Theses 

Analysis and entering into encrypted traffic at the firewall – Bc. Ivan Hutyra

česky | in English | slovensky

Section:
Use to change section. Address within IS:

Zpět na vyhledávání

Masaryk University

Faculty of Informatics

Master programme / field:
Applied Informatics / Applied Informatics

Theses on a related topic

Display description

Bc. Ivan Hutyra

Master's thesis

Analysis and entering into encrypted traffic at the firewall

Analysis and entering into encrypted traffic at the firewall

Abstract: Každá moderná firma v súčasnosti používa Internetové pripojenie. Väčšina z nich používa nejaký druh firewallovej politiky, aby si chránila svoje dáta, obchodné tajomstvo, alebo svoj majetok. Pokročilé firewally používajú techniku pre filtrovanie obsahu nazývanú "Deep Packet Inspection", aby dosiahli najväčšiu možnú úroveň ochrany. Avšak existuje slepé miesto, ktoré má každý firewall -- šifrovaná komunikácia. Táto práca analyzuje súčasné možnosti vstupovania do šifrovanej komunikácie -- konkrétne do SSL/TLS šifrovanej komunikácie -- na firewalle. Prezentuje nové riešenie tohoto problému, ktoré je založené na modifikácii existujúcej techniky nazývanej "trusted man-in-the-middle". Ako dôkaz, že modifikácia funguje sme zostrojili prototypovú aplikáciu. Aplikácia simuluje šifrovanú komunikáciu medzi klientom a serverom, zatiaľčo firewall vstupuje do ich komunikácie a upravuje správy, ktoré si medzi sebou posielajú. Nová technika je v prvom rade optimalizáciou pôvodnej techniky, ktorá ušetrí výpočtové zdroje. Pred koncom práce ešte diskutujeme limity a možné rozšírenia nášho riešenia. V závere sa tiež zamýšľame nad etickým rozmerom filtrovania obsahu a vstupovania do šifrovanej komunikácie.

Abstract: At present, every modern company use the Internet connection. Most of them have some kind of the firewall policy to protect their data, trade secret and their property. Enterprise firewalls use the technique of content filtering called "Deep Packet Inspection" to achieve the highest possible level of protection. However, there exists a blind spot of all firewalls -- the encrypted traffic. This work analyzes the current options for entering into the encrypted traffic, especially into the SSL/TLS encrypted traffic at the firewall. It presents a new solution of this problem which is based on the modification of an existing technique called "trusted man-in-the-middle". As a proof that the modified technique works we constructed a prototype application. The application simulates an encrypted communication between the client and server while the firewall enters into the communication and modifies the encrypted messages sent between them. The new technique is primarily an optimization of the existing technique that will save the computational resources. Before the end of work we discuss the limits and possible extensions of our solution. In conclusion, we think about the ethical dimension of content filtering and entering into the encrypted traffic.

Keywords: Man-in-the-middle attack, MITM, Firewall, SSL, TLS, Inspection, PKI, X.509

Language used: English

Thesis defence

  • Date of defence: 25. 6. 2012
  • Supervisor: Mgr. Vít Bukač, Ph.D.
  • Reader: RNDr. Marek Kumpošt, Ph.D.

Citation record

ISO 690-compliant citation record: LaTeX | HTML | text | BibTeX | Wikipedie

Full text of thesis

Contents of on-line thesis archive
Published in Theses:
  • světu
Složka Reference to the local database directory of the institution
Other ways of accessing the text

Institution archiving the thesis and making it accessible: Masarykova univerzita, Fakulta informatiky


Go to top | Current date and time: 24/4/2019 02:19, Week 17 (odd)

Privacy

Contact: theses(zavináč/atsign)fi(tečka/dot)muni(tečka/dot)cz