Abstract

Due to the prevalence and constantly increasing risk of cyber-attacks, new and evolving security mechanisms are required to protect information and networks and ensure the basic security principles of confidentiality, integrity, and availability—referred to as the CIA triad. While confidentiality and integrity can be achieved using Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates, these depend on the correct authentication of servers, which could be compromised due to man-in-the-middle (MITM) attacks. Many existing solutions have practical limitations due to their operational complexity, deployment costs, as well as adversaries. We propose a novel scheme to detect MITM attacks with minimal intervention and workload to the network and systems. Our proposed model applies a novel inferencing scheme for detecting true anomalies in transmission time at a trusted time server (TTS) using time-based verification of sent and received messages. The key contribution of this paper is the ability to automatically detect MITM attacks with trusted verification of the transmission time using a learning-based inferencing algorithm. When used in conjunction with existing systems, such as intrusion detection systems (IDS), which require comprehensive configuration and network resource costs, it can provide a robust solution that addresses these practical limitations while saving costs by providing assurance.

Highlights

  • A Digital Certificate (DC), known as Secure Sockets Layer (SSL) certificate, has been used extensively in the cybersecurity domain and operates based on the public key infrastructure (PKI)with public key cryptography

  • SSL/Transport Layer Security (TLS) relies on the correct authentication of the server using digital certificates, which could be tampered with by an adversary using several approaches that lead to MITM attacks

  • We considered the abovementioned practical limitations in order to arrive at the overarching question, given below, that guided this research: Can we design an automatic trusted model that adopts an intelligent mechanism to employ time-based verification of sent and received messages to detect MITM attacks?

Read more

Summary

Introduction

A Digital Certificate (DC), known as Secure Sockets Layer (SSL) certificate, has been used extensively in the cybersecurity domain and operates based on the public key infrastructure (PKI). It uses a private key for signing in and a public key for verification along with the identification (ID) of the certificate authority (CA) and the user who requested the DC. An Iranian hacker, who was suspiciously sponsored by the state, hacked a registration authority (RA), a reseller of Comodo certificates, and claimed responsibility by posting the hacked incident at pastebin.com in 2011 [2] Several studies in the literature concur that such third-party solutions exhibit practical limitations due to persistent system complexities, escalating deployment costs, and several inconveniences, including business productivity losses due to high false alarms [3,4] To address these issues with the aim of ensuring secure information communications, we propose a novel inference scheme using trusted time-based verification for automatically detecting MITM attacks.

Related Works
Research Background
Proposed MITM Detection Model
Modeling the Problem Scenario
Model Intelligence to Counter Evasive MITM Attacks
Model Implementation
Inference Engine Using Threshold Table
Time-Based Verification and MITM Detection Algorithm
Results and Analysis
Result
Performance Measures
Conclusions and Future Works
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call