Defending Man-in-the-Middle (MITM) Attacks in Web Services

Authors

  • Masoud Ahmed Masoud Baghni Higher Institute of Science and Technology, Tripoli Tripoli – Libya Author
  • Sabria Abdulgader Ali Al Elmusrati Higher Institute of Science and Technology, Tripoli Tripoli – Libya Author

DOI:

https://doi.org/10.65405/bbbf3e31

Keywords:

Man-in-the-Middle (MITM), Web Security, Cryptography, TLS, Authentication, Certificate Authority, Encryption.

Abstract

         In cryptography and computer security, Man-in-the-Middle (MITM) attacks represent a serious threat to the confidentiality and integrity of web communications. These attacks occur when an adversary secretly intercepts and possibly alters the communication between two parties who believe they are interacting directly . MITM attacks can be classified as passive, where the attacker observes communication, or active, where the attacker manipulates transmitted data . Successful execution requires the attacker to impersonate both communicating entities.

           Modern cryptographic protocols such as Transport Layer Security (TLS) use endpoint authentication through digital certificates issued by trusted Certificate Authorities (CAs) to ensure secure communication . However, as attackers evolve, traditional defenses may no longer suffice.

            This research explores novel cryptographic algorithms and enhanced security mechanisms to strengthen web services against MITM attacks. The study focuses on improving authentication, secure key exchange, and data integrity verification techniques to create more resilient and trustworthy web service architectures.

Downloads

Download data is not yet available.

References

[1] W. Stallings, Cryptography and Network Security: Principles and Practice, 8th ed. Pearson, 2020. ISBN: 978-0134444568.

[2] D. Goodin, "How Man-in-the-Middle attacks work," Ars Technica, 2019. [Online]. Available: https://arstechnica.com/

[3] D. Cooper et al., "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile," RFC 5280, IETF, May 2008. [Online]. Available: https://tools.ietf.org/html/rfc5280

[4] A. O. Freier, P. Karlton, and P. C. Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0," RFC 6101, IETF, Aug. 2011. [Online]. Available: https://tools.ietf.org/html/rfc6101

[5] J. Clark and P. C. van Oorschot, "SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements," in Proc. 2013 IEEE Symp. Security Privacy (SP), Berkeley, CA, USA, May 2013, pp. 511–525, doi: 10.1109/SP.2013.41.

[6] E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.3," RFC 8446, IETF, Aug. 2018. [Online]. Available: https://tools.ietf.org/html/rfc8446

[7] C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in a Public World, 3rd ed. Prentice Hall, 2016. ISBN: 978-0134444568.

[8] M. Bishop, Introduction to Computer Security, 2nd ed. Addison-Wesley, 2018. ISBN: 978-0134085043.

[9] A. S. Tanenbaum and D. J. Wetherall, Computer Networks, 6th ed. Pearson, 2021. ISBN: 978-0136681151.

[10] OWASP Foundation, "Man-in-the-Middle (MITM) Attack Prevention," OWASP Guidelines, 2023. [Online]. Available: https://owasp.org/

[11] Wireshark Foundation, Wireshark User Guide, Version 4.0, 2023. [Online]. Available: https://www.wireshark.org/docs/

[12] B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 20th Anniversary ed. Wiley, 2015. ISBN: 978-1119096726.

[13] N. Z. Bawany et al., "A hybrid intrusion detection system for secure networks," IEEE Access, vol. 9, pp. 14567–14579, 2021, doi: 10.1109/ACCESS.2021.3052703.

[14] M. Mosca, "Cybersecurity in an era with quantum computers: Will we be ready?," IEEE Security & Privacy, vol. 16, no. 5, pp. 38–41, May/June 2018, doi: 10.1109/MSP.2018.3708811.

[15] National Institute of Standards and Technology (NIST), "Module-Lattice-Based Key-Encapsulation Mechanism Standard," FIPS 203, Aug. 2024. doi: 10.6028/NIST.FIPS.203.

[16] National Institute of Standards and Technology (NIST), "Module-Lattice-Based Digital Signature Standard," FIPS 204, Aug. 2024. doi: 10.6028/NIST.FIPS.204.

[17] S. Nakamoto, "Bitcoin: A peer-to-peer electronic cash system," 2008. [Online]. Available: https://bitcoin.org/bitcoin.pdf

[18] A. Langley, M. Hamburg, and S. Turner, "Elliptic curves for security," RFC 7748, IETF, Jan. 2016. [Online]. Available: https://tools.ietf.org/html/rfc7748

[19] B. Laurie, A. Langley, and E. Kasper, "Certificate transparency," RFC 6962, IETF, June 2013. [Online]. Available: https://tools.ietf.org/html/rfc6962

[20] P. W. Shor, "Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer," SIAM J. Comput., vol. 26, no. 5, pp. 1484–1509, Oct. 1997, doi: 10.1137/S0097539795293172.

Downloads

Published

2026-03-01

Issue

Vol. 10 No. 39 (2026): Comprehensive Journal of Science

Section

المقالات

License

Copyright (c) 2026 Comprehensive Journal of Science

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

How to Cite

Defending Man-in-the-Middle (MITM) Attacks in Web Services. (2026). Comprehensive Journal of Science, 10(39), 2961-2973. https://doi.org/10.65405/bbbf3e31