Recent work has shown that properties of network traffic that remain observable after encryption, namely packet sizes and timing, can reveal surprising information about the traffic’s contents (e.g., the language of a VoIP call [29], passwords in secure shell logins [20], or even web browsing habits [21, 14]). While there are some legitimate uses for encrypted traffic analysis, these techniques...

Several fundamental security mechanisms for restricting access to network resources rely on the ability of a reference monitor to inspect the contents of traffic as it traverses the network. However, with the increasing popularity of cryptographic protocols, the traditional means of inspecting packet contents to enforce security policies is no longer a viable approach as message contents are co...

With the commercialization of fifth-generation (5G), rapid popularity mobile Over-The-Top (OTT) voice applications brings huge impacts on traditional telecommunication call services. Tunnel encryption technology such as Virtual Private Networks (VPNs) allow OTT users to escape supervision network operators easily, which may cause potential security risks cyberspace. To monitor harmful in contex...

Nowadays, the Security Information and Event Management (SIEM) systems take on great relevance in handling security issues for critical infrastructures as Internet Service Providers. Basically, a SIEM has two main functions: i) the collection and the aggregation of log data and security information from disparate network devices (routers, firewalls, intrusion detection systems, ad hoc probes an...

APCO Project 25 (“P25”) is a suite of wireless communications protocols used in the US and elsewhere for public safety two-way (voice) radio systems. The protocols include security options in which voice and data traffic can be cryptographically protected from eavesdropping. This paper analyzes the security of P25 systems against both passive and active adversaries. We found a number of protoco...

Recently, a number of obfuscation systems have been developed to aid in censorship circumvention scenarios where encrypted network traffic is filtered. In this paper, we present Marionette, the first programmable network traffic obfuscation system capable of simultaneously controlling encrypted traffic features at a variety of levels, including ciphertext formats, stateful protocol semantics, a...

Cloud computing enables the organizations to outsource their data by providing a service model called infrastructure as a service (IaaS). In a public cloud the infrastructure is owned and managed by a cloud service provider and is located in the provider’s control. To protect the privacy of sensitive data, documents have to be encrypted before outsourcing. When the number of encrypted documents...

The adoption of network traffic encryption is continually growing. Popular applications use protocols to secure communications and protect the privacy users. In addition, a large portion malware spread through taking advantage hide its presence activity. Entering into era completely encrypted over Internet, we must rapidly start reviewing state-of-the-art in wide domain analysis inspection, con...