A network protocol has performance requirements. In order to address these requirements, many implementations will leak some side-channel information, indicating how a tunnel is being used. Particularly approximate packet sizes and timing can be tied to a particular use of an encrypted tunnel. Pacumen is an open-source tool which can learn what a specific application “looks like” over an encrypted tunnel and can be trained to recognize the application being used without decryption. We will go into a deep-dive about the algorithm used and how it works, as well as talk about how best to measure its performance and utilize it in the real world.
October 21, 2014 | Tech 3 (801b) | 14:40 – 15:40