Detection of Man-in-the-Middle Attacks by Using the TCP Retransmission Timeout : Key Compromise Impersonation Attack as Study Case

Abstract

A Retransmission Timeout or RTO plays an important role in TCP protocol, mainly to achieve reliable transmission. In TCP, if the sender sent a segment and no acknowledgement has been received and the RTO timer expired then the sender will assume that this segment has been lost. This paper proposed another use of the RTO concept in order to secure the TLS session. It calculates a Secure Session RTO or SSRTO which is based on RTO equation between the sender and receiver in a TLS protocol. It is assumed that the man in the middle is in need of the time factor in order to trigger a KCI attack. at the server side, by calculating the time needed to start a TLS Handshake Protocol, until TLS Record Protocol, and if it is found that it took an appreciable time we may assume that there is an attacker. The action in this case, is to cut off the session between the sender and the receiver.