Protocol Misidentification Made Easy with Format-Transforming Encryption

Download Now
Provided by: University of Winnipeg
Topic: Security
Format: PDF
Deep Packet Inspection (DPI) technologies provide much needed visibility and control of network traffic using port independent protocol identification, where a network flow is labeled with its application-layer protocol based on packet contents. In this paper, the authors provide the first comprehensive evaluation of a large set of DPI systems from the point of view of protocol mis-identification attacks, in which adversaries on the network attempt to force the DPI to mislabel connections. Their approach uses a new cryptographic primitive called Format-Transforming Encryption (FTE), which extends conventional symmetric encryption with the ability to transform the ciphertext into a format of their choosing.
Download Now

Find By Topic