Share Email Print

Proceedings Paper

Verification of OpenSSL version via hardware performance counters
Author(s): James Bruska; Zander Blasingame; Chen Liu
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

Many forms of malware and security breaches exist today. One type of breach downgrades a cryptographic program by employing a man-in-the-middle attack. In this work, we explore the utilization of hardware events in conjunction with machine learning algorithms to detect which version of OpenSSL is being run during the encryption process. This allows for the immediate detection of any unknown downgrade attacks in real time. Our experimental results indicated this detection method is both feasible and practical. When trained with normal TLS and SSL data, our classifier was able to detect which protocol was being used with 99.995% accuracy. After the scope of the hardware event recording was enlarged, the accuracy diminished greatly, but to 53.244%. Upon removal of TLS 1.1 from the data set, the accuracy returned to 99.905%.

Paper Details

Date Published: 2 May 2017
PDF: 7 pages
Proc. SPIE 10206, Disruptive Technologies in Sensors and Sensor Systems, 102060A (2 May 2017); doi: 10.1117/12.2263029
Show Author Affiliations
James Bruska, Clarkson Univ. (United States)
Zander Blasingame, Clarkson Univ. (United States)
Chen Liu, Clarkson Univ. (United States)

Published in SPIE Proceedings Vol. 10206:
Disruptive Technologies in Sensors and Sensor Systems
Russell D. Hall; Misty Blowers; Jonathan Williams, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?