Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Use connection of A and B as an example. Their communications were encrypted by

ID: 660299 • Letter: U

Question

Use connection of A and B as an example. Their communications were encrypted by Public Key Encryption. Before they exchange their public key, ISP MITM attacked. A got "B"'s public key (ISP generated) B got "A"'s public key (ISP generated)

A send message X to B.

A->"B"'s public( (A's private(X) )->ISP

When ISP got that ciphertext(C), ISP decrypt it by "B"'s private( (A's public(C)) ) Then, ISP got the message.

After that, ISP encrypt message X for B.

ISP->B's public( "A"'s private(X) )->B

Then B decrypt ciphertext(C) by B's private( "A"'s public(C))

Then B got message X and they don't know ISP got the message.

Is it possible? Sorry for my poor English and explanation.
Can ISP use MITM attack to

Explanation / Answer

When you connect to a site over HTTPS, your browser checks that the certificate was issued by a certificate authority that you trust (typically built into your OS or web browser) and that the certificate matches the domain of the website you are visiting.

So if your ISP can get you to install a certificate corresponding to fraudulent certificate authority they control OR compromises a certificate authority OR somehow obtains the secret private key of a random website, then yes they could surreptitiously do a MITM attack.

There is plenty of incentive for certificate authorities not to issue fraudulent certificates. If any fraudulent certificates are seen in the wild (which is easily verifiable as only the certificate authority can sign a fake certificate), the certificate authority would lose its trust and quickly go out of business.

Furthermore, for some sites and some web browsers there's the notion of certificate pinning, where the site can only be visited via HTTPS (using accomplished through HSTS) and only with a certificate issued by a pinned certificate authority.

Related Questions

Use both the Shell and Disk Methods to calculate the volume of the solid obtaine
Question #2893111
Use both the TVM equations and a financial calculator to find the following valu
Question #2637133
Use bottom three pcitures for data requied. First three pictues have questions o
Question #3607078
Use breadth-first search to produce a spanning tree for the graph below starting
Question #3076285
Use c programming Use c programming Use c programming Use c programming No. Mark
Question #3875567
Use c++ Goal In this assignment students will practice using stack to solve math
Question #3739502
Use c++ Write a program that prompts the user for the name of a file and then tr
Question #3820075
Use c++ and include output screenshot please (Geometry: find the bounding rectan
Question #3589504

Navigate

Previous
Use connection less protocol for client server communication in the following pr
Next
Use conservation of energy to determine the angular speed of the spool shown in

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.