TYPES IN CLOUD
COMPUTING WITH THEIR
RESPECTIVE SOLUTIONS
BY :

NACORE 2016

PRIYANKA MISHRA
&
ASHUTOSH SINGH

Scenario of Cloud Computing

Cloud computing model is a rapidly growing concept in the field of IT. It

provides the following services to their customers;
Enables ubiquitous, conventional, on-demand access to shared pool of
computing resources,
Unlimited and free of cost storage space to keep our data over cloud,
Retrieval of data anytime and anywhere,
Transaction of data from cloud server to clients system,
Automated backup.
Even after all these favorable cloud services there is a
drawback of security issues in cloud which makes the cloud providers
concerned. MITM attacks are one of the main concern to be solved by the

Key concept
Middle Attack

of

Man-in-the-

A Man-in-the-middle attack is a type of cyberattack where a malicious

actor inserts him/herself into a conversation between two parties,
impersonates both parties and gains access to information that the
two parties were exchanging with each other.
Man-in-the-middle attack allows a malicious actor to intercept, send
and receive data meant for third party, or not meant to be sent at all,
without either outside party knowing until it is too late.

Example of occurrence of MITM attack 4

over cloud

Types of MITM attack and their

respective solutions

MAN-IN-THE-MIDDLE ATTACK

Wrapping
Attack

Impersonating
Attack

Flooding Attack

Browser Attack

SSL Attack

1.Wrapping Attack or XML Signature Attack

6
Situation of attack: During the message passing using SOAP
messages from web server to a web browser, an unauthorised intruder
can intercept in TLS layer. The body of the message is replicated and
sent to the server as an authentic user. The server checks the
authentication by the Signature Value (which is also duplicated) and
integrity checking for the message is done. In this way, the intruder is
able to interfere in the cloud and can run malicious code to interrupt
the
usual functioning
the
cloud
Possible
solution:ofWe
can
addservers.
a redundant bit (STAMP bit) with the
SOAP header
specifically for the appended signature value, and this bit will be
switched/toggled when the message is interfered with by an
unauthorised party during the transfer. When it is received in the
destination, the STAMP bit is checked first and if it is found toggled,
then a new signature value is generated in the browser end and the
new value sent back to the server as recorded to modify the
authenticity checking.

2. Impersonating Attack

Situation of attack: Impersonating attack can take place in two

forms;
Phishing attack, where the users are made to believe that they are
interacting with valid server by creating a web page that look similar
to the valid server page.
Verifier impersonation attack, where the attacker acts as the
verifier and lure the customer to share the authentication keys or data,
Possible
solution:
In a to
cloud
environment
impersonating
attack can
which may
then be used
authenticate
falsely
to the verifier.
be moderated by using two-factor and multi factor authentication
mechanisms that rely on personally identifiable information (PII) in
addition to passwords. Privacy enhancing protocols that secure secrets
and avoid storage of secrets can also help cloud provider to keep
impersonation attacks under control.

3. Flooding Attack

Situation of attack: If an intruder gets the authorization to make a

request to the cloud, then it can easily create bogus data and pose these
requests to the cloud server. While executing these requests, the server
first checks the authenticity of the requested jobs. Because
unauthenticated requests must be checked to verify their validity, this
process of checking consumes CPU utilization, memory and engross the
IaaS to a great extent. While processing these requests, legitimate
services can starve, and as a result the server will offload its services to
another server. Again, the same thing will occur and the adversary will
engage the whole cloud system just by interrupting the usual processing
Possible Solution: For the prevention of flooding attack over cloud
of one server, in essence flooding the system.
environment, we propose the concept of organizing all the servers into a
fleet of server over the cloud environment in such a way so that each
fleet of servers are supposed to perform the jobs according to their
specifications.

4. Browser Attack:

Situation of attack: In Browser attack, the spurious user steal the data
by destructing signature and sabotaging encryption while translation of
SOAP messages between web browser and web server. The browser
consider the adversary as a authenticated user and process all the
communication and requests with web server which causes browser attack
over cloud.
Possible Solution: The proposed solution to stop data stealing is that,
at the end of every session, the customer will send an e-Mail about the
usage and duration with a special number to be used for log in next time.
In this way, the customer will be aware of the usage and charges as well as
be availed with a unique number to be used every time to access the
system.

5. SSL Attack:

10

Situation of Attack: SSL attack takes place in cloud in two forms namely
; SSL Stripping & SSL Sniffing attack.
SSL Stripping: Because of this lack of standard there is no such assurance
that the provider is a legitimate provider or not. Such weakness of SSL is
exploited in the stripping attack which is launched by embedding a null
character in a domain name containing the name of a valid certifying
authority.
SSL Sniffing attack: The public key is dispatched to the client by the
server in the form of certificate signed by the certifying Authority (CA).
The intermediate CA certificates, does not guarantee the legitimacy of
the website and are not embedded in the browser. This limitation of SSL
certificate can be misused by the attackers to launch an SSL Sniffing
attack.

11
Possible solutions Using encrypted communication & side-channel
authentication of the TLS always, is the only and reliable way to
prevent/detect Stripping attack. This means in practice that after a key
exchange the server and the user end up with certain shared secrets or
keys.
For preventing Sniffing attack, cloud vendors must construct such web
browsers that apply WS-Security concept. WS-Security provides end-to-end
encryption and does not have to be decrypted at intermediary hosts.
Consequently,
are unable
andcommon
gain plain
text
SOAP
Conclusion:attackers
MITM attacks
are to
thesniff
most
type
of ofattacks
messages
at the
hosts.users over cloud. Thus, to maintain the
implemented
by intermediary
the unauthorised
reliability of the cloud users we must be aware of these attacks possibilities
and should employ the more stringent layers of security to detect and
prevent such attacks to protect the confidential data over cloud. By
implementing all the above possible solutions for their respective attacks we
can avoid the attackers intention to exploit the data over cloud.

12

THANK YOU