2 May 2017 Verification of OpenSSL version via hardware performance counters
Author Affiliations +
Many forms of malware and security breaches exist today. One type of breach downgrades a cryptographic program by employing a man-in-the-middle attack. In this work, we explore the utilization of hardware events in conjunction with machine learning algorithms to detect which version of OpenSSL is being run during the encryption process. This allows for the immediate detection of any unknown downgrade attacks in real time. Our experimental results indicated this detection method is both feasible and practical. When trained with normal TLS and SSL data, our classifier was able to detect which protocol was being used with 99.995% accuracy. After the scope of the hardware event recording was enlarged, the accuracy diminished greatly, but to 53.244%. Upon removal of TLS 1.1 from the data set, the accuracy returned to 99.905%.
Conference Presentation
© (2017) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
James Bruska, James Bruska, Zander Blasingame, Zander Blasingame, Chen Liu, Chen Liu, } "Verification of OpenSSL version via hardware performance counters", Proc. SPIE 10206, Disruptive Technologies in Sensors and Sensor Systems, 102060A (2 May 2017); doi: 10.1117/12.2263029; https://doi.org/10.1117/12.2263029

Back to Top