Enhancing Authentication Security Against MITM Attacks Through Bioinspired Identity Management & Blockchain-Enhanced Protocols

Authors

  • Anagha Raich G.H.Raisoni University, Amravati
  • Vijay Gadicha G.H.Raisoni University, Amaravti

Keywords:

Blockchain Technology, Cybersecurity, Man-in-the-Middle Attacks, Decentralized Authentication, Cryptographic Algorithms

Abstract

The incessant escalation of cyber threats, particularly man-in-the-middle (MITM) attacks, has revealed critical vulnerabilities in existing authentication protocols, accentuating an urgent need for more robust security mechanisms. Traditional protocols like SSL/TLS, OAuth, and Kerberos, despite their widespread usage, suffer from inherent cryptographic weaknesses, implementation errors, and protocol loopholes that can be exploited by MITM attacks. This paper proposes an innovative model employing blockchain technology to transcend these limitations and fortify authentication processes. Our approach integrates Public Key Infrastructure (PKI) with blockchain to establish a decentralized system for managing digital certificates, ensuring authenticity and inviolability of public keys. We leverage cryptographic algorithms, notably ECDSA and RSA, for digital signature verification, and employ smart contracts to automate and secure the authentication process, eliminating reliance on centralized authority. Additionally, we implement Decentralized Identity Verification (DID) systems, allowing users to control and share their identity securely. Our methodology includes a comprehensive literature review of current protocols, vulnerability analysis, and the development of blockchain-enhanced protocols. These are rigorously tested in simulated environments against known MITM attack vectors & scenarios. The outcomes are promising, with our blockchain-based protocols significantly enhancing the security and trustworthiness of authentication processes. The decentralized and transparent nature of blockchain improves system resilience against attacks and fraud. Moreover, our protocols demonstrate interoperability and scalability, making them adaptable to various network environments. This research contributes to the cybersecurity domain by providing a viable solution to combat MITM attacks, with potential applications in finance, healthcare, and government services. Our findings suggest a paradigm shift in authentication protocol design, moving towards a more secure, decentralized, and transparent framework that could redefine cybersecurity standards in the digital era.

Downloads

Download data is not yet available.

References

M. Letafati, H. Behroozi, B. H. Khalaj and E. A. Jorswieck, "Hardware-Impaired PHY Secret Key Generation With Man-in-the-Middle Adversaries," in IEEE Wireless Communications Letters, vol. 11, no. 4, pp. 856-860, April 2022, doi: 10.1109/LWC.2022.3147952.

D. Bruschi, A. Di Pasquale, S. Ghilardi, A. Lanzi and E. Pagani, "A Formal Verification of ArpON – A Tool for Avoiding Man-in-the-Middle Attacks in Ethernet Networks," in IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 6, pp. 4082-4098, 1 Nov.-Dec. 2022, doi: 10.1109/TDSC.2021.3118448.

O. Salem, K. Alsubhi, A. Shaafi, M. Gheryani, A. Mehaoua and R. Boutaba, "Man-in-the-Middle Attack Mitigation in Internet of Medical Things," in IEEE Transactions on Industrial Informatics, vol. 18, no. 3, pp. 2053-2062, March 2022, doi: 10.1109/TII.2021.3089462.

S. Akter, S. Chellappan, T. Chakraborty, T. A. Khan, A. Rahman and A. B. M. Alim Al Islam, "Man-in-the-Middle Attack on Contactless Payment over NFC Communications: Design, Implementation, Experiments and Detection," in IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 6, pp. 3012-3023, 1 Nov.-Dec. 2021, doi: 10.1109/TDSC.2020.3030213.

D. Wang, C. Li, S. Wen, S. Nepal and Y. Xiang, "Man-in-the-Middle Attacks Against Machine Learning Classifiers Via Malicious Generative Models," in IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 5, pp. 2074-2087, 1 Sept.-Oct. 2021, doi: 10.1109/TDSC.2020.3021008.

T. Ma et al., "A Mutation-Enabled Proactive Defense Against Service-Oriented Man-in-The-Middle Attack in Kubernetes," in IEEE Transactions on Computers, vol. 72, no. 7, pp. 1843-1856, 1 July 2023, doi: 10.1109/TC.2023.3238125.

Z. Wang, S. Wang, M. Z. A. Bhuiyan, J. Xu and Y. Hu, "Cooperative Location-Sensing Network Based on Vehicular Communication Security Against Attacks," in IEEE Transactions on Intelligent Transportation Systems, vol. 24, no. 1, pp. 942-952, Jan. 2023, doi: 10.1109/TITS.2022.3160453.

S. Sahoo, T. Dragičević and F. Blaabjerg, "Multilayer Resilience Paradigm Against Cyber Attacks in DC Microgrids," in IEEE Transactions on Power Electronics, vol. 36, no. 3, pp. 2522-2532, March 2021, doi: 10.1109/TPEL.2020.3014258.

R. Shetty, G. Grispos and K. -K. R. Choo, "Are You Dating Danger? An Interdisciplinary Approach to Evaluating the (In)Security of Android Dating Apps," in IEEE Transactions on Sustainable Computing, vol. 6, no. 2, pp. 197-207, 1 April-June 2021, doi: 10.1109/TSUSC.2017.2783858.

M. Pasetti et al., "Artificial Neural Network-Based Stealth Attack on Battery Energy Storage Systems," in IEEE Transactions on Smart Grid, vol. 12, no. 6, pp. 5310-5321, Nov. 2021, doi: 10.1109/TSG.2021.3102833.

S. M. Morsy and D. Nashat, "D-ARP: An Efficient Scheme to Detect and Prevent ARP Spoofing," in IEEE Access, vol. 10, pp. 49142-49153, 2022, doi: 10.1109/ACCESS.2022.3172329.

H. Liu, Y. Li, Q. -L. Han and T. Raïssi, "Watermark-Based Proactive Defense Strategy Design for Cyber-Physical Systems With Unknown-but-Bounded Noises," in IEEE Transactions on Automatic Control, vol. 68, no. 6, pp. 3300-3315, June 2023, doi: 10.1109/TAC.2022.3184396.

M. Letafati, H. Behroozi, B. H. Khalaj and E. A. Jorswieck, "Learning-Based Secret Key Generation in Relay Channels Under Adversarial Attacks," in IEEE Open Journal of Vehicular Technology, vol. 4, pp. 749-764, 2023, doi: 10.1109/OJVT.2023.3315216.

M. O. Okoye and H. -M. Kim, "Optimized User-Friendly Transaction Time Management in the Blockchain Distributed Energy Market," in IEEE Access, vol. 10, pp. 34731-34742, 2022, doi: 10.1109/ACCESS.2022.3162214.

D. Liu et al., "SoundID: Securing Mobile Two-Factor Authentication via Acoustic Signals," in IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 2, pp. 1687-1701, 1 March-April 2023, doi: 10.1109/TDSC.2022.3162718.

Downloads

Published

07.01.2024

How to Cite

Raich, A. ., & Gadicha, V. . (2024). Enhancing Authentication Security Against MITM Attacks Through Bioinspired Identity Management & Blockchain-Enhanced Protocols. International Journal of Intelligent Systems and Applications in Engineering, 12(10s), 468–476. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/4395

Issue

Vol. 12 No. 10s (2024)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.