Computational Intelligence and Security System †MyAssignmenthelp

Question: Discuss about the Computational Intelligence and Security System. Answer: Introduction: Man in middle attack is a privacy attack on cryptography and computer security where an attacker targets a conversation between two parties without their knowledge. The conversation can be in form of email, social media, and web surfing. The attacker eavesdrop the conversation in order to collect confidential information from the conversation. According to Aggarwal and Nandi (2015), Wi-Fi or wireless networks are more vulnerable to a number of attacks including the man in the middle attack due to the openness of the medium. A common vulnerability of hole 196 present in WPA2 or Wi-Fi protected access can be exploited by the attacker for accessing the encrypted network. Yang et al., (2012), investigate an Address Resolution Protocol spoofing, which is based on the man in the middle attack. The man in the middle attack is a major malicious code attacks that damage the industrial infrastructure directly. This type of attack is dangerous as it can modify and compromise the secure and the reliable operation of wireless networks. The scenario of man in the middle attack involves the attacker as the third party, and act as an intercommunicating node between a server and the client. The attacker captures the messages between a server and the client. The attacker then alters the messages before it reaches the receiver (Kumar, Verma Tomar, 2013). However, in case of a wireless domain, the shared channel will require to undergo the association and disassociation phase for communication. This attack is possible in ARP, as the response of the request packet is not authenticated and therefore; any node is allowed on behalf of any other node can send a request in a network. The attacker makes use of this vulnerability. Furthermore, the stateless nature of does not requires a matching request and therefore, man in the middle attack is more prominent here. Zhao and Ge, (2013), discusses that the man in the middle attack is prominent in smart objects such as Internet of Things as well. It is generally assumed that no third party is able to intercept the messages of two communicating parties in an IOT environment. This type of attack is dangerous as the attacker can even track an objects location using this method that can give rise to privacy risks for the user of Internet of Things. The attacker after getting access to the IOT environment may attempt to extract the security information and misuse it. Man in the middle attack is prominent in TLS as well, which is an essential building block for virtual private networks. The security in TLS mainly deals with authentication and key exchange. Absence of proper security in key exchange results in man in the middle attack. The security in the key exchange process in TLS is mainly achieved using Public Key Infrastructure or PKI (de la Hoz et al., 2014). Researches prove that man in the middle attack on PKIs has considerably increased over the years. This is because the attackers make use of the vulnerability of classical PKI model. A number of security concerns have arisen over the years, which proves that TLS is prone to man-in-the middle attacks. Man in the middle attack is prominent in fog computing as well. In this particular attack, the gateways, that serve as fog devices are targeted and are compromised or replaced by the fake ones. Furthermore, it is impossible for the traditional anomaly detection method to detect or expose the man in the middle attacks (Lee et al., 2015). Encryption is not a feasible option in preventing this attack in fog computing as it is tough to establish communication between fog node and IOT devices with the help of encryption. With the increase in the number of wireless users with the increase in availability of the mobile devices in lower costs, the man in the middle attack posses a real threat to the wireless network security. The attacker, on gaining the control over the system collects the packets coming from the sender and channelize to the receiver after recording the packet stream. There is no data loss between the system and therefore, the sender or receiver cannot identify the threat. In this attack, ARP poisoning is widely used, where the attacker working on the same local area network of that of the victims steals information of data sessions. Various methods are used for implementing a man in the middle attack, which are ICMP MITM, DNS MITM, DHCP MITM, cookie hijacking, SSL MITM and so on (Noor Hassan, 2013). In ICMP, attacker at first pings the whole subnet to find out the hosts that are down and then waits for the hosts to be pinged by others. DNS on other hand sniffs the traffic on network by ARP spoofing. Cookie hijacking makes use of certain cookie stealing scripts to steal the cookie data (Sheldon et al., 2012). Therefore, it can be said that man in the middle attack is more prominent in wireless network security. References Agarwal, M., Biswas, S., Nandi, S. (2015). Advanced stealth man-in-the-middle attack in wpa2 encrypted wi-fi networks.IEEE Communications Letters,19(4), 581-584. de la Hoz, E., Cochrane, G., Moreira-Lemus, J. M., Paez-Reyes, R., Marsa-Maestre, I., Alarcos, B. (2014, June). Detecting and defeating advanced man-in-the-middle attacks against TLS. InCyber Conflict (CyCon 2014), 2014 6th International Conference On(pp. 209-221). IEEE. Kumar, R., Verma, S., Tomar, G. S. (2013). Thwarting address resolution protocol poisoning using man in the middle attack in WLAN.International Journal of Reliable Information and Assurance,1(1), 8-19. Lee, K., Kim, D., Ha, D., Rajput, U., Oh, H. (2015, September). On security and privacy issues of fog computing supported Internet of Things environment. InNetwork of the Future (NOF), 2015 6th International Conference on the(pp. 1-3). IEEE. Noor, M. M., Hassan, W. H. (2013). Wireless networks: developments, threats and countermeasures.International Journal of Digital Information and Wireless Communications (IJDIWC),3(1), 125-140. Sheldon, F. T., Weber, J. M., Yoo, S. M., Pan, W. D. (2012). The insecurity of wireless networks.IEEE Security Privacy,10(4), 54-61. Yang, Y., McLaughlin, K., Littler, T., Sezer, S., Im, E. G., Yao, Z. Q., ... Wang, H. F. (2012). Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in smart grid SCADA systems. Zhao, K., Ge, L. (2013, December). A survey on the internet of things security. InComputational Intelligence and Security (CIS), 2013 9th International Conference on(pp. 663-667). IEEE.