Efficiently Bypassing SNI-based HTTPS Filtering

Wazen M. Shbair 1, * Thibault Cholez 1 Antoine Goichot 1 Isabelle Chrisment 1
* Auteur correspondant
1 MADYNES - Management of dynamic networks and services
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : Encrypted Internet traffic is an essential element to enable security and privacy in the Internet. Surveys show that websites are more and more being served over HTTPS. They highlight an increase of 48% of sites using TLS over the past year, justifying the tendency that the Web is going to be encrypted. This motivates the development of new tools and methods to monitor and filter HTTPS traffic. This paper handles the latest technique for HTTPS traffic filtering that is based on the Server Name Indication (SNI) field of TLS and which has been recently implemented in many firewall solutions. Our main contribution is an evaluation of the reliability of this SNI extension for properly identifying and filtering HTTPS traffic. We show that SNI has two weaknesses, regarding (1) backward compatibility and (2) multiple services using a single certificate. We demonstrate thanks to a web browser plug-in called " Escape " that we designed and implemented, how these weaknesses can be practically used to bypass firewalls and monitoring systems relying on SNI. The results show positive evaluation (firewall's rules successfully bypassed) for all tested websites.
Type de document :
Communication dans un congrès
IFIP/IEEE International Symposium on Integrated Network Management (IM 2015), May 2015, Ottawa, Canada. pp.990-995, 2015, <http://im2015.ieee-im.org/>. <10.1109/INM.2015.7140423>
Liste complète des métadonnées


https://hal.inria.fr/hal-01202712
Contributeur : Wazen Shbair <>
Soumis le : jeudi 3 décembre 2015 - 17:08:45
Dernière modification le : jeudi 22 septembre 2016 - 14:32:22
Document(s) archivé(s) le : samedi 29 avril 2017 - 00:36:59

Identifiants

Collections

Citation

Wazen M. Shbair, Thibault Cholez, Antoine Goichot, Isabelle Chrisment. Efficiently Bypassing SNI-based HTTPS Filtering. IFIP/IEEE International Symposium on Integrated Network Management (IM 2015), May 2015, Ottawa, Canada. pp.990-995, 2015, <http://im2015.ieee-im.org/>. <10.1109/INM.2015.7140423>. <hal-01202712>

Partager

Métriques

Consultations de
la notice

661

Téléchargements du document

2098