Encrypted network traffic analysis of secure instant messaging application: A case study of signal messenger app
Applied Sciences (Switzerland)
; 11(17), 2021.
Article
in English
| Scopus | ID: covidwho-1394854
ABSTRACT
Instant messaging applications (apps) have played a vital role in online interaction, es-pecially under COVID-19 lockdown protocols. Apps with security provisions are able to provide confidentiality through end-to-end encryption. Ill-intentioned individuals and groups use these security services to their advantage by using the apps for criminal, illicit, or fraudulent activities. During an investigation, the provision of end-to-end encryption in apps increases the complexity for digital forensics investigators. This study aims to provide a network forensic strategy to identify the potential artifacts from the encrypted network traffic of the prominent social messenger app Signal (on Android version 9). The analysis of the installed app was conducted over fully encrypted network traffic. By adopting the proposed strategy, the forensic investigator can easily detect encrypted traffic activities such as chatting, media messages, audio, and video calls by looking at the payload patterns. Furthermore, a detailed analysis of the trace files can help to create a list of chat servers and IP addresses of involved parties in the events. As a result, the proposed strategy significantly facilitates extraction of the app’s behavior from encrypted network traffic which can then be used as supportive evidence for forensic investigation. © 2021 by the authors. Licensee MDPI, Basel, Switzerland.
Full text:
Available
Collection:
Databases of international organizations
Database:
Scopus
Type of study:
Case report
Language:
English
Journal:
Applied Sciences (Switzerland)
Year:
2021
Document Type:
Article
Similar
MEDLINE
...
LILACS
LIS