Encrypted Traffic Analysis

Back to all publications

Publication date:April 23, 2020

This report explores the current state of affairs in Encrypted Traffic Analysis and in particular discusses research and methods in 6 key use cases; viz. application identification, network analytics, user information identification, detection of encrypted malware, file/device/website/location fingerprinting and DNS tunnelling detection. In addition, the report discusses recent research in TLS practices identifying common improper practices and proposing simple but efficient countermeasures like certificates validation and pinning, minimize exposed data over HTTP redirects, using proper private keys and the latest versions of TLS (i.e. 1.2 and 1.3), deprecating older ones and employing certificate signing and by a trusted CA.