利用TCP重传超时检测中间人攻击——以密钥泄露冒充攻击为例

2018 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE) Pub Date : 2018-08-01 DOI:10.1109/ICCCEEE.2018.8515845

Ayman Mohammed Muzzamail Albashear, H. Ali, Abeer M. Ali

{"title":"利用TCP重传超时检测中间人攻击——以密钥泄露冒充攻击为例","authors":"Ayman Mohammed Muzzamail Albashear, H. Ali, Abeer M. Ali","doi":"10.1109/ICCCEEE.2018.8515845","DOIUrl":null,"url":null,"abstract":"A Retransmission Timeout or RTO plays an important role in TCP protocol, mainly to achieve reliable transmission. In TCP, if the sender sent a segment and no acknowledgement has been received and the RTO timer expired then the sender will assume that this segment has been lost. This paper proposed another use of the RTO concept in order to secure the TLS session. It calculates a Secure Session RTO or SSRTO which is based on RTO equation between the sender and receiver in a TLS protocol. It is assumed that the man in the middle is in need of the time factor in order to trigger a KCI attack. at the server side, by calculating the time needed to start a TLS Handshake Protocol, until TLS Record Protocol, and if it is found that it took an appreciable time we may assume that there is an attacker. The action in this case, is to cut off the session between the sender and the receiver.","PeriodicalId":6567,"journal":{"name":"2018 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE)","volume":"8 1","pages":"1-8"},"PeriodicalIF":0.0000,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Detection of Man-in-the-Middle Attacks by Using the TCP Retransmission Timeout : Key Compromise Impersonation Attack as Study Case\",\"authors\":\"Ayman Mohammed Muzzamail Albashear, H. Ali, Abeer M. Ali\",\"doi\":\"10.1109/ICCCEEE.2018.8515845\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A Retransmission Timeout or RTO plays an important role in TCP protocol, mainly to achieve reliable transmission. In TCP, if the sender sent a segment and no acknowledgement has been received and the RTO timer expired then the sender will assume that this segment has been lost. This paper proposed another use of the RTO concept in order to secure the TLS session. It calculates a Secure Session RTO or SSRTO which is based on RTO equation between the sender and receiver in a TLS protocol. It is assumed that the man in the middle is in need of the time factor in order to trigger a KCI attack. at the server side, by calculating the time needed to start a TLS Handshake Protocol, until TLS Record Protocol, and if it is found that it took an appreciable time we may assume that there is an attacker. The action in this case, is to cut off the session between the sender and the receiver.\",\"PeriodicalId\":6567,\"journal\":{\"name\":\"2018 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE)\",\"volume\":\"8 1\",\"pages\":\"1-8\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCEEE.2018.8515845\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCEEE.2018.8515845","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

RTO (Retransmission Timeout)在TCP协议中起着重要的作用，主要是为了实现可靠的传输。在TCP中，如果发送方发送了一个段，但没有收到确认，并且RTO定时器已经过期，那么发送方将认为该段已经丢失。本文提出了RTO概念的另一种用法，以确保TLS会话的安全。它根据TLS协议中发送方和接收方之间的RTO方程，计算安全会话RTO或SSRTO。假设中间的人需要时间因素来触发KCI攻击。在服务器端，通过计算启动TLS握手协议所需的时间，直到TLS记录协议，如果发现它花费了可观的时间，我们可以假设有攻击者。在这种情况下，操作是切断发送方和接收方之间的会话。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Detection of Man-in-the-Middle Attacks by Using the TCP Retransmission Timeout : Key Compromise Impersonation Attack as Study Case

A Retransmission Timeout or RTO plays an important role in TCP protocol, mainly to achieve reliable transmission. In TCP, if the sender sent a segment and no acknowledgement has been received and the RTO timer expired then the sender will assume that this segment has been lost. This paper proposed another use of the RTO concept in order to secure the TLS session. It calculates a Secure Session RTO or SSRTO which is based on RTO equation between the sender and receiver in a TLS protocol. It is assumed that the man in the middle is in need of the time factor in order to trigger a KCI attack. at the server side, by calculating the time needed to start a TLS Handshake Protocol, until TLS Record Protocol, and if it is found that it took an appreciable time we may assume that there is an attacker. The action in this case, is to cut off the session between the sender and the receiver.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE)

自引率

0.00%

发文量