User identification in encrypted network communications

Author

Koch, Robert ; Rodosek, Gabi Dreo

Author_Institution

Inst. fur Tech. Inf. (ITI), Univ. der Bundeswehr, München, Germany

fYear

2010

fDate

25-29 Oct. 2010

Firstpage

246

Lastpage

249

Abstract

Encrypting network traffic is a normal procedure to protect information for exchange. This prevents tapping and manipulation but it also hampers intrusion as well as data leakage and misuse detection. Obtaining knowledge about users of encrypted communications is, however, beneficial in terms of monitoring access, security and accounting reasons. Thus, the objective is to provide evidence of the source of actions, especially to detect insiders and illegal connections, without the necessity of decrypting the network traffic. We propose a novel architecture to identify users of encrypted traffic in a network environment of a company. It is based on statistical evaluation of monitored network packets. The proposed approach utilizes and combines two main aspects, the mode of operation of remote sessions and the keystroke dynamics of users. Aspects such as capturing and clustering network traffic, generating user profiles and patterns, and statistical analysis are part of the architecture.

Keywords

cryptography; statistical analysis; telecommunication traffic; encrypted network communication; encrypted traffic; keystroke dynamics; monitored network packet; network environment; network traffic clustering; network traffic encryption; statistical analysis; statistical evaluation; user identification; user profiles; Correlation; Cryptography; Delay; Intrusion detection; Protocols; Servers;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and Service Management (CNSM), 2010 International Conference on

Conference_Location

Niagara Falls, ON

Print_ISBN

978-1-4244-8910-7

Electronic_ISBN

978-1-4244-8908-4

Type

conf

DOI

10.1109/CNSM.2010.5691292

Filename

5691292