Abstract
Traffic Classification (TC) is a key part of many network frameworks that provide Quality of Service (QoS) for traffic. Encrypted TC algorithms often use the Server Name Indication (SNI) field, which indicates the domain name of the server to which the client establishes a connection, and which is a clear marker of the traffic category. However, the new Encrypted ClientHello (ECH) extension, which supplements the TLS 1.3 protocol significantly complicates TC because most of the messages of the TLS handshake become encrypted, including SNI. With ECH, the accuracy of TC algorithms that use open TLS parameters significantly degrades. This paper studies the indistinguishability of the encrypted traffic considering the remaining open TLS parameters.
REFERENCES
M. Liubogoshchev, D. Zudin, A. Krasilov, A. Krotov, and E. Khorov, “DeSlice: An architecture for QoEAware and isolated RAN slicing,” Sensors 23, 4351 (2023). https://doi.org/10.3390/s23094351
I. F. Akyildiz, E. Khorov, A. Kiryanov, D. Kovkov, A. Krasilov, M. Liubogoshchev, D. Shmelkin, and S. Tang, “XStream: A new platform enabling communication between applications and and the 5G network,” in Proc. 2018 IEEE Globecom Workshops (GC Wkshps), Abu Dhabi, United Arab Emirates, IEEE, 2018 (IEEE, New York, 2018), pp. 1–6, https://doi.org/10.1109/GLOCOMW.2018.8644183
I. F. Akyildiz, A. Kak, E. Khorov, A. Krasilov, and A. Kureev, “ARBAT: A flexible network architecture for QoE-aware communications in 5G systems,” Comp. Networks. 147, 262–279 (2018). https://doi.org/10.1016/j.comnet.2018.10.016
F. Li, A. Razaghpanah, A. M. Kakhki, A. A. Niaki, D. Choffnes, P. Gill, and A. Mislove, “liberate,(n) a library for exposing (traffic-classification) rules and avoiding them efficiently,” in Proc. 2017 Internet Measurement Conf., 2017, pp. 128–141. https://doi.org/10.1145/3131365.3131376
X. Wang, S. Chen, and J. Su, “Real network traffic collection and deep learning for mobile app Identification,” Wireless Commun. and Mobile Comput. (Hindawi) 2020 (2020). https://doi.org/10.1155/2020/4707909
M. Uddin and T. Nadeem, “TrafficVision: A case for pushing software defined networks to wireless edges,” in Proc. 2016 IEEE 13th Int. Conf. on Mobile Ad Hoc and Sensor Systems (MASS), 2016 (IEEE, New York, 2016), pp. 37–46.
D. Shamsimukhametov, M. Liubogoshchev, E. Khorov, and I. F. Akyldiz, “Are neural networks the best way for encrypted traffic classification?”, in Proc. 2021 Int. Conf. Engineering and Telecommun. (En&T), IEEE, 2021 (IEEE, New York, 2021), pp. 1–5. https://doi.org/10.1109/EnT50460.2021.9681767
W. Shbair, T. Cholez, J. Francois, and I. Chrisment, “Early Identification of Services in HTTPS Traffic,” ArXiv, Preprint arXiv:2008.08350, (2020).
E. Rescorla, K. Oku, N. Sullivan, and C. A. Wood, “TLS Encrypted Client Hello,” (IETF, draft-ietf-tlsesni-16, Internet-Draft, Apr. 6, 2023). https://datatracker.ietf.org/doc/draft-ietf-tls-esni/16/.
E. Rescorla, The Transport Layer Security (TLS) Protocol, Version 1.3, RFC Editor, RFC 8446, Request for Comments, Aug. 2018, ISSN 2070-1721, Standards Track
D. Shamsimukhametov, A. Kurapov, M. Liubogo-shchev, and E. Khorov, “Is encrypted clientHello a challenge for traffic classification?,” IEEE Access 10 (2022). https://doi.org/10.1109/ACCESS.2022.3191431
HTTParchive, [Online]. Available: https://httparchive.org/reports/state-of-the-web\#pctHttps. Accessed on 15/04/2023.
D. Eastlake, Transport Layer Security (TLS) Extensions: Extension Definitions, Internet Requests for Comments, RFC 6066, (Jan. 2011). [Online]. Available: http://www.rfc-editor.org/rfc/rfc6066.txt. Accessed on 24/04/2023)
Z. Chai, A. Ghafari, and A. Houmansadr, On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention, in FOCI USENIX Security Symposium (2019).
Z. Tsiatsikas, G. Karopoulos, and G. Kambourakis, “Measuring the adoption of TLS encrypted client hello extension and its forebear in the wild,” in ESORICS 2022 (Springer, 2023), pp. 177–190.
J. Cheng, Y. Wu, E. Yuepeng, J. You, T. Li, H. Li, and J. Ge, “MATEC: A lightweight neural network for online encrypted traffic classification,” Computer Networks (Elsevier) 199 (2021). https://doi.org/10.1016/j.comnet.2021.108472
X. Liu, J. You, Y. Wu, T. Li, L. Li, Z. Zhang, and J. Ge, “Attention-based bidirectional GRU networks for efficient HTTPS traffic classification,” Inf. Sci. (Elsevier) 541 (2020). https://doi.org/10.1016/j.ins.2020.05.035
S. Frolov and E. Wustrow, “The use of TLS in Censorship Circumvention,” NDSS (2019).
M. Husak, M. Cermak, T. Jirsik, and P. Celeda, “HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting,” EURASIP J. on Information Security (2016).
B. Anderson and D. McGrew, “OS fingerprinting: New techniques and a study of information gain and obfuscation,” in Proc. 2017 IEEE Conf. on Communications and Network Security (CNS) (IEEE, New York, 2017).
S. Sharma, S. Sharma, and A. Athaiya, “Activation functions in neural networks,” Towards Data Sci. 6 (12), 310–316 (2017).
“Alexa 1M, top visited webcites,” [Online]. Available: http://s3.amazonaws.com/alexa-static/top-1m.csv.zip. Accessed on 15/02/2023.
Funding
The work supported by the Russian Science Foundation, project no. 21-79-10431, https://rscf.ru/project/21-79-10431/.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The authors of this work declare that they have no conflicts of interest.
Additional information
Translated by N. Petrov
Publisher’s Note.
Pleiades Publishing remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Shamsimukhametov, D.R., Kurapov, A.A., Liubogoshchev, M.V. et al. Indistinguishability of Traffic by Open TLS Parameters with Encrypted ClientHello. J. Commun. Technol. Electron. 68, 1523–1529 (2023). https://doi.org/10.1134/S1064226923120173
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1134/S1064226923120173