Man-in-the-Middle Attack

During the man-in-the-middle attack, the hidden intruder joins the communication and intercepts all messages.

First, the attacker creates two secret keys. Then, he uses the first key to start the communication with the first side. The received answer is encrypted but the intruder can decrypt it easily, as he knows the key. He encrypts the message again, this time with the second key. The encrypted message is then send back to the second side. Then, after receiving the answer from the second side, he decrypts the message, reads it, encrypts by the first key and sends back to the first site. In this way, the whole communication moves through the attacker. He can receive a lot of information about the whole system and even successfully impersonate authorized persons and reach the access for hidden data.

To defend against this attack, a strong mutual authentication method must be used before starting transmission of secret data. The other way of protection is to use known public keys, which can be reach from for example known databases, instead of using any encryption key obtained from one of the sides of the communication (so in this case - from the attacker).

This attack is often used for eavesdropping the communication with Wi-Fi access points or with base stations in GSM networks. As an example, you can refer to the KRACK attack against WPA2.