MIT researchers craft defense against wireless man-in-middle attacks

[InfoSec News <alerts () infosecnews org>]

http://www.networkworld.com/news/2011/082411-mit-tep-250077.html

By John Cox
Network World
August 24, 2011

MIT researchers have devised a protocol to flummox man-in-the-middle 
attacks against wireless networks. The all-software solution lets 
wireless radios automatically pair without the use of passwords and 
without relying on out-of-band techniques such as infrared or video 
channels.

Dubbed Tamper-evident pairing, or TEP, the technique is based on 
understanding how man-in-the-middle attacks tamper with wireless 
messages, and then detects and in some cases blocks the tampering. The 
researchers suggest that TEP could have detected the reported but still 
unconfirmed cellular man-in-the-middle attack that unfolded at the 
Defcon conference earlier this month in Las Vegas.

TEP was devised by a quartet of MIT researchers: Shyamnath Gollakota, 
Nabeel Ahmed, Nickolaik Zeldovich and Dina Katabi, all with the 
Department of Electrical Engineering and Computer Science. Their 
research paper, "Secure in-band wireless pairing," was presented at the 
recent Usenix Security Symposium and MIT has its own story about the 
research online.

The group says TEP can be used to protect communications between 
devices, or between devices and base stations or access points, for any 
type of wireless connection.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/