Detecting Man-in-the-Middle Attacks against Transport Layer Security Connections with Timing Analysis

Abstract

The Transport Layer Security (TLS) protocol is a vital component to the protection of data as it traverses across networks. From e-commerce websites to Virtual Private Networks (VPNs), TLS protects massive amounts of private information, and protecting this data from Man-in-the-Middle (MitM) attacks is imperative to keeping the information secure. This thesis illustrates how an attacker can successfully perform a MitM attack against a TLS connection without alerting the user to his activities. By deceiving the client machine into using a false certificate, an attacker takes away the only active defense mechanism a user has against a MitM. The goal for this research is to determine if a time threshold exists that can indicate the presence of a MitM in this scenario. An analysis of the completion times between TLS handshakes without a MitM, with a passive MitM, and with an active MitM is used to determine if this threshold is calculable. Any conclusive findings supporting the existence of a timing baseline can be considered the first steps toward finding the value of the threshold and creating a second layer defense to actively protect against a MitM.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 15, 2011
Accession Number
ADA547399

Entities

People

  • Lauren M. Wagoner

Organizations

  • Air Force Institute of Technology

Tags

DTIC Thesaurus Topics

  • Active Defense
  • Air Force
  • Asymetric Encryption
  • Authentication
  • Computer Programming
  • Computers
  • Cryptography
  • Data Compression
  • Defense Mechanisms
  • Electronic Commerce
  • Information Processing
  • Internet
  • Network Protocols
  • Operating Systems
  • Security Protocols
  • Transport Protocols
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Educational Psychology
  • Sensor Fusion and Tracking Systems.