14

It seems like there are lots of ways to prevent man in the middle attacks. I've read many on here and on the rest of the internet. According to wiki you need a secure channel as well to completely safeguard against it. I have two questions in regards to preventing it in the real world.

Does the US government monitor 100% of the lines dug in the US? Obviously (hopefully) data centers are secured but what is there to stop someone from driving out into the desert and physically tapping into a line?

In that scenario, is there anything that can be done by two nodes to detect someone started eaves dropping? (Maybe more of a physics question?) Are there any protocols like this already?

This question is in the scope of public key cryptography because if you have a secure channel you can just exchange a new key as needed.

Carlos Bribiescas
  • 451
  • 3
  • 13
  • 6
    I would assume at the very least there is encryption protecting someone from just eavesdropping. – Matthew Peters Oct 23 '14 at 20:38
  • I more meant in situations like public key cryptography. Or did you mean that they just use pre-shared key algorithms. Wouldn't that be too slow? – Carlos Bribiescas Oct 24 '14 at 01:17
  • 1
    Perhaps Encryption used to be prohibitive in terms of time to decode and encode but no and days it's pretty fast and effective. Also, I don't think you understand how [public key encryption](http://en.wikipedia.org/wiki/Public-key_cryptography) works. It's not like there is **just** a public key that everyone knows. – Matthew Peters Oct 24 '14 at 01:37
  • 3
    Why would the US government monitor lines owned and operated by private corporations? And why would anyone monitor physical lines when the majority of internet traffic is sent over cell towers? – MCW Oct 24 '14 at 12:23
  • @MarkC.Wallace Do you have a source for the claim that most internet traffic is sent over cell towers? Personally, I find that highly unlikely, at least if you're measuring total bandwidth used. IIRC, Netflix alone accounts for a third of U.S. internet traffic and that's almost entirely over land lines. – reirab Oct 24 '14 at 13:37
  • [Majority of traffic is mobile](http://smallbiztrends.com/2014/07/online-traffic-report-mobile.html). Note that the % isn't really relevant to the point I'm trying to make - that the US government doesn't operate the fiber. – MCW Oct 24 '14 at 13:39
  • @MatthewPeters Bah, my comment was poorly worded. I mean if two people were using PKC over the internet then could someone just physically tap a line to do a MITM attack? I believe you're saying that on top any encryption people use, the lines themselves are encrypted point to point so this isn't possible? – Carlos Bribiescas Oct 24 '14 at 13:58
  • @MarkC.Wallace - And how are the cell towers connected to the rest of the internet? Yup, physical cables ;) – Frederik Oct 24 '14 at 13:58
  • 1
    @Carlos, even in your case, a MiTM attack would only be able to read data it could decode (having the private key) or data that unencrypted. Regardless, you, yourself do not provide the end-to-end encryption. I *assume* (because I do not have a source on hand) that the ISP and all the other [infrastructure](http://superuser.com/a/399304/321591) also encrypts all the data they send... Thus, while nothing is technically stopping you from doing a MiTMa, you would only get a mass of encrypted data. – Matthew Peters Oct 24 '14 at 14:31
  • 14
    @MarkC.Wallace, `Why would the US government monitor lines owned and operated by private corporations?` I almost spilled my coffee ;) – Matthew Peters Oct 24 '14 at 14:32
  • I feel the comment stream has become too complex and too detailed; my point is that OP's risk model is flawed - (a) you don't need to dig up a transmission line to do a MITM and (b) physical transmission lines are owned and secured by independent entities. – MCW Oct 24 '14 at 14:36

6 Answers6

31

Physical surveillance of millions of miles of buried cables would be preposterously expensive. The US government already fails at efficiently preventing illegal immigration across the Mexican/USA boundary, which is one or two orders of magnitude shorter than the total length of cables.

Instead, US government does things like everybody else: with encryption (or so we hope, at least). A good encrypted tunnel (e.g. SSL) keeps attackers at bay.

Encryption ensures confidentiality. A good tunnel also provides data integrity, in the following sense: alterations are reliably detected. However, if an attacker uses a shovel to get to the cable, he can cut it (it has happened). To make communications more resilient, one must use redundancy; see this answer (when the attacker wields nuclear weapons, you have to think big in terms of redundancy).

Community
  • 1
Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • 1
    I would say they fail at protecting the border as a matter of priority, rather than a matter of ability ;-). (Who doesn't want cheap labor!?) But yes, your point is clearly valid. Its been a while since i've taken cryptography but i recall a method where you can figure out an encryption key by repeated analyzing different messages. (Consider analyzing twitter posts which are short and therefore predictable) Wouldn't a 'trunk' line be vulnerable to this attack? – Carlos Bribiescas Oct 24 '14 at 01:07
  • 7
    @CarlosBribiescas Figuring out an encryption key by analyzing many messages is not a universal property of cryptographic algorithms. It is merely a property of some particularly poor algorithms, or more charitably to the algorithms, some poor implementations of algorithms. Good cryptography, properly implemented and used, does not have such a weakness. If it did, it would not be good cryptography. – Xander Oct 24 '14 at 01:43
  • @CarlosBribiescas Also, a `trunk` line will carry a huge number of packets to/from many points. Each may use different encryption algorithms with different keys/lengths. Other difficulties exist that make it difficult enough to place a successful tap. – user2338816 Oct 24 '14 at 10:35
  • Not to mention the time it would take to splice fiber and connect both ends to your tap properly. Even just repairing a broken fiber line takes hours. I doubt someone will have that time before authorities are on their asses. –  Oct 24 '14 at 16:52
  • 3
    @bluefish it's not necessary to splice them, there are passive fiber taps that will leave the cable intact. – theterribletrivium Oct 24 '14 at 17:04
  • This is a great, well-written answer. Except that its main point is wrong. Highly-sensitive cables certainly carry data over them in encrypted form, but physical measures can & are also used with the aim of detecting tapping attempts or other funny business. See @theterribletrivium's answer below. – mostlyinformed Oct 23 '15 at 20:36
12

There are a few countermeasures they typically deploy. One is encryption, which is pretty straightforward. They also monitor their fiber optics for unexpected attenuation or a change in the scattering of the light. Additionally there are ways to configure fiber to detect acoustical disturbances, theoretically detecting the tap being placed.

They also have a standard in place that has requirements revolving around the conduits, carriers, etc. for sensitive data. The standard is named NSTISSI 7003 and there are also some summaries out there if you'd like to know more. Additionally, they use the TEMPEST standard which discusses how to protect against electromagnetic radiation leaking which could theoretically be detected without physically breaching the conduit the cables are run through. TEMPEST also covers eavesdropping but the eavesdropping portion has not been released as far as I know.

theterribletrivium
  • 2,679
  • 17
  • 18
  • Thomas' post looks at the overall picture (resiliency of the network) without bothering with nitty-gritty details, while yours directly answers the question. – Deer Hunter Oct 25 '14 at 20:43
  • Yeah, and thanks for directly addressing the physical aspect of the question thoroughly. Adding to my original question, do you know if they physically monitor(instead of protect) lines? In example, they could bury devices to monitor physical disturbances near the lines. That would be more practical. – Carlos Bribiescas Oct 25 '14 at 21:00
  • 1
    Dark fiber can be used to detect acoustic vibrations which could detect somebody messing with the fiber. There may be other methods I'm unaware of. This way they only need to have people available to physically inspect where the disturbance occurred. Vendors in this space boast an ~10 meter resolution on detection, so you wouldn't have to travel miles to find it. – theterribletrivium Oct 25 '14 at 21:32
  • This is the correct answer. For some more examples of physical technologies and procedures used to monitor cables that carry protect high-security data over them see https://en.wikipedia.org/wiki/Protective_distribution_system. (Note that while a lot of the "bury everything in concrete"-type measures are outdated (for many use cases, anyway; probably not for the cable conduits that connect Minuteman missile silos) many links that are protected as such are still in use. To the consternation of many who have to send data/voice over the old, low-bandwidth connections. – mostlyinformed Oct 23 '15 at 20:59
7

Internet lines don't need to be secured. Encryption allows one to set up a secure channel within an insecure medium.

In short, no, the US does not monitor the physical lines because it doesn't need to. There is infrastructure monitoring, but that's not what you are asking about.

schroeder
  • 123,438
  • 55
  • 284
  • 319
4

I used to be a sysadmin for the military; we were told that there were a (small) number of monitored connections between the military and public Internet -- the idea being that the military could cut itself off from the rest of the world but still maintain internal communications.
I wasn't important enough to be able to personally verify whether this was true, but that would be a simple and fairly effective layer of security. (I should also note that this was a number of years ago.)

I can't speak to the rest of the US government. But, as other respondents have noted, monitoring the entire cable plant would be prohibitively expensive.

David
  • 171
  • 3
  • 1
    I'm pretty sure this is actually true. Also, SIPRNet and JWICS are completely physically isolated from the internet, IIRC. – reirab Oct 24 '14 at 14:10
1

I think this has already happened in the past. Usual countermeasures are encryption secured by previously exchanged keys, monitoring of physical characteristics of a channel, and IDS. In the future quantum cryptography should solve this issue somewhat through the use of quantum entanglement. Oh, and most lines belong to private companies anyway...

mkalkov
  • 223
  • 2
  • 4
0

If a single link existed, I would understand increased physical security to protect that link. However with the internet having been built on a mesh topology, traffic can take any number of routes to its destination. This gets to the point of prior posts noting it is not financially possible to physically protect all of those links.

While I've never been involved in government organizations, I'm sure they have "things" in place to monitor links (i.e. Health of the Internet). Detecting anything from up/down status to performance degradation. This would be more efficient way to monitor then to have a physical presence.

As others have pointed out, use of encryption makes MitM a mostly moot point. I say mostly because it depends on the encryption being used. Using encryption carries with it a significant level of latency which may or may not be acceptable for a particular use case. If latency is the primary driver one may elect for a less secure method of encryption. You mentioned the use of public key encryption. You're right that it is designed with a goal of placing traffic on an untrusted network by way of exchanging public keys. However asymmetric encryption is orders of magnitude slower than symmetric encryption so that would be a point of consideration.

anon
  • 34
  • 2