Proceedings of the 3rd European Conference on Computer Network Defense

The 3rd European Conference on Computer Network Defense took place in September 2007 at Aldemar Hotel, in Heraklion, Crete, Greece in cooperation with the European Network and Information Security Agency (ENISA). The theme of the conference was the protection of computer networks. The conference drew participants from academia and industry in Europe and beyond to discuss hot topics in applied network and systems security. The conference was a great success, with 6 refereed papers and 6 invited presentations on topics ranging from high assurance networks of virtual machines to signaling vulnerabilities in wiretapping systems. This book contains the refereed as well as refereed papers. We are greatful to the authors and presenters for their contributions, as well as the participants of EC2N’07 for making the conference a success. We are looking forward to a successful EC2ND event in 2008. K. G. Anagnostakis, S. Ioannidis, V. Siris Contents 1 Tales from the Crypt: Fingerprinting Attacks on Encrypted Channels by Way of Retainting ........................................1 Michael Valkering, Asia Slowinska, and Herbert Bos 1 Introduction ......................................................................................... 1 2 Architecture ......................................................................................... 3 2.1 Tracking Issues .............................................................................. 4 2.2 Retainting ...................................................................................... 6 2.2.1 Determining the Tag ............................................................. 6 2.2.2 Identifying the SSL Conversation ........................................ 8 2.3 Interposition Details...................................................................... 9 3 Signature Generation ........................................................................... 9 3.1 Pattern-Based Signatures ............................................................. 10 3.2 Signatures for Polymorphic Buffer Overflows ............................ 13 4 Filters ................................................................................................. 14 5 Results ............................................................................................... 15 6 Related Work ..................................................................................... 17 7 Conclusions ....................................................................................... 18 References ............................................................................................ 18 2 Towards High Assurance Networks of Virtual Machines...............21

Tales from the Crypt: Fingerprinting Attacks on Encrypted Channels by Way of Retainting.- Towards High Assurance Networks of Virtual Machines.- Intrusion Detection Using Cost-Sensitive Classification.- A Novel Approach for Anomaly Detection over High-Speed Networks.- Elastic Block Ciphers in Practice: Constructions and Modes of Encryption.- Vulnerability Response Decision Assistance.- Alice, What Did You Do Last Time? Fighting Phishing Using Past Activity Tests.- QuiGon: The First Tool Against Clone Attack on Internet Relay Chat.- Defending Against Next Generation Through Network/Endpoint Collaboration and Interaction.- ISi-LANA – A Secure Basic Architecture for Networks Connected to the Internet.