Discussion Board

Results 1 to 2 of 2
  1. #1
    Regular Contributor
    Join Date
    Feb 2007

    About Diffie-Hellman's 'man in the middle' attacks, is this possible in mobile phone?

    Hallo all,

    I want to ask about the diffie-hellman's 'man in the middle' attack method?
    Can our mobile phone communication data intercepted and modified by the 3rd party, so they can perform the 'man in the middle attack' method?
    I am planning to use software that using the Diffie-Hellman method for key-exchange algorithm.

    Thank You!
    Thank You so much for your attention !

  2. #2
    Regular Contributor
    Join Date
    May 2007

    Re: About Diffie-Hellman's 'man in the middle' attacks, is this possible in mobile ph

    Yes, of course it can.

    If you want to be resistant against man in the middle attacks, you need to have some way of authenticating the DH params sent to the other peer actually came from the peer, and not from an attacker.

    Typically, this will be achieved by signing the DH key exchange message with a trusted private key, e.g. in TLS DH params are signed with the server's private key, which corresponds to the certificate already sent to the client. The client trusts the certificate because it was issued to the server (has a URL in the signed data) and was issued by someone the the client trusts (e.g. verisign, thawte, etc.) The mechanics of this are well known and obvious, it's just the trust part that is hard.
    Get Resolvr - The Zeroconf framework for Symbian OS free today. Make your IP networking applications fun and easy to use. http://www.novelinteractions.com/resolvr/
    Proud to be the only autorickshaw owner in Cambridge - http://blog.novelinteractions.com/images/tuktuk.jpg

Similar Threads

  1. Connecting PC to Mobile Phone Via Bluetooth
    By Sapinou in forum Bluetooth Technology
    Replies: 3
    Last Post: 2011-04-13, 08:19
  2. Replies: 4
    Last Post: 2010-01-04, 07:49
  3. Replies: 3
    Last Post: 2008-09-09, 04:53
  4. OMA DRM media transfer using PC to Phone using USB
    By venky123 in forum Digital Rights Management & Content Downloading
    Replies: 1
    Last Post: 2008-08-13, 03:02
  5. J2ME MIDlet is limited, why not Java applications on mobile?
    By chen_lin99 in forum Mobile Java General
    Replies: 11
    Last Post: 2007-12-29, 01:15

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts