SECURITY SENSOR PROVIDING ANALYSIS OF ENCRYPTED NETWORK DATA

Daniel Hamburg, York Tüchelmann

Abstract

Common Intrusion Detection Systems are susceptible to encrypted attacks, i.e. attacks that employ security protocols to conceal malign data. In this work, we introduce a software sensor, called Transport Layer Security Sensor (TLSS), providing detection engines access to network data encrypted at Transport Layer. Transport Layer Encryption, such as SSL, is typically implemented by a local application and not the OS. TLSS resides on the monitored host and executes cryptographic functions on behalf of local applications. TLSS decrypts incoming encrypted network packets and passes the data to the application, e.g., a Web server software. In addition, cleartext data is also passed to a detection engine for analysis. We present an implementation of TLSS designed for Web servers providing SSL-secured HTTP access and evaluate sensor’s performance.

References

  1. Almgren, M. and Lindqvist, U. (2001). Applicationintegrated data collection for security monitoring. In Recent Advances in Intrusion Detection (RAID 2001) Proceedings, Davis.
  2. Apache Software Foundation, A. (2005a). Apache http server project. http://httpd.apache.org/.
  3. Apache Software Foundation, A. (2005b). Apache jmeter project.
  4. Apostolopoulos, Peris, and Saha (1999). Transport layer security: How much does it really cost? In INFOCOM: The Conference on Computer Communications, joint conference of the IEEE Computer and Communications Societies.
  5. boede + partners integrated marketing (2004). Research - consumer awareness and concerns.
  6. Breach Security Inc., B. (2004). Breach viewl ssl. White Paper.
  7. Daniels, T. and Spafford, E. (1999). Identification of host audit data to detect attacks on low-level ip vulnerabilities. Journal of Computer Security, 7(1):3-35.
  8. Iyengar, A., MacNair, E., and Nguyen, T. (1997). An analysis of web server performance. In Proceedings of GLOBECOM 7897.
  9. OpenSSL Development Team, O. (2005). Openssl project. http://www.openssl.org/.
  10. Ristic, I. (2005). Apache Security. O'Reilly Media, Inc.
  11. Syngress Author Team, S. (2004). Snort 2.1 Intrusion Detection. Syngress Publishing, Rockland.
  12. Trojnara, M. (2004). Stunnel - ssl encryption wrapper. http://stunnel.mirt.net/.
Download


Paper Citation


in Harvard Style

Hamburg D. and Tüchelmann Y. (2006). SECURITY SENSOR PROVIDING ANALYSIS OF ENCRYPTED NETWORK DATA . In Proceedings of WEBIST 2006 - Second International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-972-8865-46-7, pages 172-177. DOI: 10.5220/0001254401720177


in Bibtex Style

@conference{webist06,
author={Daniel Hamburg and York Tüchelmann},
title={SECURITY SENSOR PROVIDING ANALYSIS OF ENCRYPTED NETWORK DATA},
booktitle={Proceedings of WEBIST 2006 - Second International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2006},
pages={172-177},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001254401720177},
isbn={978-972-8865-46-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of WEBIST 2006 - Second International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - SECURITY SENSOR PROVIDING ANALYSIS OF ENCRYPTED NETWORK DATA
SN - 978-972-8865-46-7
AU - Hamburg D.
AU - Tüchelmann Y.
PY - 2006
SP - 172
EP - 177
DO - 10.5220/0001254401720177