Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring. Ryan Lackey Founder, CryptoSeal, Inc. Marc Rogers Principal Security Researcher, Lookout The Grugq Information Security Researcher
Sometimes, hiding the existence of a communication is as important as hiding the contents of that communication. While simple network tunneling such as Tor or a VPN can keep the contents of communications confidential, under active network monitoring or a restrictive IDS such tunnels are red flags which can subject the user to extreme scrutiny.Format-Transforming Encryption (FTE) can be used to tunnel traffic within otherwise innocuous protocols, keeping both the contents and existence of the sensitive traffic hidden.
However, more advanced automated intrusion detection, or moderately sophisticated manual inspection, raise other red flags when a host reporting to be a laser printer starts browsing the web or opening IM sessions, or when a machine which appears to be a Mac laptop sends network traffic using Windows-specific network settings.
We present Masquerade: a system which combines FTE and host OS profile selection to allow the user to emulate a user-selected operating system and application-set in network traffic and settings, evading both automated detection and frustrating after-the-fact analysis.
Ryan Lackey, Founder of CryptoSeal, founded HavenCo, the world’s first offshore datahaven, and has worked as a defense contractor in Iraq and Afghanistan, at various technology startups, and is currently working on a secure hardware-based router for business travelers.
Marc Rogers is an English hacker, Director of SecOps for DEF CON, and works as Principal Security Researcher for Lookout.
The Grugq is a pioneering information security researcher with over a decade of professional experience. He has worked extensively with digital forensic analysis, binary reverse engineering, rootkits, Voice over IP, telecommunications and financial security. The Grugq's professional career has included Fortune 100 companies, leading information security firms and innovative start-ups. Claims to fame:
The Grugq has spoken at dozens of conferences over the last 7 years; provided expert training courses to .gov, .mil, police and businesses; domain expertise on forensics, voip, telecommunications and financial systems.