Detecting Man-in-the-Middle Attacks by Precise Timing

  title={Detecting Man-in-the-Middle Attacks by Precise Timing},
  author={Benjamin Aziz and Geoff W. Hamilton},
  journal={2009 Third International Conference on Emerging Security Information, Systems and Technologies},
  • B. Aziz, G. Hamilton
  • Published 18 June 2009
  • Computer Science
  • 2009 Third International Conference on Emerging Security Information, Systems and Technologies
Man-in-the-middle attacks are one of the most popular and fundamental attacks on distributed systems that have evolved with advances in distributed computing technologies and have assumed several shapes ranging from simple IP spoofing to complicated attacks on wireless communications, which have safety-critical applications such as remote wireless passport verification. This paper proposes a static analysis algorithm for the detection of man-in-the-middle attacks in mobile processes using a… 

Figures from this paper

Improved SSL/TLS Man-in-the-middle attack detection technique using timing analysis and other behavioral anomalies

This research was conducted to confirm the possibility of mitigating the continuous threat that attacks such as the man-in-the-middle constitute to the SSL and TLS key exchange by analyzing differences in time and other possible behavioral anomalies between a simulated attack and a standard SSL session through the use of machine learning.

Man-In-The-Middle Attack Detection Based on Bayesian Belief Network

A Bayesian Belief Network model was designed using Bayes Server and tested with data collected from cyber security repository and had a 99% prediction accuracy.

Data collection for attack detection and security measurement in Mobile Ad Hoc Networks: A survey

Detecting Man-in-the-Middle Attack in Fog Computing for Social Media

An anomaly-based Intrusion Detection and Prevention System (IDPS) against Man-in-the-Middle (MITM) attack in the fog layer is proposed and Exponentially Weighted Moving Average (EWMA) is added to the system to smooth out the noise that is typically found in social media communications.

Lightweight Method for Detecting Fake Authentication Attack on Wi-Fi

It can be concluded that the proposed method using comparison of BSSID / MAC address is an effective way to detect fake authentication attacks on Wi-Fi networks.

Fast, Reliable, and Secure Drone Communication: A Comprehensive Survey

A detailed review of the security-critical drone applications, and security-related challenges in drone communication such as DoS attacks, Man-in-the-middle attacks, De-Authentication attacks, and so on are presented.


Security of internet access over the Third Generation (3G) telecommunication systems is considered and Universal Mobile Telecommunications System (UMTS) is selected as the most popular system among 3G systems and authentication factor is more interesting than other factors for hackers.

Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS

This work designs and implements two new TLS extensions that strengthen the authentication guarantees of the handshake and develops an exemplary HTTPS client library that implements several mitigations, on top of a previously verified TLS implementation, and proves that their composition provides strong, simple application security.

Practical authentication in large-scale internet applications

This dissertation provides robust and practical authentication mechanisms that can improve the overall security of large-scale VoIP and Web applications and shows that there is no inherent conflict between stronger authentication and other system goals.

A Systemic Security and Privacy Review: Attacks and Prevention Mechanisms over IOT Layers

This paper provides an outline of IoT security attacks on Three-Layer Architecture: Three-layer such as application layer, network layer, perception layer/physical layer and attacks that are associated with these layers will be discussed.



A man-in-the-middle attack on UMTS

A man-in-the-middle attack on the Universal Mobile Telecommunication Standard (UMTS), one of the newly emerging 3G mobile technologies, is presented, showing that an attacker can mount an impersonation attack since GSM base stations do not support integrity protection.

"Man in the Middle" Attacks on Bluetooth

  • D. Kügler
  • Computer Science
    Financial Cryptography
  • 2003
While the built-in point-to-point encryption could have offered some protection against man in the middle attacks, a flaw in the specification nullifies this countermeasure.

Defense against man-in-the-middle attack in client-server systems

  • D. SerpanosR. Lipton
  • Computer Science
    Proceedings. Sixth IEEE Symposium on Computers and Communications
  • 2001
A methodology based on simple hardware devices, called "spies", is introduced, which enables servers to establish client integrity, and leads to a successful defense against viruses that use man-in-the-middle attacks.

Discovering Man-in-the-Middle Attacks in Authentication Protocols

This work proposes a simplified generic approach based on a challenge-response criterion to discover man-in-the-middle attacks in authentication protocols and demonstrates how the inability in finding out the true originator of a message guides us through a sequence of logical arguments eventually leading to a successful man- in the middle attack.

Attacks on time-of-flight distance bounding channels

It is concluded that conventional RF channels can be problematic for secure distance- bounding implementations and the merits and weaknesses of special distance-bounding channels that have been proposed for RFID applications are discussed.

Distance Bounding Protocols: Authentication Logic Analysis and Collusion Attacks

The first full-scale formal analysis of a distance bounding protocol is given, and it is shown how this analysis helps to reduce message and cryptographic complexity without reducing security.

Man-in-the-Middle in Tunnelled Authentication Protocols

This paper proposes a solution to the problem of a man-in-the-middle attack on protocol composition by using a cryptographic binding between the client authentication protocol and the tunnel protocol.

An RFID Distance Bounding Protocol

  • G. HanckeM. Kuhn
  • Computer Science
    First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05)
  • 2005
A new distance-bounding protocol based on ultra-wideband pulse communication is proposed, aimed at being implementable using only simple, asynchronous, low-power hardware in the token, particularly well suited for use in passive low-cost tokens, noisy environments and high-speed applications.

Distance-Bounding Protocols (Extended Abstract)

The "distance bounding" technique is introduced, which solves the problem of timing the delay between sending out a challenge bit and receiving back the corresponding response bit and can be integrated into common identification protocols.

So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks

It is shown that proposed distance-bounding protocols of Hu, Perrig and Johnson, Sastry, Shankar and Wagner, and Capkun and Hubaux are vulnerable to a guessing attack where the malicious prover preemptively transmits guessed values for a number of response bits.