References

tuzsut

Труды учебных заведений связи

Proceedings of Telecommunication Universities

1813-324X2712-8830

СПбГУТ

10.31854/1813-324X-2022-8-4-109-118

tuzsut-422

Research Article

РЕЗУЛЬТАТЫ ИССЛЕДОВАНИЙ МОЛОДЫХ УЧЕНЫХ

RESEARCH RESULTS BY YOUNG SCIENTISTS

Способ и алгоритм определения типа трафика в шифрованном канале связи

Method and Algorithm for Determining the Type of Traffic in an Encrypted Communication Channel

https://orcid.org/0000-0002-4006-3693

Ишкуватов

С. М.

Ishkuvatov

Ишкуватов Сергей Маратович, аспирант факультета безопасности информационных технологий

Санкт-Петербург, 197101

Sergei Ishkuvatov

St. Petersburg, 197101

sysroot0@gmail.com

Национальный исследовательский университет ИТМОРоссияITMO UniversityRussian Federation

2022

10012023

84109118

2023

Ишкуватов С.М.

Ishkuvatov S.

This work is licensed under a Creative Commons Attribution 4.0 License.

https://tuzs.sut.ru/jour/article/view/422

В статье предложен способ определения состава протоколов, применяемых в IPsec-канале связи, на основе закономерностей хронологии следования и длин пакетов с шифрованной нагрузкой. Рассмотрены характерные информативные признаки протоколов. Приведен алгоритм, позволяющий получить значения длин ESP-пакетов, содержащих произвольные пользовательские данные, для распространенных режимов работы IPsec-туннеля.

The article proposes a method for determining the composition of protocols used in IPsec communication channel, based on the regularities of the chronology and the lengths of encrypted load packets. The characteristic informative features of the protocols are considered. An algorithm is given to obtain the length values of ESP packets containing arbitrary user data for common modes of IPsec tunnel operation.

шифрованиепассивный наблюдательVirtual Private NetworkIPsec-туннель

encryptionpassive observerVirtual Private NetworkIPsec tunnel

References1

Rasteh A., Delpech F., Aguilar-Melchor C., Zimmer R., Shouraki S.B., Masquelier T. Encrypted Internet Traffic Classification Using a Supervised Spiking Neural Network // arXiv preprint arXiv:2101.09818. 2022. URL: https://arxiv.org/pdf/2101.09818 (дата обращения 07.01.2022).

Rasteh A., Delpech F., Aguilar-Melchor C., Zimmer R., Shouraki S.B., Masquelier T. Encrypted Internet Traffic Classification Using a Supervised Spiking Neural Network. arXiv preprint arXiv:2101.09818. 2022. URL: https://arxiv.org/pdf/2101.09818 [Accessed 07.01.2022]

Gupta N., Jindal V., Bedi P. Encrypted Traffic Classification Using eXtreme Gradient Boosting Algorithm // Proceedings of the International Conference on Innovative Computing and Communications (ICICC 2021, Delhi, India, February 2021). Advances in Intelligent Systems and Computing (AISC). Vol. 1394. Singapore: Springer, 2022. PP. 225‒232. DOI:10.1007/978-981-16-3071-2_20

Gupta N., Jindal V., Bedi P. Encrypted Traffic Classification Using eXtreme Gradient Boosting Algorithm. Proceedings of the International Conference on Innovative Computing and Communications, ICICC 2021, February 2021, Delhi, India. Advances in Intelligent Systems and Computing (AISC). Singapore: Springer; 2022. vol.1394. p.225‒232. DOI:10.1007/978-981-16-3071-2_20

Draper-Gil G., Lashkari A.H., Mamun M., Ghorbani A. Characterization of Encrypted and VPN Traffic Using Time-Related // Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP, Rome, Italy, 19‒21 February 2016). 2016. PP. 407‒414. DOI:10.5220/0005740704070414

Draper-Gil G., Lashkari A.H., Mamun M., Ghorbani A. Characterization of Encrypted and VPN Traffic Using Time-Related. Proceedings of the 2nd International Conference on Information Systems Security and Privacy, ICISSP, 19‒21 February 2016, Rome, Italy. 2016. p.407‒414. DOI:10.5220/0005740704070414

Islam F.U., Liu G., Liu W. Identifying VoIP traffic in VPN tunnel via Flow Spatio-Temporal Features // Mathematical Biosciences and Engineering. 2020. Vol. 17. Iss. 5. PP. 4747‒4772. DOI:10.3934/mbe.2020260

Islam F.U., Liu G., Liu W. Identifying VoIP traffic in VPN tunnel via Flow Spatio-Temporal Features. Mathematical Biosciences and Engineering. 2020;17(5):4747‒4772. DOI:10.3934/mbe.2020260

Kent S., Seo K. Security Architecture for the Internet Protocol. No. rfc4301. 2005.

Atkinson R. IP Encapsulating Security Payload (ESP). No. rfc1827. 1995.

Xenakis C., Laoutaris N., Merakos L., Stavrakakis I. A generic characterization of the overheads imposed by IPsec and associated cryptographic algorithms // Computer Networks. 2006. Vol. 50. Iss. 17. PP. 3225‒3241. DOI:10.1016/j.comnet.2005.12.005

Xenakis C., Laoutaris N., Merakos L., Stavrakakis I. A generic characterization of the overheads imposed by IPsec and associated cryptographic algorithms. Computer Networks. 2006;50(17):3225‒3241. DOI:10.1016/j.comnet.2005.12.005

Дмитренко А. Изучаем и выявляем уязвимости протокола IPsec // Хакер. 2015 URL: https://xakep.ru/2015/05/13/ipsec-security-flaws (дата обращения 06.04.2022)

Dmitrenko A. Studying and identifying IPsec protocol vulnerabilities. Khaker. 2015. (in Russ.) URL: https://xakep.ru/2015/05/13/ipsec-security-flaws [Accessed 06th April 2022]

Akhter A. IPSec Packet Size Calculator // Cisco Community. URL: https://community.cisco.com/legacyfs/online/legacy/4/8/7/27784-IPSec_Calculator_NAT_GRE-Key.htm (дата обращения 24.01.2022)

Akhter A. IPSec Packet Size Calculator. Cisco Community. URL: https://community.cisco.com/legacyfs/online/legacy/4/8/7/27784-IPSec_Calculator_NAT_GRE-Key.htm [Accessed 24th January 2022]

encapcalc // GitHub. URL: http://github.com/dmbaturin/encapcalc (дата обращения 09.06.2022)

GitHub. encapcalc. URL: http://github.com/dmbaturin/encapcalc [Accessed 09th June 2022]

Pérez J.A., Cabrera V.Z.C., Jenecek J. Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic // Advanced Int’l Conference on Telecommunications and Int’l Conference on Internet and Web Applications and Services (AICT-ICIW’06, Guadelope, French Caribbean, 19‒25 February 2006). 2006. URL: https://www.its.bldrdoc.gov/media/33388/per_j_slides1.pdf [Accessed 16th January 2022]

Pérez J.A., Cabrera V.Z.C., Jenecek J. Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. Advanced Int’l Conference on Telecommunications and Int’l Conference on Internet and Web Applications and Services AICT-ICIW’06, 19‒25 February 2006, Guadelope, French Caribbean. 2006. URL: https://www.its.bldrdoc.gov/media/33388/per_j_slides1.pdf [Accessed 16th January 2022]

Ишкуватов С.М., Комаров И.И. Анализ аутентичности трафика на основании данных цифровых отпечатков реализаций сетевых протоколов // Научно-технический вестник информационных технологий, механики и оптики. 2020. Т. 20. № 5. С. 747‒754. DOI:10.17586/2226-1494-2020-20-5-747-754

Ishkuvatov S.M., Komarov I.I. Traffic Authenticity Analysis Based on Digital fingerprint Data of Network Protocol Implementations. Scientific and Technical Journal of Information Technologies, Mechanics and Optics. 2020;20(5):747‒754. DOI:10.17586/2226-1494-2020-20-5-747-754

Lapczyk L., Skillicorn D.B. Activity Detection from Encrypted Remote Desktop Protocol Traffic // arXiv preprint arXiv:2008.02685. 2020. DOI:10.48550/arXiv.2008.02685

Lapczyk L., Skillicorn D.B. Activity Detection from Encrypted Remote Desktop Protocol Traffic. arXiv preprint arXiv:2008.02685. 2020. DOI:10.48550/arXiv.2008.02685

Urdaneta G., Pierre G., Steen M.V. A survey of DHT security techniques // ACM Computing Surveys. 2011. Vol. 43. Iss. 2. PP. 1‒49. DOI:10.1145/1883612.1883615

Urdaneta G., Pierre G., Steen M.V. A survey of DHT security techniques. ACM Computing Surveys. 2011;43(2):1‒49. DOI:10.1145/1883612.1883615

Kiraly C., Teofili S., Bianchi G., Cigno R.L., Nardelli M., Delzeri E. Traffic Flow Confidentiality in IPsec: Protocol and Implementation // Proceedings of the 3rd IFIP WG 9.2, 9.6/11.6, 11.7/FIDIS International Summer School on the Future of Identity in the Information Society (Karlstad University, Sweden, 4‒10 August 2007). The International Federation for Information Processing. Vol. 262. Boston: Springer, 2007. PP. 311‒324. DOI:10.1007/978-0-387-79026-8_22

Kiraly C., Teofili S., Bianchi G., Cigno R.L., Nardelli M., Delzeri E. Traffic Flow Confidentiality in IPsec: Protocol and Implementation. Proceedings of the 3rd IFIP WG 9.2, 9.6/11.6, 11.7/FIDIS International Summer School on the Future of Identity in the Information Society, 4‒10 August 2007, Karlstad University, Sweden. The International Federation for Information Processing. vol. 262. Boston: Springer; 2007. p.311‒324. DOI:10.1007/978-0-387-79026-8_22

The authors declare that there are no conflicts of interest present.