How to Stop Man in the Middle Attacks Part 1

Encryption

In an earlier post I linked to a video from Khan Academy that talked about how encrypted communication works. Unfortunately that video series left out a very important thing to be aware of about encryption, and that’s man in the middle attacks.
If you haven’t watched that video series I would recommend watching it again. Here‘s the link to the video again just in case you need it.

The story:
Now that Alice and Bob have figured out the Diffie-Hellman key exchange they are now safe from Eve’s eavesdropping; however Eve doesn’t give up easily and so she calls in her big sister Mallory. You see Alice and Bob are communicating over the Internet. When messages travel through the Internet they don’t just jump from point A to point B. Instead they jump from one computer to another until they reach their destination. Mallory in this analogy is one of the computers that their messages have to pass through.

Mallory can do some things that Eve can’t do. Eve could only read their messages; however all messages have to go through Mallory and thus she has the following abilities:
*Refuse to carry a given message (AKA “dropping packets”),
*Modify a message before delivering it,
*Create a message where she pretends to be Alice or Bob,
*and read the messages being sent through.

Since Mallory has these abilities she can do a “man in the middle attack”. Here’s how it works:
First Alice tries to do a Diffie-Hellman key exchange with Bob.

Alice begins her part of the key exchange thinking that she’s establishing an encrypted connection with Bob when in reality she’s forming an encrypted connection with Mallory and Bob does the same.
Now Mallory has an encrypted connection with Alice and Bob, and can eavesdrop on them by decrypting messages sent by Alice, reading them, encrypting them, and sending them to Bob.

To stop this from happening we need to find some way to either stop Mallory from altering/replacing the messages or detect when she does this.

Unfortunately it’s impossible to stop her from altering/replacing the message so instead we’ll have to detect her tampering with public/private key cryptography. I will go over public/private key encryption in the next post.

How to encrypt your home folder.

Computer Security, Computer Software, Encryption

Here‘s a brief tutorial on how to encrypt all the files in your home directory so that they will need to be decrypted with a password at startup.

It works by using public and private key cryptography. Basically the computer generates a few small files that are used to encrypt and decrypt all your files as you access them. This encryption key is initially encrypted with your password since passwords are mainly just good for encrypting small files.

The advantage to this is that if you lose your computer no one will be able to get your personal files since they are encrypted. The cost to this is that it will slow your computer down by a small amount and if you delete this encryption key then you won’t be able to decrypt your files.

You should also probably create encrypted backups of all your files in case that key is deleted. For backing up your data I would recommend “backintime-gnome” and here is a tutorial on creating an encrypted partition for backing up your files to.

Google cardboard

Uncategorized

A few days ago I was able to create my own Google cardboard which is a virtual reality headset made out of cardboard, a smart phone and various other things. So far I’ve managed to improve upon its design by stapling rubber bands on to the side. Like such:

staple

You can also combine rubber bands without having to break them using the following method:

Unfortunately I wasn’t able to turn around in the VR. It seems that most Android phones lack a part called a “gyroscope” that would allow it to better detect where I’m looking.