Implementing a Man-in-the-Middle Attack (CNG Example)
The Cryptography Next Generation (CNG) secure communication example demonstrates a man-in-the-middle attack in which a third party (Mallory) inserts himself between two communication endpoints (Alice and Bob).
The CNG example uses named pipes to provide interprocess communication. Alice always acts as a named pipe server, and Bob always acts as a named pipe client. Mallory assumes a client role with Alice (that is, he impersonates Bob) and a server role with Bob (that is, he impersonates Alice). This is called substitution, which is a classic man-in-the-middle attack.
For detailed information about this scenario, see Step-by-Step Key and Message Exchange (CNG Example).
In the CNG example, the word "impersonation" is used to refer to the substitution of Mallory for Bob, or Mallory for Alice. However, impersonation also has a specific meaning in reference to named pipes, as discussed in the documentation for the NamedPipeServerStream.RunAsClient(PipeStreamImpersonationWorker) method.
Digital Signatures
Digital signatures are often used to prevent man-in-the-middle attacks. Typically, signature keys are provided and maintained by a public key infrastructure (PKI). The PKI is rarely local to the computer. It is usually supported by a security or administration group, or a certification authority. The use of such an infrastructure is beyond the scope of this example. Instead, the example shows how to use the CNG classes to create local digital signature keys.
Insertion Points
A man-in-the-middle attack requires an insertion point in the signal chain. This can occur when physical hardware devices that handle messaging have been compromised. For example, wires can be switched or rerouted, and telecommunication servers can be breached and possibly electrically reconfigured. However, a more likely technique involves reconfiguring the software that maintains the network. For example, ports can be reassigned or rerouted, and a software insertion point can be established in the communication application.
A Small Loophole
When a file is opened in write mode, it is locked against use by other applications. Similarly, when a pipe client connects to a pipe server, the pipe becomes locked for exclusive use by the client, and remains locked until the client has disconnected.
An established client/server channel is very difficult to break into. However, in the CNG example, Mallory is easily able to intercept and change the messages between Alice and Bob. Mallory does not, in fact, break into an established pipe channel. Instead, Mallory takes advantage of a small loophole that was overlooked by the company's communication protocols.
Alice and Bob were instructed to use the PublicChannel pipe to share the name of a private channel, and then use the private channel for sales contacts. These instructions enable Mallory to obtain the name of the private channel and insert himself between Alice and Bob. The next two sections explain how.
Timing
Often, the success of a man-in-the-middle attack depends on something subtle, such as timing. The CNG example demonstrates that concept.
Mallory knows that the new instant messaging (IM) software that the company has developed relies on named pipes. He knows that Alice and Bob will open a pipe named PublicChannel. He also knows that Alice will send the name of a second pipe to Bob. Alice and Bob will close the PublicChannel pipe, and then open and use the second pipe to exchange information about sales contacts.
To steal the sales contact information, Mallory has to obtain the name of the second pipe from Alice and prevent Bob from obtaining it. To accomplish this, all he has to do is open the client end of the PublicChannel pipe before Bob does.
The source code uses a 200-millisecond wait in the System.Threading.Thread.Sleep(200) statement in Bob's Run method to allow this interception. The wait statement is deliberate and highly visible, because the purpose of the example is to demonstrate a man-in-the-middle attack. In the real world, security scenarios are much more difficult to analyze. They involve a mix of software applications, transmission protocols, network authentication, user accounts, logging, permissions, user training, traffic monitoring, and other analysis techniques.
Despite these sophisticated methods, a simple 200-millisecond propagation delay in a network server might easily pass unnoticed for months. This is why five separate versions of the CNG example were created before the interceptions were finally defeated.
Substitution
By intercepting the name of the second pipe (AliceAndBobChannel), Mallory is able to eavesdrop on Alice and Bob's communications, and change the messages they send to each other. Here is how he accomplishes this substitution:
Alice opens the PublicChannel pipe in server mode, and waits for Bob to connect.
Mallory connects to the PublicChannel pipe in client mode, and receives the name of the second pipe (AliceAndBobChannel) from Alice.
Alice and Mallory close the PublicChannel pipe.
Alice opens the AliceAndBobChannel pipe in server mode, and Mallory connects to it in client mode.
Mallory connects to Bob as a server over the PublicChannel pipe, and Bob connects as a client.
Mallory sends Bob the pipe name AliceAndBobChannel1 (that is, he changes the name slightly). Bob believes he is receiving this information from Alice.
Mallory and Bob disconnect from the PublicChannel pipe.
Mallory opens the AliceAndBobChannel1 pipe as a server, and Bob connects to it as a client.
Mallory has now successfully inserted himself between Alice and Bob.
Mallory continues to act as a client to Alice (over the AliceAndBobChannel pipe) and as a server to Bob (over the AliceAndBobChannel1) pipe. He can now read, change, and retransmit messages as he wishes. Neither Alice nor Bob realizes that someone is intercepting and changing their messages.
A successful man-in-the-middle attack is often subtle. To escape detection, Mallory maintains a low profile and changes the sales contacts only slightly. He does not want his changes to be noticeable.
Conclusion
Discovering the man in the middle takes time, patience, and great care. This example concerns a single, 200-millisecond wait. One fifth of a second is enough to compromise the whole sales department.
See Also
Concepts
.NET Framework Cryptography Model