One year of SSL internet measurement

Levillain, Olivier; Ebalard, Arnaud; Morin, Benjamin; Debar, Hervé

doi:10.1145/2420950.2420953

Cited by 24 publications

(25 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The long-term monitoring and measurement of SSL/TLS traffic in the Internet was presented by Levillain et al [9] for the period 2010-2011. They observed a lot of servers which were intolerant to some cipher suite lists, and detected certificate chains which did not comply with the standard.…”

Section: State-of-the-artmentioning

confidence: 99%

See 1 more Smart Citation

Network-Based HTTPS Client Identification Using SSL/TLS Fingerprinting

Husák

Čermák

Jirsík

et al. 2015

2015 10th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Abstract-The growing share of encrypted network traffic complicates network traffic analysis and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. Our experiment shows that it is possible to estimate the UserAgent of a client in HTTPS communication via the analysis of the SSL/TLS handshake. The fingerprints of SSL/TLS handshakes, including a list of supported cipher suites, differ among clients and correlate to User-Agent values from a HTTP header. We built up a dictionary of SSL/TLS cipher suite lists and HTTP UserAgents and assigned the User-Agents to the observed SSL/TLS connections to identify communicating clients. We discuss hostbased and network-based methods of dictionary retrieval and estimate the quality of the data. The usability of the proposed method is demonstrated on two case studies of network forensics.

show abstract

Section: State-of-the-artmentioning

confidence: 99%

“…In comparison to earlier results, the share of connections initiated over SSL is decreasing. For example, Levillain et al [9] reported 5 % share of SSL 3.0 in 2011.…”

Section: A Measurementmentioning

confidence: 99%

Network-Based HTTPS Client Identification Using SSL/TLS Fingerprinting

Husák

Čermák

Jirsík

et al. 2015

2015 10th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…In particular, these studies have identified specific problematic certificates [17], [18] and quantified interesting patterns [12]- [17]. In this paper we aim to go beyond those previous studies by providing a detailed analysis of compliance with specific guidelines, and also in the development of particular analysis and visualization methods.…”

Section: Rootmentioning

confidence: 99%

Web PKI: Closing the Gap between Guidelines and Practices

Delignat-Lavaud¹,

Abadi²,

Birrell³

et al. 2014

Proceedings 2014 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-A string of recent attacks against the global public key infrastructure (PKI) has brought to light weaknesses in the certification authority (CA) system. In response, the CA/Browser Forum, a consortium of certification authorities and browser vendors, published in 2011 a set of requirements applicable to all certificates intended for use on the Web and issued after July 1st, 2012, following the successful adoption of the extended validation guidelines in 2007. We evaluate the actual level of adherence to the CA/Browser Forum guidelines over time, as well as the impact of each violation, by inspecting a large collection of certificates gathered from Web crawls. We further refine our analysis by automatically deriving profile templates that characterize the makeup of certificates per issuer. By integrating these templates with violation statistics, we are able to depict the practices of certification authorities worldwide, and thus to monitor the PKI and proactively detect major violations. Our method also provides new means of assessing the trustworthiness of SSL certificates used on the Web.

show abstract

“…The long-term SSL/TLS traffic identify in the Internet was presented by Levillain and Ebalard in 2010 [2] . They detected certificate chains which did not comply with the standard through SSL/TLS handshake fingerprint.…”

Section: Related Workmentioning

confidence: 99%

“…Nowadays, we are able to identify browsers through the features in plain-text network traffic, such as User-Agent and Cookies [2], but with the rising popularity of encryption network protocol, it becomes impossible to get these features.…”

Section: Introductionmentioning

confidence: 99%

Browser Identification Based on Encrypted Traffic

Liu¹,

Han²,

Wei³

2016

Proceedings of the 2016 International Conference on Communications, Information Management and Network Security

View full text Add to dashboard Cite

Abstract-Network traffic encryption brings security to network communication, however it also brings challenges to network monitoring. As more and more major websites use encryption protocol to protect imformation of visitors, it is a burning issue to identify client when session is encrypted. In this paper, we present browser identification of HTTPS client based on packet length. The sequence of request packet length is different among browsers and our experiment shows that it is possible to recognize what kind of browser the traffic comes from according to length sequence. We theoretically analyze the possibility of using the request packet length to identify browsers and show the method of using length sequence to establish dictionary. The dictionaries are used to distinguish unknown traffic flow. Our experiment results show that we can get accurate results of browser identification in HTTPS communication through packet length analysis.

show abstract

One year of SSL internet measurement

Cited by 24 publications

References 4 publications

Network-Based HTTPS Client Identification Using SSL/TLS Fingerprinting

Network-Based HTTPS Client Identification Using SSL/TLS Fingerprinting

Web PKI: Closing the Gap between Guidelines and Practices

Browser Identification Based on Encrypted Traffic

Contact Info

Product

Resources

About