Slyck.com
 
Slyck Chatbox - And More

Analyzing SSL traffic

This is the forum to discuss tech-software related issues.
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

Analyzing SSL traffic

Postby Frost » Sun Apr 19, 2009 12:01 pm

I am using Astrawebs SSL servers and other encrypted internet software like Anonymizer. I came across the following software called eSafe Web SSL from Aladdin that can be found on the following link: http://www.aladdin.com/esafe/ssl.aspx

This is business type software and a quote from the description of what this software does:
"The eSafe Web SSL solution provides a complete solution for analyzing encrypted Web content. Complements eSafe Gateway and eSafe Web to provide transparent inspection of all encrypted (HTTPS, SSL, TLS) web traffic"

Is it possible for my ISP or others to analyze my encrypted traffic with the right software or do I totally misunderstand this??

Could someone with more knowledge explain in simple terms what the above software does??
User avatar
Frost
 
Posts: 2
Joined: Sun Apr 19, 2009 11:40 am

Re: Analyzing SSL traffic

Postby IneptVagrant » Mon Apr 20, 2009 8:50 am

SSL doesn't provide anonymity. It doesn't hide what you are doing, who you are, or where you are going. It does hide what you are transferring.

What that program does, and other like it, is look for a pattern of actions. Spy novel version -> You visit the donuts shop every morning at 9am. It doesn't know what donuts you buy, it doesn't care either. But it knows you are visiting a donuts shop and when.

It is more complicated of course. For a dirty overview, and this is just one possible way, you can consider each programs transfer protocol to be its 'grammer' and apply some form of Bayes' theorem to predict what application is generating that pattern of traffic with some training.

**

The other thing they can do is inspect the traffic that is "setting up" the secure connection, hence all that other staff about certs on that webpage you linked.
IneptVagrant
 
Posts: 1247
Joined: Tue Nov 15, 2005 5:07 am
Location: close the world . . . . . . . . . . . . . . txEn eht nepO

Re: Analyzing SSL traffic

Postby ejonesss » Mon Apr 20, 2009 9:48 am

correct me if i am wrong.

while you are right ssl does not protect anonymity it does protect what you are downloading and sharing.
forcing the internet police to have to get a warrant to find out what you are getting.

since not all torrents are illegal (you can get some legal torrents too) iit would require a warrant to find out.

comparing to the donut shop.

if the donut shop sells illegal donuts too then just staking out the shop is not good enough .

the police would have to get a warrant to search every customer's box .

what ssl would be useless in is probably if a school or university is looking for p2p traffic because they want to control the bandwidth use and eliminate the bandwidth hogs.




IneptVagrant wrote:SSL doesn't provide anonymity. It doesn't hide what you are doing, who you are, or where you are going. It does hide what you are transferring.

What that program does, and other like it, is look for a pattern of actions. Spy novel version -> You visit the donuts shop every morning at 9am. It doesn't know what donuts you buy, it doesn't care either. But it knows you are visiting a donuts shop and when.

It is more complicated of course. For a dirty overview, and this is just one possible way, you can consider each programs transfer protocol to be its 'grammer' and apply some form of Bayes' theorem to predict what application is generating that pattern of traffic with some training.

**

The other thing they can do is inspect the traffic that is "setting up" the secure connection, hence all that other staff about certs on that webpage you linked.
…-..-..-..-..-.-----.-…-..-…-..-…-...
ejonesss
 
Posts: 2973
Joined: Thu Feb 06, 2003 5:43 pm

Re: Analyzing SSL traffic

Postby Overnet User » Mon Jun 15, 2009 4:00 am

A note about SSL

How Scroogle's SSL option protects your privacy

Secure Socket Layer is an encryption protocol that is available in almost all browsers. If you've ever entered your credit card number to purchase something online, you should have checked for the little yellow padlock at the bottom right of your browser. That means no one can intercept your number as it travels between your browser and the online merchant, because the browser has established a secure connection. That's SSL.


Image
For Scroogle, SSL is used to hide your search terms from anyone who might be monitoring traffic between your browser and Scroogle's servers. This encryption happens when you send your search terms to Scroogle, and it also happens when Scroogle sends the results of your search back to you. No one snooping between your browser and Scroogle can figure out what you were looking for, because the information is encrypted and looks like gibberish. The connection between Scroogle and Google, which still must happen for every search, is not encrypted because Google doesn't use SSL. However, this connection is not associated with you at that point, and only Scroogle knows who entered those search terms. Your IP address is dropped before your search terms are sent to Google.

Most employers monitor the websites visited by their employees. There are impressive "employer spyware" packages such as Websense that they use to do this. Because the GET method is preferred by almost all search engines (see this page), even if the employer sees only the web address that you used to arrive at Google, he already knows the search terms you requested. With a record of all the search terms you've used while you were at work, each with a date and time recorded in his log, your employer has a pretty good idea of what you've been thinking. There are no laws that prevent employers from doing this sort of snooping.

If you use Wi-Fi and you haven't set up your router for secure operation, your neighbors could see what you are doing on the web. Again, your search terms might be interesting to them.

In some countries, the government could be monitoring your web activity by requiring your service provider to log the sites you visit, and make the logs available on demand. In fact, most governments wouldn't even have to ask the service provider for this information. They could tap the line upstream of the provider, and just look for packets containing http://www.google.com/search. Next to this are your search terms in plain text, with your IP address in the same packet. Government spies salivate at the thought of data-mining this information. With your search terms revealing what you are thinking, and the email you send revealing your network of associates, that's almost everything they need to know about you.

Besides encrypting everything between your browser and Scroogle, there are other details that may interest you about SSL. We prefer the POST method over the GET method, but if you use SSL, even the GET method is secure. You will see the Scroogle address and the search terms in your browser address bar with the GET method only because the browser displays this before it starts the SSL negotiation with Scroogle. Those search terms don't go any further than your browser. The SSL in your browser strips off the portion of the URL after the question mark, and then provides this information to Scroogle only after the secure connection has been established.

When the Scroogle results come back from an SSL search, and you click on any of the links shown on that secure page, there is another advantage. SSL does not allow the browser to record the address where that secure page came from, and attach it to any outgoing links on that page. Normally all browsers do this, and it's called the "referrer" address. But SSL blanks out the referrer, so that any site you click on from a Scroogle SSL page won't even know that you arrived at their site from Scroogle. The referrer will be blank, and your log entry will look like any of the hundreds of bots that crawl the web all day and night with similar blank referrers.

All of these are good reasons to use Scroogle's SSL option. It increases the load on our servers because the encryption handshaking is complex, but so far it hasn't been a problem for us. If it does become a problem, we hope to get more donations so that we can add more servers.

http://www.scroogle.org
Why Join The Fight?
http://www.eff.org/bloggers/join/
News Without Queues: Follow OvernetUser on Twitter http://twitter.com/OvernetUser
User avatar
Overnet User
 
Posts: 2294
Joined: Thu Jan 27, 2005 6:27 pm
Location: Ed2k/Bittorrent


Return to Tech/Software Discussion

Who is online

Users browsing this forum: No registered users and 2 guests

cron
© 2001-2008 Slyck.com