MIT researchers craft defense against wireless man-in-middle attacks
MIT researchers have devised a protocol to flummox man-in-the-middle attacks against wireless networks. The all-software solution lets wireless radios automatically pair without the use of passwords and without relying on out-of-band techniques such as infrared or video channels.
Dubbed Tamper-evident pairing, or TEP, the technique is based on understanding how man-in-the-middle attacks tamper with wireless messages, and then detects and in some cases blocks the tampering. The researchers suggest that TEP could have detected the reported but still unconfirmed cellular man-in-the-middle attack that unfolded at the Defcon conference earlier this month in Las Vegas.
TEP was devised by a quartet of MIT researchers: Shyamnath Gollakota, Nabeel Ahmed, Nickolaik Zeldovich and Dina Katabi, all with the Department of Electrical Engineering and Computer Science. Their research paper, "Secure in-band wireless pairing," was presented at the recent Usenix Security Symposium and MIT has its own story about the research online.
