An Overview of Man-In-The-Middle Attack
The data link layer, layer 2, forms the second layer of Open Systems Interconnection model (OSI) of computer networking, which is comprised of seven-layers. The data link layer is responsible for transfer of data between nodes on a network segment across the physical layer, providing function and protocols for data transfer.
The data link layer’s function of transferring data between nodes utilizes MAC and IP addresses (source and destination), data length, start signal, and other information. This function reveals the data link layer’s two sublayers: the Media Access Control (MAC) and the Logical Link Control (LLC) which respectively controls interactions with devices and addressing and multiplexing. The understanding of the network topology can be seen in the network connections such as Ethernet allowing the physical addressing for transfer of data bits into frames. The most common devices of the data link layer are network switches.
Note: The data link layer is involved in many different aspects of network communication as it provides logical data bit organization transmission. The data link layers responsibility for defining the framing and addressing of Ethernet packets has many different sub-functions when transforming transmissions error free in the Network layer, and should be understood fully to avoid a variety of attacks and issues that can occur in this layer.
At the data link layer, attacks occur due to vulnerability of the interface between the host and the network systems. The data link layer is responsible for the efficient communication of data between machines connected to the network (Kroenke, 2013). As a result of this function of the link layer, the system becomes vulnerable to attacks which attempt to exploit the use of IP addresses and MAC addresses which is known as the Man-in-the-Middle attack.
Man-in-the-Middle Attack (MiTM)
In the man-in-the-middle attack, the intruder broadcasts the IP address of a machine that will be attacked along with a MAC address (Kroenke, 2013). As a result of this communication, the neighboring switches are then updated and transmit data to the attacker’s system. Typically, the defense to this attack is to use a certified address routing protocol. This defense is difficult when dealing with wireless and dynamic IPs.
The primary defense for this attack is the PKI mutual authentication. Mutual authentication requires that both the client and server validate the certificates from a root authority. This involves using virtual networks and tunneling (Kroenke, 2013). This is not always cost effective or practical for many networks. Currently, some networks are using public key hash or visual communication that must be verified such as a picture. This provides another layer of security without expending large amounts of resources.
Kroenke, D. (2013). Experiencing MIS (4th Edition). New Jersey: Prentice Hall.