Authors: Florian Wiedner, Jonas Andre, Paulo Mendes, Georg Carle

Authors: Sebastian Gallenmüller, Dominik Scholz, Henning Stubbe, Eric Hauser, Georg Carle

Active measurements can be used to collect server characteristics on a large scale. This kind of metadata can help discovering hidden relations and commonalities among server deployments offering new possibilities to cluster and classify them. As an example, identifying a previously-unknown cybercriminal infrastructures can be a valuable source for cyber-threat intelligence. We propose herein an active measurement-based methodology for acquiring Transport Layer Security (TLS) metadata from servers and leverage it for their fingerprinting. Our fingerprints capture the characteristic behavior of the TLS stack primarily caused by the implementation, configuration, and hardware support of the underlying server. Using an empirical optimization strategy that maximizes information gain from every handshake to minimize measurement costs, we generated 10 general-purpose Client Hellos used as scanning probes to create a large database of TLS configurations used for classifying servers. We fingerprinted 28 million servers from the Alexa and Majestic toplists and two Command and Control (C2) blocklists over a period of 30 weeks with weekly snapshots as foundation for two long-term case studies: classification of Content Delivery Network and C2 servers. The proposed methodology shows a precision of more than 99 % and enables a stable identification of new servers over time. This study describes a new opportunity for active measurements to provide valuable insights into the Internet that can be used in security-relevant use cases.

Authors: Markus Sosnowski, Johannes Zirngibl, Patrick Sattler, Georg Carle, Claas Grohnfeldt, Michele Russo, Daniele Sgandurra

Authors: Johannes Zirngibl, Steffen Deusch, Patrick Sattler, Juliane Aulbach, Georg Carle, Mattijs Jonker

Authors: Fabian Franzen, Lion Steger, Johannes Zirngibl, Patrick Sattler

Authors: Sebastian Gallenmüller, Eric Hauser, Georg Carle

Authors: Florian Wiedner, Max Helm, Sebastian Gallenmüller, Georg Carle

Authors: Fabien Geyer, Steffen Bondorf

Time sensitive network applications, for example in intra-vehicular networks, aim to give predictable end-to-end latency guarantees. As a consequence, processing resources of involved host systems remain partially unused, because they are reserved for rare worst cases. This circumstance provides the opportunity to reduce dimensioning overheads by managing the load on the nodes flexibly within the network. In our proposed approach, a SmartNIC involving an FPGA-based load balancer achieves dynamic routing of flows whilst preserving end-to-end latency guarantees. A flow-oriented online network measurement component continuously supervises network traffic with regards to compliance to flow specifications and constraints such as bounded one-way delay, absence of packet loss and jitter. We use the supervisor to enhance forwarding decisions on the data plane. Initial evaluation yields a saving potential of around 30 percent. We showcase quick dynamic reconfiguration of the FPGA when triggered by real-time measurement of the one-way delay using realistic automotive network traffic.

Authors: Kilian Holzinger, Franz Biersack, Henning Stubbe, Angela Gonzalez Mariño, Abdoul Kane, Francesc Fons, Zhang Haigang, Thomas Wild, Andreas Herkersdorf, Georg Carle

Authors: Simon Bauer, Benedikt Jaeger, Max Reimann, Jonas Fromm, Georg Carle