CAREER: Towards Effective Identification of Application Behaviors in Encrypted Traffic

Principal Investigator:Fabian Monrose
Funding Agency: National Science Foundation
Agency Number:CNS-0852649

Abstract
Several fundamental security mechanisms for restricting access to network resources rely on the ability of a reference monitor to inspect the contents of traffic as it traverses the network. However, with the increasing popularity of cryptographic protocols, the traditional means of inspecting packet contents to enforce security policies is no longer a viable approach as message contents are concealed by encryption. In this project, we investigate the extent to which application protocols (and behaviors) can be identified using only the features that remain intact after encryption—namely packet size, timing, and direction. Our work to date has resulted in several technical advancements in protocol identification in encrypted tunnels.