Abstract
Maintaining cyber-situational awareness is a critical requirement for effective threat intelligence. However, the ubiquitous presence of encryption across numerous protocols makes it ever more challenging for organizations to monitor traffic for security purposes. This paper presents the results of analyzing encrypted traffic and its metadata to provide intelligence on the communication channel. In this study, we aim to 1) analyze and decipher the protocols of TLS and IPSec concentrating on how the session key is negotiated, and 2) analyze the ciphertext of symmetric algorithms, looking for patterns or non-randomness, which by specification, should be non-observable. We demonstrate that we are able to probabilistically identify participating parties in communication, identify signature of Suite-B algorithms (AES-GCM-256), recognize cipher text in near real-time, identify encrypted data in open channel, uncover flaws in cipher modes, and identify unknown and proprietary ciphers.
Original language | English |
---|---|
Title of host publication | 2017 IEEE 7th Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems, CYBER 2017 |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 1621-1626 |
Number of pages | 6 |
ISBN (Print) | 9781538604892 |
DOIs | |
Publication status | Published - 2017 |
Externally published | Yes |
Event | 7th IEEE Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems, CYBER 2017 - Honolulu, United States Duration: 31 Jul 2017 → 4 Aug 2017 |
Conference
Conference | 7th IEEE Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems, CYBER 2017 |
---|---|
Country/Territory | United States |
City | Honolulu |
Period | 31/07/17 → 4/08/17 |
Keywords
- cryptography
- network security
- threat intelligence