Efficiently bypassing SNI-based HTTPS filtering

  title={Efficiently bypassing SNI-based HTTPS filtering},
  author={Wazen M. Shbair and Thibault Cholez and Antoine Goichot and Isabelle Chrisment},
  journal={2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)},
Encrypted Internet traffic is an essential element to enable security and privacy in the Internet. [] Key Result The results show positive evaluation (firewall's rules successfully bypassed) for all tested websites.

Figures and Tables from this paper

Improving SNI-Based HTTPS Security Monitoring

This paper proposes to improve a recent technique for HTTPS traffic monitoring that is based on the Server Name Indication (SNI) field of TLS and which has been implemented in many firewall solutions, and shows the ability to overcome the shortage of SNI-based monitoring.

A Survey of HTTPS Traffic and Services Identification Approaches

This survey details the techniques used to monitor HTTPS traffic, from the most basic level of protocol identification (TLS, HTTPS), to the finest identification of precise services, showing that protocol identification is well mastered while more precise levels keep being challenging despite recent advances.

A multi-level framework to identify HTTPS services

This paper proposes a robust technique to precisely identify the services run within HTTPS connections, i.e. to name the services, without relying on specific header fields that can be easily altered.

Network Security Monitoring (NSM): Can it be Effective in a World with Encrypted Traffic?

HTTPS is gaining widespread popularity for secure transactions. Most popular sites have made default choice as HTTPS. This development of encrypted traffic has brought in new challenges in the areas

Key factors in building a Secure Web Gateway

This research provides a categorisation of the key factors in building a Secure Web Gateway, proposes a reference design and architecture, a practical implementation for a home vDSL connection and a testing framework that can be used to evaluate the effectiveness of a secure Web Gateway deployment.

DNS Over HTTPS Traffic Analysis and Detection

The Domain Name Service (DNS) is a prevalent protocol used in computer communications, used to translate domain names to addresses that can be routed to via de Internet Protocol (IP). One of the main

A Survey on Omnipresent HTTPS and Its Impact on Network Security Monitoring

HTTPS is gaining widespread popularity for performing secure transactions. Most popular sites have made default choice as HTTPS. Therefore, this paper makes a survey through various study done in the

DTA-HOC: Online HTTPS traffic service identification using DNS in large-scale networks

DTA-HOC is a novel DNS-based two-level association HTTPS traffic online service identification method for large-scale networks, which correlates HTTPS flows with DNS flows using big data stream processing and association technologies to label the service in an HTTPS flow with a specific associated domain name.

Study on Providing Anonymity of HTTPS Web Site Blocking

A proposed method which can support anonymity to Internet users while blocking harmful sites and also can support integrity and source authentication to the transmitted data is proposed.

Using TLS Fingerprints for OS Identification in Encrypted Traffic

This paper trains a machine learning model on TLS handshake parameters to identify the operating system of the client device and compares its results to well-known identification methods and shows that precise operating system identification can be achieved in encrypted traffic of mobile devices and notebooks connected to the wireless network.



SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements

This work survey and categorize prominent security issues with HTTPS and provides a systematic treatment of the history and on-going challenges, intending to provide context for future directions.

Analysis of the HTTPS certificate ecosystem

A large-scale measurement study of the HTTPS certificate ecosystem---the public-key infrastructure that underlies nearly all secure web communications---is reported, uncovering practices that may put the security of the ecosystem at risk and identifying frequent configuration problems that lead to user-facing errors and potential vulnerabilities.

Safe configuration of TLS connections

A summary of the current TLS threat surface is provided together with a validated approach for minimizing the risk of TLS-compromise and specification of expected flows and automated comparison with observed flows to flag inconsistencies are provided.

Tools and Technology of Internet Filtering

This chapter focuses on access to the Web, as this is the current focus of Internet filtering efforts, and describes how a number of the most relevant filtering mechanisms operate.

Reviewing Traffic Classification

The main trend in the field of traffic classification is discussed, some of the main proposals of the research community are described and two examples of behavioral classifiers are developed: both use supervised machine learning algorithms for classifications, but each is based on different features to describe the traffic.

Traffic classification: Issues and challenges

This paper first attempt to present an analysis of the existing traffic classification techniques, and dwell on their issues and challenges, then outline some recommendations that can improve the performance of traffic classification systems.

Access Denied: The Practice and Policy of Global Internet Filtering

Internet Filtering: The Politics and Mechanisms of Control

It seems hard to believe that a free, online encyclopedia that anyone can edit at any time could matter much to anyone. But just as a bee can fly despite its awkward physiognomy, Wikipedia has become

Transport Layer Security (TLS) Extensions: Extension Definitions