Cyber-situational awareness in the presence of encryption

Ebrima N. Ceesay, Thach N. Do, Paul A. Watters

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

Abstract

Maintaining cyber-situational awareness is a critical requirement for effective threat intelligence. However, the ubiquitous presence of encryption across numerous protocols makes it ever more challenging for organizations to monitor traffic for security purposes. This paper presents the results of analyzing encrypted traffic and its metadata to provide intelligence on the communication channel. In this study, we aim to 1) analyze and decipher the protocols of TLS and IPSec concentrating on how the session key is negotiated, and 2) analyze the ciphertext of symmetric algorithms, looking for patterns or non-randomness, which by specification, should be non-observable. We demonstrate that we are able to probabilistically identify participating parties in communication, identify signature of Suite-B algorithms (AES-GCM-256), recognize cipher text in near real-time, identify encrypted data in open channel, uncover flaws in cipher modes, and identify unknown and proprietary ciphers.

Original languageEnglish
Title of host publication2017 IEEE 7th Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems, CYBER 2017
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages1621-1626
Number of pages6
ISBN (Print)9781538604892
DOIs
Publication statusPublished - 2017
Externally publishedYes
Event7th IEEE Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems, CYBER 2017 - Honolulu, United States
Duration: 31 Jul 20174 Aug 2017

Conference

Conference7th IEEE Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems, CYBER 2017
CountryUnited States
CityHonolulu
Period31/07/174/08/17

Keywords

  • cryptography
  • network security
  • threat intelligence

Fingerprint

Dive into the research topics of 'Cyber-situational awareness in the presence of encryption'. Together they form a unique fingerprint.

Cite this