SSL Certificates vs. Man-in-the-middle attacks
An SSL Certificate isn’t just a cute padlock next to a website URL. It was created to ensure a secure data exchange between the visitor and website by protecting these parties from any potential intrusions, such as the so-called “Man-in-the-Middle attacks”.
What is a Man-in-the-Middle attack?
A Man-in-the-Middle (MitM) attack is a cyber attack which takes place when a hacker (attacker) places himself between the client (browser) and the server (website) and impersonates one of them.
It means that the server/client actually connects to the hacker, not to the second party; the client “thinks” that it established an encrypted connection with the server, yet they both are actually “talking” with the hacker who has the possibility to view, read, and modify the transmitted data.
That’s why this cyber attack is called “Man-in-the-Middle”.
How do man-in-the-middle attacks work?
You are now reading this article from your phone or laptop. Your device sends data from your browser to Medium’s website server.
The information goes from your device to your Internet Provider and reaches the server via a protocol called HTTP. Because this protocol is not secure, any password, login credential or credit card information sent with it won’t be encrypted and can be read by anyone who is able to access it.
During a MitM attack, the hacker intercepts the sent data by breaking into the Wi-Fi connection or the Internet Provider’s network. Once he had stolen the data, he can easily read (since it isn’t encrypted) and sort it to find sensitive information.
How does cryptography address the issue of Man-in-the-Middle attacks?
Thanks to the “Asymmetric Cryptography”, known as the Public Key Cryptography, web and electronic communications are protected from MitM attacks.
This cryptographic algorithm uses the public — private key pair to perform and ensure two essential functions:
- Authentication — if a private key holder sends a message, its public key is used to verify and authenticate the holder
- Encryption — only the private key holder can decrypt this message (that was previously encrypted using the public key)
Therefore, a message can be encrypted by anyone via a public key, but it can only be decrypted by the holder via its matching private key.
In this way, a hacker won’t be able to decrypt and read any messages sent through an encrypted protocol because the key pair is negotiated only between the existing two parties.
How SSL Certificates help you defend from these attacks?
By upgrading to the HTTPS protocol.
The Public Key Infrastructure is activated through installing an SSL Certificate which contains two elements: the SSL protocol and the Certificate itself.
The SSL protocol ensures the migration to HTTPS which secures any web and electronic communication. The private key is the only one which can establish a valid connection in association with a corresponding certificate.
The Certificate authenticates the identity and trustworthiness of the owner based on the infrastructure of the Certificate Authority (CA).
Once an SSL Certificate has been installed on the server, any third-party interventions, like MitM attacks, are excluded. Even though it may have the possibility to intercept the data, the hacker can’t decrypt it because he doesn’t own the private key. The private key belongs exclusively to the server.
To trick the client that he is the “Server”, the hacker must use its own certificate. Since SSL Certificates are usually issued by reputable CAs, the hacker cannot forge any trusted SSL Certificate to make it seem like he owns it. If he tries to forge it and provide its own private key, the CA’s signature contained in the certificate will be destroyed and the browser will identify the certificate as “Invalid”.
The hacker will be forced to get a fake certificate which is not validated by a reliable CA. Again, this certificate will be certainly identified and marked as “Not Secure” by any modern browser.
In this way, an SSL Certificate eliminates the occurrence of a MitM attack.
Final thoughts
The structure of an SSL Certificate makes Man-in-the-Middle intrusive activity impossible.
These web security products have been specifically designed to protect websites and customers from this type of cyber attacks.
If you enjoyed reading this piece, clap👏 or share this article. Find out more about 🔐 SSL on SSL Dragon’s Blog or get your free “From HTTP to HTTPS” ebook.
