Uncovering identities: a study into VPN tunnel fingerprinting

Show simple item record

dc.contributor.author Izadinia, Vafa Dario
dc.contributor.author Kourie, Derrick G.
dc.contributor.author Eloff, Jan H.P.
dc.date.accessioned 2007-02-15T15:06:54Z
dc.date.available 2007-02-15T15:06:54Z
dc.date.issued 2006
dc.description.abstract Operating System fingerprinting is a reconnaissance method which can be used by attackers or forensic investigators. It identifies a system's identity by observing its responses to targeted probes, or by listening on a network and passively observing its network ‘etiquette’. The increased deployment of encrypted tunnels and Virtual Private Networks (VPNs) calls for the formulation of new fingerprinting techniques, and poses the question: “How much information can be gleaned from encrypted tunnels?” This paper investigates IPSec VPN tunnel-establishment and tear-down on three IPSec implementations: Microsoft Windows 2003, Sun Solaris 9 x86, and racoon on Linux 2.6 kernel. By analysing each platform's Internet Key Exchange (IKE) messages, which negotiate the IPSec tunnel, we identify a number of discriminants, and show that each of these platforms can be uniquely identified by them. We also show that the nature of some encrypted traffic can be determined, thus giving the observer an idea of the type of communication that is taking place between the IPSec endpoints. en
dc.description.department Computer Science
dc.format.extent 179758 bytes
dc.format.mimetype application/pdf
dc.identifier.citation Izadinia, VD, Kourie, DG & Eloff, JHP 2006, ‘Uncovering identities: a study into VPN tunnel fingerprinting’, Computers & Security, vol.25, issue 2, pp. 97-105 [http://www.sciencedirect.com/science/journal/01674048] en
dc.identifier.isbn 10.1016/j.cose.2005.12.008
dc.identifier.issn 0167-4048
dc.identifier.uri http://hdl.handle.net/2263/1793
dc.language.iso en en
dc.publisher Elsevier en
dc.rights Elsevier en
dc.subject IPSec en
dc.subject Internet Key Exchange (IKE) en
dc.subject Fingerprinting en
dc.subject Traffic analysis en
dc.subject Virtual Private Network (VPN) en
dc.title Uncovering identities: a study into VPN tunnel fingerprinting en
dc.type Article en


Files in this item

This item appears in the following Collection(s)

Show simple item record