Transport layer security (TLS) version 1.3 has been standardized in August 2018 by the Internet Engineering Task Force (IETF). This new version of the protocol focuses on enhancing user privacy and security. As a network and security appliance manufacturer, Stormshield’s SNS (Stormshield Network Security) product provides security and application analysis over the previous versions of the TLS protocol (1.0 to 1.2). Service detection in our home-made Intrusion Prevention System for the TLS protocol is based on the server’s certificate availability in the connection handshake. This certificate being now encrypted in TLS 1.3, its analysis requires solving new challenges. In this paper, we explain how we overcame these limitations, without downgrading the security level of the connection.
Nicolas Pamart (Stormshield), Damien Deville (Stormshield), Thomas Malherbe (Stormshield)
Nicolas Pamart is a student at ENSIMAG (École nationale supérieure d’informatique et de mathématiques appliquées de Grenoble). He has been working in apprenticeship at the Stormshield R&D lab for 3 years, in the Intrusion Prevention System (IPS) team.
After obtaining his PhD on smartcard security from the University of Lille 1, Damien Deville has been working at Stormshield for 12 years. First as a Intrusion Prevention System (IPS) Team Manager and then as a Technical Leader, mainly on the IPS subject.
Thomas Malherbe obtained his diploma from ENSTA (École nationale supérieure de techniques avancées) in 2007. He has been working at Stormshield for 2 years as a developper in R&D lab.