Fingerprinting encrypted tunnel endpoints

by Izadinia, Vafa dario.

Abstract (Summary)
Operating System fingerprinting is a reconnaissance method used by Whitehats and Blackhats alike. Current techniques for fingerprinting do not take into account tunneling protocols, such as IPSec, SSL/TLS, and SSH, which effectively `wrap` network traffic in a ciphertext mantle, thus potentially rendering passive monitoring ineffectual. Whether encryption makes VPN tunnel endpoints immune to fingerprinting, or yields the encrypted contents of the VPN tunnel entirely indistinguishable, is a topic that has received modest coverage in academic literature. This study addresses these question by targeting two tunnelling protocols: IPSec and SSL/TLS. A new fingerprinting methodology is presented, several fingerprinting discriminants are identified, and test results are set forth, showing that endpoint identities can be uncovered, and that some of the contents of encrypted VPN tunnels can in fact be discerned.
Bibliographical Information:


School:University of Pretoria/Universiteit van Pretoria

School Location:South Africa

Source Type:Master's Thesis

Keywords:data encryption computer science operating systems computers


Date of Publication:01/01/2005

© 2009 All Rights Reserved.