| description |
<i>Kevin P. Dyer presents:</i><br><b>P0wning DPI with Format-Transforming Encryption </b>
<br>
Deep packet inspection (DPI) technologies provide much-needed visibility and control of network traffic using port-
independent protocol identification (PIPI), where a network flow is labeled with its application-layer protocol based on packet contents.
In many cases PIPI can be used for good. As one example, it allows network administrators to elevate priority of time-sensitive (e.g.,
VoIP) data streams. In other cases PIPI can be used for harm, nation-states employ PIPI to block censorship circumvention tools such
as Tor. There are many ways to perform PIPI, however, at the core of nearly all modern PIPI systems are regular expressions --- an
expressive tool to compactly specify sets of strings.
In this talk, Kevin reviews the state-of-the-art research on the capabilities of state-level DPI, then presents a novel cryptographic
primitive called format-transforming encryption (FTE.) An FTE scheme, intuitively, extends conventional symmetric encryption with the
ability to transform the ciphertext into a user-defined format using regular expressions. An FTE-based record layer will be presented
that can encrypt arbitrary TCP traffic and coerce modern DPI systems into misclassifying any data stream as a target protocol (e.g.,
HTTP, SMB, RSTP, etc.) of the user's choosing. What's more, this work is not only theoretical in nature --- an open-source FTE
prototype is publicly available and has had success in subverting modern DPI systems, including the Great Firewall of China.
<hr><b>Kevin P. Dyer</b> is a PhD student at Portland State University. His research focuses on building protocols that are resistant
to traffic-analysis attacks and discriminatory routing policies.. Previously, Kevin worked as a software engineer in telecommunications
security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal
Holloway, University of London, and a BS in Computer Science and Mathematics from Santa Clara University.
<hr>
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:
https://lists.owasp.org/mailman/listinfo/owasp-portland
Meetings are free and open to the public. |
→ |
<i>Kevin P. Dyer presents:</i><br><b>P0wning DPI with Format-Transforming Encryption </b>
<br>
Deep packet inspection (DPI) technologies provide much-needed visibility and control of network traffic using port-
independent protocol identification (PIPI), where a network flow is labeled with its application-layer protocol based on packet contents.
In many cases PIPI can be used for good. As one example, it allows network administrators to elevate priority of time-sensitive (e.g.,
VoIP) data streams. In other cases PIPI can be used for harm, nation-states employ PIPI to block censorship circumvention tools such
as Tor. There are many ways to perform PIPI, however, at the core of nearly all modern PIPI systems are regular expressions --- an
expressive tool to compactly specify sets of strings.
In this talk, Kevin reviews the state-of-the-art research on the capabilities of state-level DPI, then presents a novel cryptographic
primitive called format-transforming encryption (FTE.) An FTE scheme, intuitively, extends conventional symmetric encryption with the
ability to transform the ciphertext into a user-defined format using regular expressions. An FTE-based record layer will be presented
that can encrypt arbitrary TCP traffic and coerce modern DPI systems into misclassifying any data stream as a target protocol (e.g.,
HTTP, SMB, RSTP, etc.) of the user's choosing. What's more, this work is not only theoretical in nature --- an open-source FTE
prototype is publicly available and has had success in subverting modern DPI systems, including the Great Firewall of China.
<hr><b>Kevin P. Dyer</b> is a PhD student at Portland State University. His research focuses on building protocols that are resistant to traffic-analysis attacks and discriminatory routing policies.. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science and Mathematics from Santa Clara University.
<hr>
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:
https://lists.owasp.org/mailman/listinfo/owasp-portland
Meetings are free and open to the public. |