Passive Monitoring of HTTPS Service Use

International audienceHTTPS is used today to secure the majority of web communications and so enhance user privacy. Therefore, traffic monitoring techniques must evolve to remain useful, especially to support security considerations, as for example detecting and filtering the forbidden uses of a web service.However, privacy should be kept as intact as most as possible. This paper describes a new passive and transparent method to infer the use of a HTTPS service by extracting and interpreting only meaningful metadata derived from the encrypted traffic without deeply profile individual users. We propose a model using the sizes of objects loaded in the HTTPS service as a signature, by leveraging kernel density estimation, supportingthen a classification function. We assess this approach extensively on the Google Images Service but we show that our approach remains valid for other services. We succeed to achieve an accuracy of 99.18% when detecting particular keywords to be searched over a large dataset of 115,500 distinct keywords

Transparent and Service-Agnostic Monitoring of Encrypted Web Traffic

International audienceNowadays, most of Web services are accessed through HTTPS. While preserving user privacy is important, it is also mandatory to monitor and detect specific users' actions, for instance, according to a security policy. This paper presents a solution to monitor HTTP/2 traffic over TLS. It highly differs from HTTP/1.1 over TLS traffic what makes existing monitoring techniques obsolete. Our solution, H2Classifier, aims at detecting if a user performs an action that has been previously defined over a monitored Web service, but without using any decryption. It is thus only based on passive traffic analysis and relies on random forest classifier. A challenge is to extract representative values of the loaded content associated to a Web page, which is actually customized based on the user action. Extensive evaluations with five top used Web services demonstrate the viability of our technique with an accuracy between 94% and 99%

Encrypted HTTP/2 Traffic Monitoring: Standing the Test of Time and Space

International audienceEncrypted HTTP/2 (h2) has been worldwide adopted since its official release in 2015. The major services over Internet use it to protect the user privacy against traffic interception. However, under the guise of privacy, one can hide the abnormal or even illegal use of a service. It has been demonstrated that machine learning algorithms combined with a proper set of features are still able to identify the incriminated traffic even when it is encrypted with h2. However, it can also be used to track normal service use and so endanger privacy of Internet users. Independently of the final objective, it is extremely important for a security practitioner to understand the efficiency of such a technique and its limit. No existing research has been achieved to assess how generic is it to be directly applicable to any service or website and how long an acceptable accuracy can be maintained. This paper addresses these challenges by defining an experimental methodology applied on more than 3000 different websites and also over four months continuously. The results highlight that an off-the-shelf machine-learning method to classify h2 traffic is applicable to many websites but a weekly training may be needed to keep the model accurate

Discovering Correlations: A Formal Definition of Causal Dependency Among Heterogeneous Events

International audienc

Remediating Logical Attack Paths Using Information System Simulated Topologies

National audienceWith the increase of attacks and Information Systems getting ever more complex, security operators need tools to help them protecting critical assets. An attack graph is a model to assess the level of security of an Information System, but it can be used to compute actions that mitigate the modeled threats. In this paper we present a method to remediate the most relevant attack paths extracted from a logical attack graph. In order to help an operator to choose between several remediation candidates, we rank them according to a cost of remediation combining operational and impact costs. We implement this method using MulVAL attack graphs and several publicly available sets of data

Securing Intellectual Property in Federated Learning

International audienceFederated Learning (FL) is a technique that allows multiple participants to collaboratively train a Deep Neural Network (DNN) without the need to centralize their data and therefore comes with privacy-preserving properties making it attractive for application in sensitive contexts. However, it requires sharing participant models during the training process which makes them vulnerable to theft or unauthorized distribution by malicious actors. To address the issue of ownership rights protection in the context of Machine Learning (ML), DNN Watermarking methods have been developed during the last five years. Most existing works have focused on watermarking in a centralized manner, but only a few methods have been designed for FL and its unique constraints. In this paper, we provide an overview of recent advancements in Federated Learning watermarking, shedding light on the new challenges and opportunities that arise in this field

Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

International audienceNetwork operators are currently very cautious before deploying a new network equipment. This is done only if the new networking solution is fully monitored, secured and can provide rapid revenues (short Return of Investment). For example, the NDN (Named Data Networking) solution is admitted as promising but still uncertain, thus making network operators reluctant to deploy it. Having a flexible environment would allow network operators to initiate the deployment of new network solutions at low cost and low risk. The virtualization techniques, appeared a few years ago, can help to provide such a flexible networking architecture. However, with it, emerge monitoring and security issues which should be solved. In this paper, we present our secure virtualized networking environment to deploy new functions and protocol stacks in the network, with a specific focus on the NDN use-case as one of the potential Future Internet technology. As strong requirements for a network operator, we then focus on monitoring and security components, highlighting where and how they can be deployed and used. Finally, we introduce our preliminary evaluation, with a focus on security, before presenting the testbed, involving end-users consuming real contents, that we will set up for the assessment of our approach

Gene-mediated Restoration of Normal Myofiber Elasticity in Dystrophic Muscles

Dystrophin mediates a physical link between the cytoskeleton of muscle fibers and the extracellular matrix, and its absence leads to muscle degeneration and dystrophy. In this article, we show that the lack of dystrophin affects the elasticity of individual fibers within muscle tissue explants, as probed using atomic force microscopy (AFM), providing a sensitive and quantitative description of the properties of normal and dystrophic myofibers. The rescue of dystrophin expression by exon skipping or by the ectopic expression of the utrophin analogue normalized the elasticity of dystrophic muscles, and these effects were commensurate to the functional recovery of whole muscle strength. However, a more homogeneous and widespread restoration of normal elasticity was obtained by the exon-skipping approach when comparing individual myofibers. AFM may thus provide a quantification of the functional benefit of gene therapies from live tissues coupled to single-cell resolution

5G-ENSURE - D3.2 5G-PPP security enablers open specifications (v1.0)

This document describes the open specifications of 5G Security enablers planned to compose the first software release (i.e. v1.0) of 5G-ENSURE Project due in September 2016 (M11). The enablers’ open specifications are presented per security areas in scope of the project, namely: Authentication, Authorization and Accounting (AAA), Privacy, Trust, Security Monitoring, and Network management & virtualisation isolation. For each of these categories the open specifications of all enablers planned in the project's Technical Roadmap for v1.0 and having features for v1.0 are detailed following the same template. Overall, this deliverable paves the way towards the development and demonstration of the first set of 5G-ENSURE security enablers as planned for v1.0 in the project's Technical Roadmap (i.e. D3.1). It is also a valuable input to both works on the 5G Security architecture and 5G Security testbed, since it provides the details regarding security enablers necessary in order to understand their mapping to 5G security architectural components, as well as their integration, testing, demonstration, and assessment on the 5G security testbe