A Structural Approach to Modeling Encrypted Connections - Anthony KaszaSummary: Attendees will gain insights into a proven and scalable method for analyzing encrypted flows without breaking and inspecting their contents. This talk is meant to expand the audience's understanding of techniques for summarizing network connections and approaches to encrypted traffic analysis. The mechanism of the SSH, SSL, and RDP protocols will be explored using both techniques.
Abstract: To weary network users, encryption provides privacy for data in transit. To network operators and security analysts, encryption hinders visibility. Breaking encryption and inspecting content can be costly and error prone. By analyzing the lengths and ordering of encrypted data exchanged throughout a connection (i.e., signals that don't require breaking encryption) network monitoring systems can infer protocol state without parsing the content of the connection. By modeling a protocol's state transitions and overlaying that model on a connection's sequence of lengths (SOL), inferences can be made about how the protocol is being use. This provides a sort of compromise between privacy and visibility. Attendees will gain insights into a proven and scalable method for analyzing encrypted flows without breaking and inspecting their contents. This talk is meant to expand the audience's understanding of techniques for summarizing network connections and approaches to encrypted traffic analysis. The mechanism of the SSH, SSL, and RDP protocols will be explored using both techniques.
Slack Channel for this session - #vzw-day2-talk8-modeling-encrypted-connections
Haven't joined the Zeek Slack space yet you can do so at:
https://join.slack.com/t/zeekorg/shared_invite/zt-cgz9wa7p-BXihgVtZlmnRfHZXmUltZQLink to Session Survey - https://forms.gle/aFCTXniakuJGi7YN9