Service-Level Monitoring of HTTPS Traffic

Wazen M. Shbair 1
1 MADYNES - Management of dynamic networks and services
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : In this thesis, we provide a privacy preserving for monitoring HTTPS services. First, we first investigate a recent technique for HTTPS services monitoring that is based on the Server Name Indication (SNI) field of the TLS handshake. We show that this method has many weakness, which can be used to cheat monitoring solutions.To mitigate this issue, we propose a novel DNS-based approach to validate the claimed value of SNI. The evaluation show the ability to overcome the shortage. Second, we propose a robust framework to identify the accessed HTTPS services from a traffic dump, without relying neither on a header field nor on the payload content. Our evaluation based on real traffic shows that we can identify encrypted HTTPS services with high accuracy. Third, we have improved our framework to monitor HTTPS services in real-time. By extracting statistical features over the TLS handshake packets and a few application data packets, we can identify HTTPS services very early in the session. The obtained results and a prototype implementation show that our method offers good identification accuracy, high HTTPS flow processing throughput, and a low overhead delay
Complete list of metadatas

Cited literature [109 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01649735
Contributor : Abes Star <>
Submitted on : Monday, November 27, 2017 - 5:03:03 PM
Last modification on : Tuesday, February 5, 2019 - 2:46:01 PM

File

DDOC_T_2017_0029_SHBAIR.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01649735, version 1

Citation

Wazen M. Shbair. Service-Level Monitoring of HTTPS Traffic. Networking and Internet Architecture [cs.NI]. Université de Lorraine, 2017. English. ⟨NNT : 2017LORR0029⟩. ⟨tel-01649735⟩

Share

Metrics

Record views

367

Files downloads

840