I am really pleased to announce that I have decided to try my hand at talking
at conferences again this year and have a new talk ready “Stealthier Attacks
and Smarter Defending with TLS Fingerprinting”. Despite being a talk on TLS
(and SSL) there isn’t any complex crypto or mathematics, this is aimed at
defenders and attackers rather than cryptographers. Here’s the abstract:
Ever been busted because you man in the middle software (which does TLS
properly) alerted someone to your bad certificate? No more! Want to detect
certain types of connections leaving your network, but can’t keep the IP
blacklist up to date? This could be the answer.
This talk includes an introduction to both TLS and man in the middle attacks,
a walkthrough on what TLS fingerprints contain, how to create your own
fingerprints, how we use the fingerprints in several scenarios, a demo, and a
discussion of implications and pitfalls.
TLS provides transport security to all manner of connections from legitimate
financial transactions to private conversations and malware calling home.
The inability to analyse encrypted traffic protects its users, whether they
are legitimate or malicious. This talk explores a technique for quickly and
passively fingerprinting TLS clients and adapting our responses for the
purposes of both attack and defence. Attackers can make automated decisions
concerning when to man in the middle a connection and when to let the clients
pass through silently, remaining stealthy. Defenders can gain insight into
what is making encrypted connections within their networks without access to
either endpoints or cryptographic keying material.