Title page for ETD etd-06092005-093203

Document Type Master's Dissertation
Author Izadinia, Vafa Dario
Email vafa@cs.up.ac.za
URN etd-06092005-093203
Document Title Fingerprinting Encrypted Tunnel Endpoints
Degree MSc (Computer Science)
Department Computer Science
Advisor Name Title
Prof J H P Eloff Co-Supervisor
Prof D G Kourie Supervisor
  • fingerprinting
  • network forensics
  • protocol analysis
  • IPSec
  • IKE
Date 2005-02-21
Availability unrestricted
Operating System fingerprinting is a reconnaissance method used by Whitehats

and Blackhats alike. Current techniques for fingerprinting do not take

into account tunneling protocols, such as IPSec, SSL/TLS, and SSH, which

effectively `wrap` network traffic in a ciphertext mantle, thus potentially

rendering passive monitoring ineffectual. Whether encryption makes VPN

tunnel endpoints immune to fingerprinting, or yields the encrypted contents

of the VPN tunnel entirely indistinguishable, is a topic that has received

modest coverage in academic literature. This study addresses these question

by targeting two tunnelling protocols: IPSec and SSL/TLS. A new fingerprinting

methodology is presented, several fingerprinting discriminants are

identified, and test results are set forth, showing that endpoint identities can

be uncovered, and that some of the contents of encrypted VPN tunnels can

in fact be discerned.

  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  00dissertation.pdf 4.61 Mb 00:21:19 00:10:57 00:09:35 00:04:47 00:00:24

Browse All Available ETDs by ( Author | Department )

If you have more questions or technical problems, please Contact UPeTD.