Fingerprinting Schemes against a Post-Quantum Cryptography IPsec/IKEv2 Encryption Appliance

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2022-08-22
Department
Major/Subject
Security and Cloud Computing
Mcode
SCI3113
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Language
en
Pages
56 + 3
Series
Abstract
Cryptographic protocols secure data transmission over an untrusted network. Although the encryption mechanisms ensure confidentiality of the data, the encrypted network traffic is prone to traffic analysis attacks. The aim of this thesis is to determine the attack vectors of a post-quantum safe IPsec/IKEv2 encryption appliance called NQX, that acts as a Virtual Private Network (VPN) device. We study the characteristics of encrypted data packets, such as packet length and timestamp and use them in fingerprinting methods to extract valuable information about the applications used at communication endpoints. Existing works on fingerprinting encrypted network traffic have tested different encryption appliances using different protocols, whereas in this thesis we have, for the first time, analyzed the fingerprinting schemes against NQX, which uses post-quantum cryptographic algorithms. Results from our experiments, such as fingerprinting of websites, browsers, SSH connection establishment and file transfers, show that the fingerprints in the form of graphs are unique for every application. We further evaluate the fingerprints using various statistical analyses such as cross-correlation, mean squared error and compression analysis to classify which website was accessed or which browser was used. Finally, we discuss some traffic flow confidentiality mechanisms to overcome traffic analysis attacks.
Description
Supervisor
Brzuska, Chris
Thesis advisor
Karanko, Pihla
Dushku, Edlira
Keywords
traffic analysis, fingerprinting, virtual private networks, encryption, confidentiality, data analysis
Other note
Citation