CN112491878A - Method, device and system for detecting MITM attack - Google Patents

Method, device and system for detecting MITM attack Download PDF

Info

Publication number
CN112491878A
CN112491878A CN202011352934.3A CN202011352934A CN112491878A CN 112491878 A CN112491878 A CN 112491878A CN 202011352934 A CN202011352934 A CN 202011352934A CN 112491878 A CN112491878 A CN 112491878A
Authority
CN
China
Prior art keywords
data
network communication
ciphertext data
ciphertext
communication data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011352934.3A
Other languages
Chinese (zh)
Inventor
丁永涛
范渊
吴卓群
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN202011352934.3A priority Critical patent/CN112491878A/en
Publication of CN112491878A publication Critical patent/CN112491878A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Abstract

The application discloses a method and a device for detecting an MITM attack, which are applied to a sending end, and the method comprises the following steps: when network communication data to be transmitted exist, calculating first ciphertext data corresponding to the network communication data by using a preset algorithm; and sending the network communication data to a receiving end so that the receiving end can calculate second ciphertext data corresponding to the received network communication data by using a preset algorithm, and determining whether the data transmission process is attacked by MITM according to whether the first ciphertext data and the second ciphertext data are the same. The method can conveniently and effectively detect the MITM attack, thereby improving the security of network communication data. The application also discloses a method and a device for detecting the MITM attack applied to the receiving end and a system for detecting the MITM attack, which have the beneficial effects.

Description

Method, device and system for detecting MITM attack
Technical Field
The invention relates to the field of network security, in particular to a method, a device and a system for detecting MITM attack.
Background
With the increasing concern of information security, people pay more and more attention to the security problem of network communication data. The MITM attack (Man-in-the-middle-attacks) is the most preferred attack method by hackers at present, and the attack method is very destructive.
In the prior art, an encryption communication technology is generally adopted, and network communication data needing to be transmitted is encrypted and transmitted to avoid MITM attack, so that the security of the transmission of the network communication data is improved. However, many communication protocols are transmitted in clear text, such as HTTP (HyperText Transfer Protocol), FTP (File Transfer Protocol), Telnet (remote terminal Protocol), etc., so that network communication data is easily acquired during transmission and data is tampered by MITM attack.
Therefore, how to improve the security of network communication data is a technical problem that needs to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, the present invention is directed to providing a method for detecting MITM attack applied to a sending end, which can improve the security of network communication data; another objective of the present invention is to provide a device, a method and a system for detecting MITM attack, which are applied to a sending end, and have the above beneficial effects.
In order to solve the above technical problem, the present invention provides a method for detecting MITM attack, which is applied to a sending end and includes:
when network communication data to be transmitted exist, calculating first ciphertext data corresponding to the network communication data by using a preset algorithm;
and sending the network communication data to a receiving end so that the receiving end can calculate second ciphertext data corresponding to the received network communication data by using the preset algorithm, and determining whether the data transmission process is attacked by MITM according to whether the first ciphertext data and the second ciphertext data are the same.
Preferably, the step of calculating, by using a preset algorithm, first ciphertext data corresponding to the network communication data when there is network communication data to be transmitted specifically includes:
when the network communication data to be transmitted exist, calculating first ciphertext data corresponding to the network communication data by using the preset algorithm;
storing the first ciphertext data in a blockchain;
correspondingly, the process that the receiving end determines whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same includes:
the receiving end acquires the first ciphertext data from the block chain;
and the receiving end determines whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
Preferably, after calculating the first ciphertext data corresponding to the network communication data by using a preset algorithm when the network communication data to be transmitted exists, the method further comprises:
determining identification information corresponding to the first ciphertext data, and setting the identification information in the network communication data;
correspondingly, the process of acquiring the first ciphertext data from the block chain by the receiving end specifically includes:
and the receiving end acquires the first ciphertext data from the block chain according to the identification information.
Preferably, the preset algorithm specifically includes a hash algorithm, a BASE64 algorithm, a DES algorithm, and a PBE algorithm.
In order to solve the above technical problem, the present invention further provides a detection apparatus for MITM attack, which is applied to a sending end, and includes:
the first calculation module is used for calculating first ciphertext data corresponding to the network communication data by using a preset algorithm when the network communication data to be transmitted exist;
and the sending module is used for sending the network communication data to a receiving end so that the receiving end can calculate second ciphertext data corresponding to the received network communication data by using the preset algorithm and determine whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
In order to solve the above technical problem, the present invention provides a method for detecting MITM attack, which is applied to a receiving end and includes:
receiving network communication data sent by a sending end;
acquiring first ciphertext data which is calculated by the sending end according to a preset algorithm and corresponds to the network communication data;
calculating second ciphertext data corresponding to the received network communication data by using the preset algorithm;
and determining whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
Preferably, after determining whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same, the method further includes:
and if the data transmission process is determined to be attacked by the MITM, sending out corresponding prompt information.
Preferably, after determining whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same, the method further includes:
and recording and determining the attack time of the data transmission process under the MITM attack.
In order to solve the above technical problem, the present invention further provides a detection apparatus for MITM attack, which is applied to a receiving end, and includes:
the receiving module is used for receiving the network communication data sent by the sending end;
the acquisition module is used for acquiring first ciphertext data which are calculated by the sending end according to a preset algorithm and correspond to the network communication data;
the second calculation module is used for calculating second ciphertext data corresponding to the received network communication data by using the preset algorithm;
and the determining module is used for determining whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
In order to solve the technical problem, the invention provides a detection system for MITM attack, which comprises a sending end and a receiving end;
the sending end is used for calculating first ciphertext data corresponding to the network communication data by using a preset algorithm when the network communication data to be transmitted exist; sending the network communication data to a receiving end so that the receiving end can calculate second ciphertext data corresponding to the received network communication data by using the preset algorithm, and determining whether the data transmission process is attacked by MITM according to whether the first ciphertext data and the second ciphertext data are the same;
the receiving end is used for receiving the network communication data sent by the sending end; acquiring first ciphertext data which is calculated by the sending end according to a preset algorithm and corresponds to the network communication data; calculating second ciphertext data corresponding to the received network communication data by using the preset algorithm; and determining whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
The invention provides a method for detecting an MITM attack applied to a sending end, which comprises the steps of calculating first ciphertext data corresponding to network communication data by using a preset algorithm through the sending end, calculating second ciphertext data corresponding to the received network communication data by using the preset algorithm through a receiving end, and determining whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same or not; in the method, if the transmitted network communication data is tampered by the MITM attack in the data transmission process, the first ciphertext data and the second ciphertext data calculated by the same preset algorithm are different, so that the MITM attack can be detected conveniently and effectively, and the security of the network communication data is improved.
In order to solve the technical problem, the invention also provides a device and a system for detecting the MITM attack, which have the beneficial effects.
Drawings
In order to more clearly illustrate the embodiments or technical solutions of the present invention, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for detecting MITM attack according to an embodiment of the present invention;
fig. 2 is a structural diagram of a detection apparatus for MITM attack according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for detecting an MITM attack according to an embodiment of the present invention;
fig. 4 is a structural diagram of a detection apparatus for MITM attack according to an embodiment of the present invention;
fig. 5 is a schematic process diagram of a method for detecting MITM attack according to an embodiment of the present invention;
fig. 6 is a flowchart illustrating determining whether a data transmission process is attacked by MITM according to whether first ciphertext data and second ciphertext data are the same in the method for detecting MITM attack according to the embodiment of the present invention;
fig. 7 is a structural diagram of a system for detecting MITM attack according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The core of the embodiment of the invention is to provide a method for detecting the MITM attack applied to a sending end, which can improve the security of network communication data; the other core of the invention is to provide a device for detecting the MITM attack applied to the sending end, a method and a device for detecting the MITM attack applied to the receiving end and a system for detecting the MITM attack, which have the beneficial effects.
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a flowchart of a method for detecting MITM attack according to an embodiment of the present invention. As shown in fig. 1, a method for detecting MITM attack, applied to a sending end, includes:
s11: when network communication data to be transmitted exist, calculating first ciphertext data corresponding to the network communication data by using a preset algorithm;
specifically, in an actual operation, a sending end first detects whether network communication data needing to be transmitted, namely the network communication data to be transmitted, exists; if the network communication data exists, a preset algorithm is called to calculate the network communication data to obtain first ciphertext data.
It should be noted that, the specific type of the preset algorithm is not limited in this embodiment, and is selected according to actual requirements; and it can be understood that, according to different preset algorithm types, the format type corresponding to the first ciphertext data will also be different. It should be noted that, in this embodiment, the network communication data may specifically be a communication Protocol such as HTTP (HyperText Transfer Protocol), FTP (File Transfer Protocol), Telnet (remote terminal Protocol), and of course, may also be other types of data, which is not limited in this embodiment.
S12: and sending the network communication data to a receiving end so that the receiving end can calculate second ciphertext data corresponding to the received network communication data by using a preset algorithm, and determining whether the data transmission process is attacked by MITM according to whether the first ciphertext data and the second ciphertext data are the same.
Specifically, after calculating first ciphertext data corresponding to the network communication data, the sending end stores the first ciphertext data to a preset storage location, such as a preset database or a preset block chain; and then the network communication data is sent to the receiving end according to the transmission mode of the network communication data.
After receiving the network communication data sent by the sending end, the receiving end calculates the received network communication data by using a preset algorithm to obtain second ciphertext data, namely second ciphertext data corresponding to the received network communication data. And the receiving end needs to acquire the first ciphertext data from a preset storage position where the transmitting end stores the first ciphertext data in advance.
After acquiring the first ciphertext data and the second ciphertext data, the receiving end judges whether the first ciphertext data and the second ciphertext data are the same. It can be understood that, if the network communication data sent by the sending end is the same as the network communication data received by the receiving end, the first ciphertext data and the second ciphertext data respectively calculated by using the same preset algorithm should be the same; that is, if the first ciphertext data is the same as the second ciphertext data, it is determined that the data transmission process is not attacked by the MITM; and if the data transmission process is different, determining that the data transmission process is attacked by the MITM.
The embodiment of the invention provides a method for detecting an MITM attack applied to a sending end, which comprises the steps of calculating first ciphertext data corresponding to network communication data by using a preset algorithm through the sending end, calculating second ciphertext data corresponding to the received network communication data by using the preset algorithm through the receiving end, and determining whether a data transmission process is attacked by the MITM attack according to whether the first ciphertext data and the second ciphertext data are the same; in the method, if the transmitted network communication data is tampered by the MITM attack in the data transmission process, the first ciphertext data and the second ciphertext data calculated by the same preset algorithm are different, so that the MITM attack can be detected conveniently and effectively, and the security of the network communication data is improved.
On the basis of the foregoing embodiment, this embodiment further describes and optimizes the technical solution, and specifically, in this embodiment, when there is network communication data to be transmitted, a process of calculating first ciphertext data corresponding to the network communication data by using a preset algorithm specifically includes:
when network communication data to be transmitted exist, calculating first ciphertext data corresponding to the network communication data by using a preset algorithm;
storing the first ciphertext data in a blockchain;
correspondingly, the process that the receiving end determines whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same includes:
the receiving end obtains first ciphertext data from the block chain;
and the receiving terminal determines whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
It should be noted that, in this embodiment, it is further considered that, in an actual operation, the first ciphertext data is stored in the database, and the first ciphertext data still has a risk of being tampered, so that the detection of the MITM attack is not accurate.
In this embodiment, the sending end specifically stores the first ciphertext data in a preset block chain. Specifically, the blockchain is a database with a data hash verification function; blocks (data blocks) in the block chain are combined into a chain structure according to the time sequence, and the reliability of the database is maintained collectively in a distributed accounting mode by using a cryptographic algorithm. Correspondingly, when the receiving end needs to obtain the first ciphertext data pre-calculated by the sending end, the receiving end also needs to obtain the first ciphertext data from the block chain.
The embodiment mainly utilizes the non-tamper property of the block chain to achieve the purpose of preventing a man-in-the-middle from tampering the first ciphertext data stored in the block chain, so that the method can further improve the accuracy of detection of the MITM attack and further ensure the security of the network communication data.
On the basis of the foregoing embodiment, this embodiment further describes and optimizes the technical solution, and specifically, after calculating first ciphertext data corresponding to network communication data by using a preset algorithm when there is network communication data to be transmitted, the method further includes:
determining identification information corresponding to the first ciphertext data, and setting the identification information in the network communication data;
correspondingly, the process of acquiring the first ciphertext data from the block chain by the receiving end specifically includes:
and the receiving terminal acquires the first ciphertext data from the block chain according to the identification information.
Specifically, in this embodiment, after the first ciphertext data corresponding to the network communication data is calculated by using the preset algorithm, the identification information (key value) corresponding to the first ciphertext data is further determined; the identification information is used as an index of the first ciphertext data, and the specific type of the identification information is not limited in this embodiment.
It should be noted that after the identification information is obtained, the identification information is further set in the network communication data; after receiving the network communication data, the receiving end acquires the identification information from the network communication data, and reads the information corresponding to the identification information from the block chain according to the identification information, namely acquires the first ciphertext data stored in the block chain stage and corresponding to the identification information.
Therefore, according to the method of the embodiment, the first ciphertext data can be conveniently and accurately acquired from the block chain.
On the basis of the above embodiments, the present embodiment further describes and optimizes the technical solution, and specifically, in the present embodiment, the preset algorithm specifically includes a hash algorithm, a BASE64 algorithm, a DES algorithm, and a PBE algorithm.
Specifically, the hash algorithm can map a binary value of any length to a shorter binary value of fixed length, and this shorter binary value is called a hash value; in this embodiment, the network communication data is mapped into the first ciphertext data and the second ciphertext data by using a hash algorithm. Specifically, typical hash algorithms include MD2, MD4, MD5, SHA-1, and the like; wherein, MD5(message-digest algorithm) is to generate message-digest (message-digest) for network communication data; SHA-1(Secure Hash Algorithm 1) is a cryptographic Hash function.
Specifically, the BASE64 algorithm is used to describe an 8-bit byte of any sequence into a form that is not easily recognized directly by a person, so as to achieve the effect that the content cannot be seen at a glance, that is, the network communication data is converted into first ciphertext data or second ciphertext data; the BASE64 algorithm is less complex and efficient.
Specifically, the DES algorithm is a symmetric cryptosystem in the cryptosystem, which is also called as the american data encryption standard.
Specifically, the PBE algorithm (Password Based Encryption) is an Encryption algorithm Based on a Password, and is characterized in that a Password is used instead of a key, the Password is managed by a user, and data security is ensured by using methods such as random number hash multiple Encryption.
As can be seen, the present embodiment provides a plurality of preset algorithms for calculating the first ciphertext data or the second ciphertext data. In actual operation, the sending end can also calculate the network communication data by using multiple preset algorithms at the same time, namely the first ciphertext data comprises data calculated by multiple preset algorithms, correspondingly, the receiving end calculates the network communication data by using the same multiple preset algorithms to obtain corresponding second ciphertext data, namely the second ciphertext data also comprises data calculated by multiple preset algorithms; when the MITM attack is determined, a plurality of data in the first ciphertext data need to be correspondingly compared with a plurality of data in the second ciphertext data one by one, and when the first ciphertext data is completely the same as the second ciphertext data, the first ciphertext data is the same as the second ciphertext data, the sent network communication data is completely the same as the received network communication data, and the data transmission process is not attacked by the MITM; otherwise, the data transmission process is attacked by the MITM, so that the accuracy of detecting the MITM attack is further improved.
Fig. 2 is a structural diagram of a device for detecting an MITM attack according to an embodiment of the present invention, and as shown in fig. 2, the device for detecting an MITM attack, applied to a sending end, includes:
a first calculating module 21, configured to calculate, by using a preset algorithm, first ciphertext data corresponding to network communication data when there is network communication data to be transmitted;
the sending module 22 is configured to send the network communication data to the receiving end, so that the receiving end calculates second ciphertext data corresponding to the received network communication data by using a preset algorithm, and determines whether the data transmission process is attacked by MITM according to whether the first ciphertext data and the second ciphertext data are the same.
The detection device for the MITM attack provided by the embodiment of the invention has the beneficial effects of the detection method for the MITM attack.
Fig. 3 is a flowchart of a method for detecting MITM attack according to an embodiment of the present invention. As shown in fig. 3, a method for detecting MITM attack, applied to a receiving end, includes:
s31: receiving network communication data sent by a sending end;
s32: acquiring first ciphertext data which is calculated by a sending end according to a preset algorithm and corresponds to network communication data;
s33: calculating second ciphertext data corresponding to the received network communication data by using a preset algorithm;
s34: and determining whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
Specifically, in an actual operation, a sending end first detects whether network communication data needing to be transmitted, namely the network communication data to be transmitted, exists; if the network communication data exists, a preset algorithm is called to calculate the network communication data to obtain first ciphertext data.
It should be noted that, the specific type of the preset algorithm is not limited in this embodiment, and is selected according to actual requirements; and it can be understood that, according to different preset algorithm types, the format type corresponding to the first ciphertext data will also be different. It should be noted that, in this embodiment, the network communication data may specifically be a communication Protocol such as HTTP (HyperText Transfer Protocol), FTP (File Transfer Protocol), Telnet (remote terminal Protocol), and of course, may also be other types of data, which is not limited in this embodiment.
Specifically, after calculating first ciphertext data corresponding to the network communication data, the sending end stores the first ciphertext data to a preset storage location, such as a preset database or a preset block chain; and then the network communication data is sent to the receiving end according to the transmission mode of the network communication data.
After receiving the network communication data sent by the sending end, the receiving end calculates the received network communication data by using a preset algorithm to obtain second ciphertext data, namely second ciphertext data corresponding to the received network communication data. And the receiving end needs to acquire the first ciphertext data from a preset storage position where the transmitting end stores the first ciphertext data in advance.
After acquiring the first ciphertext data and the second ciphertext data, the receiving end judges whether the first ciphertext data and the second ciphertext data are the same. It can be understood that, if the network communication data sent by the sending end is the same as the network communication data received by the receiving end, the first ciphertext data and the second ciphertext data respectively calculated by using the same preset algorithm should be the same; that is, if the first ciphertext data is the same as the second ciphertext data, it is determined that the data transmission process is not attacked by the MITM; and if the data transmission process is different, determining that the data transmission process is attacked by the MITM.
The embodiment of the invention provides a method for detecting an MITM attack applied to a sending end, which comprises the steps of calculating first ciphertext data corresponding to network communication data by using a preset algorithm through the sending end, calculating second ciphertext data corresponding to the received network communication data by using the preset algorithm through the receiving end, and determining whether a data transmission process is attacked by the MITM attack according to whether the first ciphertext data and the second ciphertext data are the same; in the method, if the transmitted network communication data is tampered by the MITM attack in the data transmission process, the first ciphertext data and the second ciphertext data calculated by the same preset algorithm are different, so that the MITM attack can be detected conveniently and effectively, and the security of the network communication data is improved.
On the basis of the foregoing embodiment, the present embodiment further describes and optimizes the technical solution, and specifically, after determining whether the data transmission process is attacked by MITM according to whether the first ciphertext data and the second ciphertext data are the same, the present embodiment further includes:
and if the data transmission process is determined to be attacked by the MITM, sending out corresponding prompt information.
Specifically, in this embodiment, after it is determined that the data transmission process is attacked by the MITM according to the condition that the first ciphertext data and the second ciphertext data are different, the prompting device is further triggered to send out corresponding prompting information, so as to prompt the current determination result.
It should be noted that, in this embodiment, the prompting device may specifically be a buzzer and/or an indicator light and/or a display, and the prompting device such as a buzzer, an indicator light, a display, and the like is triggered to send out corresponding prompting information, such as a buzzer, a flashing light, text or images, and the like, so as to intuitively prompt that the current data transmission process of the user is attacked by MITM, and the prompting device sends out corresponding prompting information to intuitively prompt a determination result that it is detected that the current data transmission process is attacked by MITM, so as to further improve the use experience of the user.
On the basis of the foregoing embodiment, the present embodiment further describes and optimizes the technical solution, and specifically, after determining whether the data transmission process is attacked by MITM according to whether the first ciphertext data and the second ciphertext data are the same, the present embodiment further includes:
and recording and determining the attack time of the data transmission process under the MITM attack.
Specifically, in this embodiment, after it is determined that the data transmission process is attacked by MITM according to the condition that the first ciphertext data and the second ciphertext data are different, the attack time of the data transmission process that is attacked by MITM is further determined, and then the attack time is recorded. It should be noted that, in actual operation, a specific recording manner may be recorded in a form of text, an excel table, or a database table, which is not limited in this embodiment and is selected according to actual requirements. More specifically, the storage may be performed in a Memory bank, a hard disk, a TF (Trans-flash Card) Card, an sd (secure Digital Memory Card), or the like, and the selection is specifically performed according to actual requirements, which is not limited in this embodiment.
In this embodiment, the attack time of the data transmission process under the MITM attack is further recorded and determined, so that the user can conveniently check the condition of the data transmission process under the MITM attack, and the use experience of the user is further improved.
Fig. 4 is a structural diagram of a device for detecting MITM attack according to an embodiment of the present invention, and as shown in fig. 4, the device for detecting MITM attack, applied to a receiving end, includes:
a receiving module 41, configured to receive network communication data sent by a sending end;
an obtaining module 42, configured to obtain first ciphertext data corresponding to the network communication data, where the first ciphertext data is calculated by the sending end according to a preset algorithm;
a second calculating module 43, configured to calculate, by using a preset algorithm, second ciphertext data corresponding to the received network communication data;
and the determining module 44 is configured to determine whether the data transmission process is attacked by MITM according to whether the first ciphertext data and the second ciphertext data are the same.
The device for detecting the MITM attack has the beneficial effects of the method for detecting the MITM attack.
Fig. 5 is a process schematic diagram of a method for detecting an MITM attack according to an embodiment of the present invention, and fig. 6 is a flowchart of determining whether a data transmission process is attacked by MITM according to whether first ciphertext data and second ciphertext data are the same in the method for detecting an MITM attack according to an embodiment of the present invention; as shown in fig. 5 and fig. 6, as a specific implementation manner, in this embodiment, taking a Client as a sending end and a Server as a receiving end as an example, a flow of a corresponding method for detecting an MITM attack is as follows:
when the network communication data CommunicationText to be transmitted exists in the Client, carrying out encryption calculation on the network communication data CommunicationText by utilizing a hash algorithm to obtain a ciphertext cipertext 1(hash 1);
uploading the ciphertext cipertext 1 to a node of a block chain, and generating an identification information key value uniquely corresponding to the ciphertext cipertext 1, wherein the key value is used as an index of the ciphertext cipertext 1;
adding a key value into the network communication data CommunicationText to be transmitted, and then transmitting the network communication data CommunicationText added with the key value to the Server;
after the network communication data CommunicationText reaches the Server, the Server acquires the network communication data CommunicationText and the added key value;
through a query interface of the block chain, querying corresponding data on the block chain according to the key value, and acquiring a ciphertext cifertext 1 corresponding to the key value, namely a ciphertext cifertext 1 corresponding to the network communication data CommunicationText;
carrying out encryption calculation on the network communication data CommunicationText by using the same hash algorithm to obtain a ciphertext cipertext 2(hash 2);
comparing whether a ciphertext cipertext 1 corresponding to the network communication data CommunicationText before transmission is consistent with a ciphertext cipertext 2 received after transmission, and outputting a result;
if the data transmission process is consistent with the data transmission process, the network communication data CommunicationText is not tampered, and the current data transmission process is not attacked; the Server carries out corresponding response operation according to the network communication data CommunicationText;
if the data transmission process is inconsistent with the data transmission process, the network communication data CommunicationText is tampered, and the current data transmission process is attacked by the MITM; the Server does not respond to the network communication data CommunicationText and can further send out corresponding prompt information to remind that the network communication data CommunicationText is tampered.
The embodiment of the invention provides a method for detecting an MITM attack applied to a sending end, which comprises the steps of calculating first ciphertext data corresponding to network communication data by using a preset algorithm through the sending end, calculating second ciphertext data corresponding to the received network communication data by using the preset algorithm through the receiving end, and determining whether a data transmission process is attacked by the MITM attack according to whether the first ciphertext data and the second ciphertext data are the same; in the method, if the transmitted network communication data is tampered by the MITM attack in the data transmission process, the first ciphertext data and the second ciphertext data calculated by the same preset algorithm are different, so that the MITM attack can be detected conveniently and effectively, and the security of the network communication data is improved.
Fig. 7 is a structural diagram of a system for detecting an MITM attack according to an embodiment of the present invention, and as shown in fig. 7, the system for detecting an MITM attack includes a sending end 71 and a receiving end 72;
the sending end 71 is configured to calculate, by using a preset algorithm, first ciphertext data corresponding to network communication data when the network communication data to be transmitted exists; the network communication data are sent to a receiving end, so that the receiving end can calculate second ciphertext data corresponding to the received network communication data by using a preset algorithm, and whether the data transmission process is attacked by MITM is determined according to whether the first ciphertext data and the second ciphertext data are the same;
the receiving end 72 is configured to receive network communication data sent by the sending end; acquiring first ciphertext data which is calculated by a sending end according to a preset algorithm and corresponds to network communication data; calculating second ciphertext data corresponding to the received network communication data by using a preset algorithm; and determining whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
The detection system for the MITM attack provided by the embodiment of the invention has the beneficial effect of the detection method for the MITM attack.
The method, device and system for detecting MITM attack provided by the invention are described in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are set forth only to help understand the method and its core ideas of the present invention. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

Claims (10)

1. A method for detecting MITM attack is applied to a sending end, and comprises the following steps:
when network communication data to be transmitted exist, calculating first ciphertext data corresponding to the network communication data by using a preset algorithm;
and sending the network communication data to a receiving end so that the receiving end can calculate second ciphertext data corresponding to the received network communication data by using the preset algorithm, and determining whether the data transmission process is attacked by MITM according to whether the first ciphertext data and the second ciphertext data are the same.
2. The method according to claim 1, wherein the step of calculating a first ciphertext data corresponding to the network communication data by using a predetermined algorithm when there is network communication data to be transmitted specifically comprises:
when the network communication data to be transmitted exist, calculating first ciphertext data corresponding to the network communication data by using the preset algorithm;
storing the first ciphertext data in a blockchain;
correspondingly, the process that the receiving end determines whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same includes:
the receiving end acquires the first ciphertext data from the block chain;
and the receiving end determines whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
3. The method of claim 2, wherein after calculating a first ciphertext data corresponding to the network communication data using a predetermined algorithm when the network communication data exists for transmission, further comprising:
determining identification information corresponding to the first ciphertext data, and setting the identification information in the network communication data;
correspondingly, the process of acquiring the first ciphertext data from the block chain by the receiving end specifically includes:
and the receiving end acquires the first ciphertext data from the block chain according to the identification information.
4. Method according to any one of claims 1 to 3, characterized in that said preset algorithms comprise in particular a hash algorithm, a BASE64 algorithm, a DES algorithm and a PBE algorithm.
5. A detection device for MITM attack is applied to a sending end, and is characterized by comprising:
the first calculation module is used for calculating first ciphertext data corresponding to the network communication data by using a preset algorithm when the network communication data to be transmitted exist;
and the sending module is used for sending the network communication data to a receiving end so that the receiving end can calculate second ciphertext data corresponding to the received network communication data by using the preset algorithm and determine whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
6. A method for detecting MITM attack is characterized in that the method is applied to a receiving end and comprises the following steps:
receiving network communication data sent by a sending end;
acquiring first ciphertext data which is calculated by the sending end according to a preset algorithm and corresponds to the network communication data;
calculating second ciphertext data corresponding to the received network communication data by using the preset algorithm;
and determining whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
7. The method of claim 6, wherein after determining whether the data transmission process is under an MITM attack according to whether the first ciphertext data and the second ciphertext data are the same, the method further comprises:
and if the data transmission process is determined to be attacked by the MITM, sending out corresponding prompt information.
8. The method according to any one of claims 6 to 7, wherein after determining whether the data transmission process is under an MITM attack according to whether the first ciphertext data and the second ciphertext data are the same, the method further comprises:
and recording and determining the attack time of the data transmission process under the MITM attack.
9. A detection device for MITM attack is applied to a receiving end, and is characterized by comprising:
the receiving module is used for receiving the network communication data sent by the sending end;
the acquisition module is used for acquiring first ciphertext data which are calculated by the sending end according to a preset algorithm and correspond to the network communication data;
the second calculation module is used for calculating second ciphertext data corresponding to the received network communication data by using the preset algorithm;
and the determining module is used for determining whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
10. A detection system for MITM attack is characterized by comprising a sending end and a receiving end;
the sending end is used for calculating first ciphertext data corresponding to the network communication data by using a preset algorithm when the network communication data to be transmitted exist; sending the network communication data to a receiving end so that the receiving end can calculate second ciphertext data corresponding to the received network communication data by using the preset algorithm, and determining whether the data transmission process is attacked by MITM according to whether the first ciphertext data and the second ciphertext data are the same;
the receiving end is used for receiving the network communication data sent by the sending end; acquiring first ciphertext data which is calculated by the sending end according to a preset algorithm and corresponds to the network communication data; calculating second ciphertext data corresponding to the received network communication data by using the preset algorithm; and determining whether the data transmission process is attacked by the MITM according to whether the first ciphertext data and the second ciphertext data are the same.
CN202011352934.3A 2020-11-26 2020-11-26 Method, device and system for detecting MITM attack Pending CN112491878A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011352934.3A CN112491878A (en) 2020-11-26 2020-11-26 Method, device and system for detecting MITM attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011352934.3A CN112491878A (en) 2020-11-26 2020-11-26 Method, device and system for detecting MITM attack

Publications (1)

Publication Number Publication Date
CN112491878A true CN112491878A (en) 2021-03-12

Family

ID=74935596

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011352934.3A Pending CN112491878A (en) 2020-11-26 2020-11-26 Method, device and system for detecting MITM attack

Country Status (1)

Country Link
CN (1) CN112491878A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004015309A (en) * 2002-06-05 2004-01-15 Nippon Hoso Kyokai <Nhk> Transmitting method, receiving method, transmitter, receiver, transmission program, and receiving program
CN105117894A (en) * 2015-07-20 2015-12-02 深圳市永兴元科技有限公司 Form monitoring method and form monitoring device
CN106295407A (en) * 2016-08-22 2017-01-04 杭州华三通信技术有限公司 A kind of detect the method and device whether file is tampered
CN108881262A (en) * 2018-07-02 2018-11-23 北京市天元网络技术股份有限公司 Restoring files methods, devices and systems based on block chain
CN109639676A (en) * 2018-12-12 2019-04-16 杭州安恒信息技术股份有限公司 The method, apparatus, equipment and system of tampering detection when log transmission
CN110851843A (en) * 2019-10-08 2020-02-28 立旃(上海)科技有限公司 Data management method and device based on block chain
CN111586680A (en) * 2020-05-15 2020-08-25 中国南方电网有限责任公司 Power grid end-to-end communication encryption system and method, communication equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004015309A (en) * 2002-06-05 2004-01-15 Nippon Hoso Kyokai <Nhk> Transmitting method, receiving method, transmitter, receiver, transmission program, and receiving program
CN105117894A (en) * 2015-07-20 2015-12-02 深圳市永兴元科技有限公司 Form monitoring method and form monitoring device
CN106295407A (en) * 2016-08-22 2017-01-04 杭州华三通信技术有限公司 A kind of detect the method and device whether file is tampered
CN108881262A (en) * 2018-07-02 2018-11-23 北京市天元网络技术股份有限公司 Restoring files methods, devices and systems based on block chain
CN109639676A (en) * 2018-12-12 2019-04-16 杭州安恒信息技术股份有限公司 The method, apparatus, equipment and system of tampering detection when log transmission
CN110851843A (en) * 2019-10-08 2020-02-28 立旃(上海)科技有限公司 Data management method and device based on block chain
CN111586680A (en) * 2020-05-15 2020-08-25 中国南方电网有限责任公司 Power grid end-to-end communication encryption system and method, communication equipment and storage medium

Similar Documents

Publication Publication Date Title
JP6608256B2 (en) Electronic data existence certification program and existence certification server
CN109088865B (en) User identity authentication method and device, readable storage medium and computer equipment
CN110113167A (en) A kind of information protecting method of intelligent terminal, system and readable storage medium storing program for executing
CN110351089A (en) A kind of data signature authentication method and device
JP6275302B2 (en) Existence proof device, existence proof method, and program therefor
EP2023262A2 (en) Authentication system and authentication method
CN109688098B (en) Method, device and equipment for secure communication of data and computer readable storage medium
CN108712263B (en) Information verification method, device, system and computer readable storage medium
KR102177411B1 (en) Method for managing industrial control systems via physical one-way encryption remote monitoring
WO2017157161A1 (en) Message anti-forgery implementation method and device
CN105164689A (en) User authentication
FR3054905A1 (en) KEY GENERATION METHOD AND ACCESS CONTROL METHOD
CN109729100A (en) A kind of web data kidnaps monitoring method, device and computer readable storage medium
CN112788042A (en) Method for determining equipment identifier of Internet of things and Internet of things equipment
CN110912689A (en) Method and system for generating and verifying unique value
CN107358763A (en) A kind of method, apparatus and system of ATM checking identity
CN107548542B (en) User authentication method with enhanced integrity and security
CN109302425B (en) Identity authentication method and terminal equipment
CN114124476A (en) Sensitive information leakage vulnerability detection method, system and device for Web application
CN114157492A (en) CAN bus intrusion detection method and device
KR102449123B1 (en) Certificateless aggregated arbitrated signature verification system and method for internet of thing environment
CN106302539A (en) A kind of embedded type WEB safety certifying method
CN111445250A (en) Block chain key testing method and device
CN112491878A (en) Method, device and system for detecting MITM attack
CN110570197A (en) Data processing method and device based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210312