Collecting metadata from Transport Layer Security (TLS) servers on a large scale allows to draw conclusions about their capabilities and configuration. This provides not only insights into the Internet but it enables use cases like detecting malicious Command and Control (C &C) servers. However, active scanners can only observe and interpret the behavior of TLS servers, the underlying configuration and implementation causing the behavior remains hidden. Existing approaches struggle between resource intensive scans that can reconstruct this data and light-weight fingerprinting approaches that aim to differentiate servers without making any assumptions about their inner working. With this work we propose DissecTLS, an active TLS scanner that is both light-weight enough to be used for Internet measurements and able to reconstruct the configuration and capabilities of the TLS stack. This was achieved by modeling the parameters of the TLS stack and derive an active scan that dynamically creates scanning probes based on the model and the previous responses from the server. We provide a comparison of five active TLS scanning and fingerprinting approaches in a local testbed and on toplist targets. We conducted a measurement study over nine weeks to fingerprint C &C servers and analyzed popular and deprecated TLS parameter usage. Similar to related work, the fingerprinting achieved a maximum precision of 99 % for a conservative detection threshold of 100 %; and at the same time, we improved the recall by a factor of 2.8.
No abstract
No abstract
Mobile messaging services have gained a large share in global telecommunications. Unlike conventional services like phone calls, text messages or email, they do not feature a standardized environment enabling a federated and potentially local service architecture. We present an extensive and large-scale analysis of communication patterns for four popular mobile messaging services between 28 countries and analyze the locality of communication and the resulting impact on user privacy. We show that server architectures for mobile messaging services are highly centralized in single countries. This forces messages to drastically deviate from a direct communication path, enabling hosting and transfer countries to potentially intercept and censor traffic. To conduct this work, we developed a measurement framework to analyze traffic of such mobile messaging services. It allows to conduct automated experiments with mobile messaging applications, is transparent to those applications and does not require any modifications to the applications. IntroductionMobile messaging services like WeChat or WhatsApp see a steady increase in both active users and messages sent, with a particular success in emerging markets like China, Brazil or Malaysia [18,30]. Some researchers predict a shift in communication paradigms with mobile messaging services eradicating classical forms of electronic communication like email or text messages. As an example, the number of text messages sent in Germany shrunk by 62% from 2012 to 2014 [5], after it had been growing exponentially for over a decade.Mobile messaging services and their design strongly differ from classic Internet communication services: established means of communication-like email, internet telephony or instant messaging-often rely on federated or decentralized architectures, with operators providing services to their customers and from within their domain.Mobile messaging services tend to abandon established principles of openness and federation: messaging services are often realized in a closed, non-federated, cloudcentric environment built upon proprietary communication and security protocols neither standardized nor disclosed to the public.This paradigm shift puts at risk the user's freedom and access to secure, confidential and privacy-preserving communication. With such services, the user-relating to her social network through such applications-strongly depends on the service provider to not modify or restrict the service. The user's privacy also depends on the legislation the operating company is subject to: governments are often interested in controlling Internet services [13,31] and accessing messages [8] as well as metadata. The matters of security and privacy move along the same lines and generally involve a full trust into a closed system, a misleading assumption as we saw with WhatApp's announced endto-end-encryption, which is supported on Android, but not Apple devices [1], without giving feedback on encryption status to the user. First attempts to analyze the security p...
No abstract
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.