PHP - Anti mitm attack idea

Question

I've got an idea against mitm(man-in-the-middle) attacks that i'd like to implement to my site, so i decided to ask you how secure this is. First i'd get 10 page loading times from the client computer in seconds. Then i'd calculate the standard with all those loading times. Then each time the user loads a new page i check if his/her ip address has changed and if it has i recalculate that standard and compare it to the previous standard. If this standard is 1 or 2 bigger that doesn't really matter, but if it's 4 i can log out the user. Then if the attacker has a slower internet connection he would get logged out. I'm sure i'm not the only one who has thought of this, but i don't know if this is used.

Answer 1

There are a lot of reasons why this is a bad idea, but:

1. The solution for Man-in-the-Middle attacks are authenticated encryption (i.e. TLS 1.1+). TLS works; USE IT! You don't even need to do anything clever to use it. Just install Caddy Server if you can't figure out the Apache/nginx/lighttpd configuration and/or LetsEncrypt integration process.
2. MitM attacks, such as those performed by sslstrip, will be indistinguishable from regular users because you'll only see the middleman, not the end user. Aside from that, MitM proxies add microseconds of overhead, which is virtually indistinguishable from network jitter.

are the biggest two.