We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Encrypted Network Traffic Analysis of Secure Instant Messaging Application: A Case Study of Signal Messenger App.
- Authors
Afzal, Asmara; Hussain, Mehdi; Saleem, Shahzad; Shahzad, M. Khuram; Ho, Anthony T. S.; Jung, Ki-Hyun
- Abstract
Instant messaging applications (apps) have played a vital role in online interaction, especially under COVID-19 lockdown protocols. Apps with security provisions are able to provide confidentiality through end-to-end encryption. Ill-intentioned individuals and groups use these security services to their advantage by using the apps for criminal, illicit, or fraudulent activities. During an investigation, the provision of end-to-end encryption in apps increases the complexity for digital forensics investigators. This study aims to provide a network forensic strategy to identify the potential artifacts from the encrypted network traffic of the prominent social messenger app Signal (on Android version 9). The analysis of the installed app was conducted over fully encrypted network traffic. By adopting the proposed strategy, the forensic investigator can easily detect encrypted traffic activities such as chatting, media messages, audio, and video calls by looking at the payload patterns. Furthermore, a detailed analysis of the trace files can help to create a list of chat servers and IP addresses of involved parties in the events. As a result, the proposed strategy significantly facilitates extraction of the app's behavior from encrypted network traffic which can then be used as supportive evidence for forensic investigation.
- Subjects
ANDROID (Operating system); INSTANT messaging; INSTANT messaging software; FORENSIC sciences; INTERNET protocol address; TRACE analysis; COVID-19
- Publication
Applied Sciences (2076-3417), 2021, Vol 11, Issue 17, p7789
- ISSN
2076-3417
- Publication type
Article
- DOI
10.3390/app11177789