Improving SNI-based HTTPS Security Monitoring - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2016

Improving SNI-based HTTPS Security Monitoring

Résumé

Recent surveys show that the proportion of encrypted web traffic is quickly increasing. On one side, it provides users with essential properties of security and privacy, but on the other side, it raises important challenges and issues for organizations, related to the security monitoring of encrypted traffic (filtering, anomaly detection, etc.). This paper proposes to improve a recent technique for HTTPS traffic monitoring that is based on the Server Name Indication (SNI) field of TLS and which has been implemented in many firewall solutions. This method currently has some weaknesses that can be used to bypass firewalls by overwriting the SNI value of new TLS connections. Our investigation shows that 92% of the HTTPS websites surveyed in this paper can be accessed with a fake SNI. Our approach verifies the coherence between the real destination server and the claimed value of SNI by relying on a trusted DNS service. Experimental results show the ability to overcome the shortage of SNI-based monitoring by detecting forged SNI values while having a very small false positive rate (1.7%). The overhead of our solution only adds negligible delays to access HTTPS websites. The proposed method opens the door to improve global HTTPS monitoring and firewall systems.
Fichier principal
Vignette du fichier
SNI_HTTPS_Security_Monitoring.pdf (448.47 Ko) Télécharger le fichier
SNI_HTTPS_Security_Monitoring-talk.pdf (3.05 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01349710 , version 1 (28-07-2016)

Identifiants

  • HAL Id : hal-01349710 , version 1

Citer

Wazen M. Shbair, Thibault Cholez, Jérôme François, Isabelle Chrisment. Improving SNI-based HTTPS Security Monitoring. Second IEEE International Workshop on Security Testing and Monitoring, Jun 2016, Nara, Japan. pp.6. ⟨hal-01349710⟩
473 Consultations
2723 Téléchargements

Partager

Gmail Facebook X LinkedIn More