[SEMINAR] august 05, 2022 – Danil Shamsimukhametov – How Encrypted ClientHello challenges Traffic Classification
We are happy to invite you to the next talk of Moscow Telecommunication Seminar which will be held at 17.00 (MSK, UTC+03:00), on Friday, August 5, 2022, in Skype. Click here to show the seminar start time in your timezone.
Title: How Encrypted ClientHello Challenges Traffic Classification
Speaker: Danil Shamsimukhametov, IITP RAS, MIPT
Abstract: Although the widely-used Transport Layer Security (TLS) protocol hides application data, an unencrypted part of the TLS handshake, specifically the server name indication (SNI), is a backdoor for encrypted traffic classification frameworks. The recently developed Encrypted ClientHello (ECH) amendment to the TLS protocol aims to protect the privacy-sensitive content of the ClientHello message, including SNI. Conversely, ECH can be a game-changer in the early detection of encrypted traffic. This work shows that the performance of the state-of-the-art traffic classification algorithms degrades significantly with the introduction of the ECH. Hence, novel approaches to real-time traffic classification are required. We develop two novel traffic classification algorithms to address this challenge. The first one uses unencrypted bytes of the TLS Hello messages as independent features of the Random Forest algorithm. It is extremely lightweight and suits throughput-focused traffic classification. It is faster than state-of-the-art algorithms by three times and achieves higher classification quality. The second algorithm augments the approach of the first one by focusing on the particular metadata of the handshake. This way, it efficiently extracts data from the exchange and achieves the highest classification quality in all the considered scenarios. It has a three times lower error rate than state-of-the-art algorithms and provides a reliable classification of ECH traffic.
Bio:Danil Shamsimukhametov received his B.S. and M.S. degrees in applied mathematics and physics from Moscow Institute of Physics and Technology, Moscow, Russia, in 2020 and 2022, respectively. He is a researcher at Wireless Networks Lab (Kharkevich Institute for Information Transmission, Russian Academy of Sciences) since 2018. His research interests are Machine Learning applications in wireless systems and Traffic Classification. He participates in national projects and does research within the framework of joint research projects with the leading telecommunication companies.