Skip to main content
SpringerLink
Log in

Indistinguishability of Traffic by Open TLS Parameters with Encrypted ClientHello

  • DATA TRANSMISSION IN COMPUTER NETWORKS
  • Published:
Journal of Communications Technology and Electronics Aims and scope Submit manuscript

Abstract

Traffic Classification (TC) is a key part of many network frameworks that provide Quality of Service (QoS) for traffic. Encrypted TC algorithms often use the Server Name Indication (SNI) field, which indicates the domain name of the server to which the client establishes a connection, and which is a clear marker of the traffic category. However, the new Encrypted ClientHello (ECH) extension, which supplements the TLS 1.3 protocol significantly complicates TC because most of the messages of the TLS handshake become encrypted, including SNI. With ECH, the accuracy of TC algorithms that use open TLS parameters significantly degrades. This paper studies the indistinguishability of the encrypted traffic considering the remaining open TLS parameters.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.

REFERENCES

  1. M. Liubogoshchev, D. Zudin, A. Krasilov, A. Krotov, and E. Khorov, “DeSlice: An architecture for QoEAware and isolated RAN slicing,” Sensors 23, 4351 (2023). https://doi.org/10.3390/s23094351

    Article  Google Scholar 

  2. I. F. Akyildiz, E. Khorov, A. Kiryanov, D. Kovkov, A. Krasilov, M. Liubogoshchev, D. Shmelkin, and S. Tang, “XStream: A new platform enabling communication between applications and and the 5G network,” in Proc. 2018 IEEE Globecom Workshops (GC Wkshps), Abu Dhabi, United Arab Emirates, IEEE, 2018 (IEEE, New York, 2018), pp. 1–6, https://doi.org/10.1109/GLOCOMW.2018.8644183

  3. I. F. Akyildiz, A. Kak, E. Khorov, A. Krasilov, and A. Kureev, “ARBAT: A flexible network architecture for QoE-aware communications in 5G systems,” Comp. Networks. 147, 262–279 (2018). https://doi.org/10.1016/j.comnet.2018.10.016

    Article  Google Scholar 

  4. F. Li, A. Razaghpanah, A. M. Kakhki, A. A. Niaki, D. Choffnes, P. Gill, and A. Mislove, “liberate,(n) a library for exposing (traffic-classification) rules and avoiding them efficiently,” in Proc. 2017 Internet Measurement Conf., 2017, pp. 128–141. https://doi.org/10.1145/3131365.3131376

  5. X. Wang, S. Chen, and J. Su, “Real network traffic collection and deep learning for mobile app Identification,” Wireless Commun. and Mobile Comput. (Hindawi) 2020 (2020). https://doi.org/10.1155/2020/4707909

  6. M. Uddin and T. Nadeem, “TrafficVision: A case for pushing software defined networks to wireless edges,” in Proc. 2016 IEEE 13th Int. Conf. on Mobile Ad Hoc and Sensor Systems (MASS), 2016 (IEEE, New York, 2016), pp. 37–46.

  7. D. Shamsimukhametov, M. Liubogoshchev, E. Khorov, and I. F. Akyldiz, “Are neural networks the best way for encrypted traffic classification?”, in Proc. 2021 Int. Conf. Engineering and Telecommun. (En&T), IEEE, 2021 (IEEE, New York, 2021), pp. 1–5. https://doi.org/10.1109/EnT50460.2021.9681767

  8. W. Shbair, T. Cholez, J. Francois, and I. Chrisment, “Early Identification of Services in HTTPS Traffic,” ArXiv, Preprint arXiv:2008.08350, (2020).

  9. E. Rescorla, K. Oku, N. Sullivan, and C. A. Wood, “TLS Encrypted Client Hello,” (IETF, draft-ietf-tlsesni-16, Internet-Draft, Apr. 6, 2023). https://datatracker.ietf.org/doc/draft-ietf-tls-esni/16/.

  10. E. Rescorla, The Transport Layer Security (TLS) Protocol, Version 1.3, RFC Editor, RFC 8446, Request for Comments, Aug. 2018, ISSN 2070-1721, Standards Track

  11. D. Shamsimukhametov, A. Kurapov, M. Liubogo-shchev, and E. Khorov, “Is encrypted clientHello a challenge for traffic classification?,” IEEE Access 10 (2022). https://doi.org/10.1109/ACCESS.2022.3191431

  12. HTTParchive, [Online]. Available: https://httparchive.org/reports/state-of-the-web\#pctHttps. Accessed on 15/04/2023.

  13. D. Eastlake, Transport Layer Security (TLS) Extensions: Extension Definitions, Internet Requests for Comments, RFC 6066, (Jan. 2011). [Online]. Available: http://www.rfc-editor.org/rfc/rfc6066.txt. Accessed on 24/04/2023)

  14. Z. Chai, A. Ghafari, and A. Houmansadr, On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention, in FOCI USENIX Security Symposium (2019).

  15. Z. Tsiatsikas, G. Karopoulos, and G. Kambourakis, “Measuring the adoption of TLS encrypted client hello extension and its forebear in the wild,” in ESORICS 2022 (Springer, 2023), pp. 177–190.

    Google Scholar 

  16. J. Cheng, Y. Wu, E. Yuepeng, J. You, T. Li, H. Li, and J. Ge, “MATEC: A lightweight neural network for online encrypted traffic classification,” Computer Networks (Elsevier) 199 (2021). https://doi.org/10.1016/j.comnet.2021.108472

  17. X. Liu, J. You, Y. Wu, T. Li, L. Li, Z. Zhang, and J. Ge, “Attention-based bidirectional GRU networks for efficient HTTPS traffic classification,” Inf. Sci. (Elsevier) 541 (2020). https://doi.org/10.1016/j.ins.2020.05.035

  18. S. Frolov and E. Wustrow, “The use of TLS in Censorship Circumvention,” NDSS (2019).

    Book  Google Scholar 

  19. M. Husak, M. Cermak, T. Jirsik, and P. Celeda, “HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting,” EURASIP J. on Information Security (2016).

    Book  Google Scholar 

  20. B. Anderson and D. McGrew, “OS fingerprinting: New techniques and a study of information gain and obfuscation,” in Proc. 2017 IEEE Conf. on Communications and Network Security (CNS) (IEEE, New York, 2017).

  21. S. Sharma, S. Sharma, and A. Athaiya, “Activation functions in neural networks,” Towards Data Sci. 6 (12), 310–316 (2017).

    Google Scholar 

  22. “Alexa 1M, top visited webcites,” [Online]. Available: http://s3.amazonaws.com/alexa-static/top-1m.csv.zip. Accessed on 15/02/2023.

Download references

Funding

The work supported by the Russian Science Foundation, project no. 21-79-10431, https://rscf.ru/project/21-79-10431/.

Author information

Authors and Affiliations

  1. Kharkevich Institute for Information Transmission Problems, Russian Academy of Sciences, 127051, Moscow, Russia

    D. R. Shamsimukhametov, A. A. Kurapov, M. V. Liubogoshchev & E. M. Khorov

  2. Moscow Institute of Physics and Technology, 141701, Dolgoprudny, Moscow oblast, Russia

    D. R. Shamsimukhametov, A. A. Kurapov & M. V. Liubogoshchev

Authors
  1. D. R. Shamsimukhametov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. A. Kurapov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. V. Liubogoshchev
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. E. M. Khorov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to D. R. Shamsimukhametov.

Ethics declarations

The authors of this work declare that they have no conflicts of interest.

Additional information

Translated by N. Petrov

Publisher’s Note.

Pleiades Publishing remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shamsimukhametov, D.R., Kurapov, A.A., Liubogoshchev, M.V. et al. Indistinguishability of Traffic by Open TLS Parameters with Encrypted ClientHello. J. Commun. Technol. Electron. 68, 1523–1529 (2023). https://doi.org/10.1134/S1064226923120173

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1134/S1064226923120173

Keywords:

Search

Navigation