Detecting Man-in-the-Middle Attacks against Transport Layer Security Connections with Timing Analysis

Author

Lauren M. Wagoner

Date of Award

9-15-2011

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Jeffrey W. Humphries, PhD.

Abstract

The Transport Layer Security (TLS) protocol is a vital component to the protection of data as it traverses across networks. From e-commerce websites to Virtual Private Networks (VPNs), TLS protects massive amounts of private information, and protecting this data from Man-in-the-Middle (MitM) attacks is imperative to keeping the information secure. This thesis illustrates how an attacker can successfully perform a MitM attack against a TLS connection without alerting the user to his activities. By deceiving the client machine into using a false certificate, an attacker takes away the only active defense mechanism a user has against a MitM. The goal for this research is to determine if a time threshold exists that can indicate the presence of a MitM in this scenario. An analysis of the completion times between TLS handshakes without a MitM, with a passive MitM, and with an active MitM is used to determine if this threshold is calculable. Any conclusive findings supporting the existence of a timing baseline can be considered the first steps toward finding the value of the threshold and creating a second layer defense to actively protect against a MitM.

AFIT Designator

AFIT-GCO-ENG-11-16

DTIC Accession Number

ADA547399

Recommended Citation

Wagoner, Lauren M., "Detecting Man-in-the-Middle Attacks against Transport Layer Security Connections with Timing Analysis" (2011). Theses and Dissertations. 1433.
https://scholar.afit.edu/etd/1433