CERN Computing Seminar

Identifying Application Usage within Encrypted Tunnels

by Brandon Niemczyk (HP TippingPoint DVLabs)

Europe/Zurich
31/S-023 (CERN)

31/S-023

CERN

22
Show room on map
Description

Encryption is the single most used technology to guarantee privacy because it is effective, secure, and easy to use. But what is really hidden? The answer may surprise you. While the privacy invasion aspects of machine learning and data mining have huge awareness in respect to marketing and social media data, the usage of machine learning and it’s effects on current techniques to hide data such as encryption is relatively unexplored in comparison.

Recently we wrote an open-source tool called Pacumen that is used to analyze encrypted traffic and infer information about it without decryption. The type of information it can extract is “what application’s are being used over this tunnel?” and in some cases “what websites are being accessed?”. Essentially it is a framework for answering yes/no questions about network traffic that doesn't require looking at the content of the traffic.

We will discuss the various security aspects of what you can expect from encryption, and more importantly what you can not expect.

About the speaker

Brandon Niemczyk was born in Chicago. He has been writing code since he was a child with his first 386 modifying the QBASIC game gorillas.bas. He later moved on to write GIS software in Orlando, FL and then wandered into information security after a brief stint writing accounting software. His interests are machine learning, mathematics, motorcycles, games, reverse engineering, and family. Brandon has previously spoken at multiple conferences on machine learning and information security.


Organised by: Miguel Angel Marquina
Computing Seminars /IT Department

more information
Slides