Research On Lightweight Method Against Man-in-the-middle Attack

The man-in-the-middle attack(MITM)is a kind of attack method that occurs in the communication process of legitimate participants.The adversary hides among multiple victims and intercepts the data in the channel by means of deception and impersonation,thus destroying the confidentiality,integrity and availability of the data.This type of attack has a long history and can theoretically occur in every process of information interaction.With the continuous development of information technology led by the fifth generation communication technology,this kind of attack will become more and more common and cause more and more harmful.In view of the above problems,this paper focuses on the research of lightweight security technology against man-in-the-middle attack under the background of threshold group signature application system,DHCP protocol and DNS service.The main work contents are as follows:(1)In order to deal with the man-in-the-middle attack problem encountered in the application of threshold group signature system and to improve its security and efficiency in 5G environment,a lightweight solution is proposed.The core strategy is to introduce message token and dynamic identity to improve the freshness of authentication information and increase the difficulty of enemy attacks.At the same time,the number of interactions between the participating parties was simplified,and some computing tasks were migrated to the server to reduce the computing overhead of the member part.After security analysis,the proposed scheme can resist many types of man-in-the-middle attacks including replay attack.After performance analysis,the proposed scheme can reduce the interaction with the trusted center twice compared with similar schemes,reduce the signature space by 30%,and have shorter execution time,which is suitable for resource-constrained devices under 5G network.(2)In order to deal with the man-in-the-middle attack in the process of using DHCP protocol,a lightweight scheme is proposed.The public key cryptography technology is introduced,and a new key agreement algorithm is designed to generate relevant keys and reduce the burden of key storage.Then,a security scheme is proposed based on the algorithm.Attack behavior is prevented through two-way authentication of participants,and digital signatures conforming to protocol specifications are constructed to ensure the source of information.After security analysis,the algorithm can effectively resist man-in-the-middle attack and other common attack types.Experimental comparison shows that the proposed scheme has better performance compared with the same type schemes,and can be compatible with DHCPv4 and DHCPv6.(3)In order to deal with the man-in-the-middle attack in DNS service,a lightweight solution is proposed.Based on the elliptic curve discrete logarithm problem,a certificateless signature algorithm is designed.The algorithm participates in generating the signer's public key through the key generation center,which can not only verify the identity but also effectively alleviate the key management problem.Then,this algorithm is applied to the DNS service process to propose a new security scheme.The signature technology is used to sign the query result to ensure the integrity and reliability of the message.Under the stochastic predictor model,the unforgability of the signature is proved.Through performance comparison,the proposed scheme has higher execution efficiency than the similar scheme.