Service-Level Monitoring of HTTPS Traffic

Wazen M. Shbair 1
1 MADYNES - Management of dynamic networks and services
LORIA - NSS - Department of Networks, Systems and Services, Inria Nancy - Grand Est
Abstract : In this thesis, we provide a privacy preserving for monitoring HTTPS services. First, we first investigate a recent technique for HTTPS services monitoring that is based on the Server Name Indication (SNI) field of the TLS handshake. We show that this method has many weakness, which can be used to cheat monitoring solutions.To mitigate this issue, we propose a novel DNS-based approach to validate the claimed value of SNI. The evaluation show the ability to overcome the shortage. Second, we propose a robust framework to identify the accessed HTTPS services from a traffic dump, without relying neither on a header field nor on the payload content. Our evaluation based on real traffic shows that we can identify encrypted HTTPS services with high accuracy. Third, we have improved our framework to monitor HTTPS services in real-time. By extracting statistical features over the TLS handshake packets and a few application data packets, we can identify HTTPS services very early in the session. The obtained results and a prototype implementation show that our method offers good identification accuracy, high HTTPS flow processing throughput, and a low overhead delay
Complete list of metadatas

Cited literature [109 references]  Display  Hide  Download
Contributor : Abes Star <>
Submitted on : Monday, November 27, 2017 - 5:03:03 PM
Last modification on : Tuesday, February 5, 2019 - 2:46:01 PM


Version validated by the jury (STAR)


  • HAL Id : tel-01649735, version 1


Wazen M. Shbair. Service-Level Monitoring of HTTPS Traffic. Networking and Internet Architecture [cs.NI]. Université de Lorraine, 2017. English. ⟨NNT : 2017LORR0029⟩. ⟨tel-01649735⟩



Record views


Files downloads