Man-in-the-Middle Solution Accelerator

Overview

The fastest way to get started with Keychain is to build and try the Man-in-the-Middle accelerator. This sample demonstrates persona creation, pairing with a trusted directory, and that data protected by Keychain has security benefits beyond that provided by HTTP/S. It defines a Java client and two Python (django) web servers, a frontend and a backend server. The client will send data to the backend server via the frontend. The frontend server then relays the data to the backend.

In this architecture, the frontend has access to the data, and so we imagine a scenario where the frontend is malicious and wishes to read or modify the data before sending it on. If the client and servers were paired and the data Keychain-secured, then the we show that the frontend is severely limited in its capability to achieve these ends. Specifically

  1. The frontend can not read the data

  2. The frontend can not modify the data without the backend detecting this. We say the data is tamper-evident.

Source Code

Repository

https://github.com/keychain-io/solution-accelerator-mitm

Languages

Java, Python

For more information on how to install the demo and its functionality, please see the following README file.

Video


Design


Man-in-the-Middle

As depicted in the image above, this sample demonstrates how Keychain adds an additional layer of protection over the standard network protocols to protect from the standard man-in-the-middle attack.