Home // ACCSE 2017, The Second International Conference on Advances in Computation, Communications and Services // View article

Booters and Certificates: An Overview of TLS in the DDoS-as-a-Service Landscape

Authors:
Benjamin Kuhnert
Jessica Steinberger
Harald Baier
Anna Sperotto
Aiko Pras

Keywords: booters; certificates; distributed denial of service as a service; mitigation; tls

Abstract:
Distributed Denial of Service attacks are getting more sophisticated and frequent whereas the required technical knowledge to perform these attacks decreases. The reason is that Distributed Denial of Service attacks are offered as a service, namely Booters, for less than 10 US dollars. As Booters offer a Distributed Denial of Service service that is paid, Booters often make use of Transport Layer Security certificates to appear trusted and hide themselves inside of encrypted traffic in order to evade detection and bypass critical security controls. In addition, Booters use Transport Layer Security certificates to ensure secure credit card transactions, data transfer and logins for their customers. In this article, we review Booters websites and their use of Secure Socket Layer certificates. In particular, we analyze the certificate chain, the used cryptography and cipher suites, protocol use within Transport Layer Security for purpose of security parameters negotiation, the issuer, the validity of the certificate and the hosting companies. Our main finding is that Booters prefer elliptic curve cryptography and are using Advanced Encryption Standard with a 128 bit key in Galois/Counter Mode. Further, we found a typical certificate chain used by most of the Booters.

Pages: 37 to 44

Copyright: Copyright (c) IARIA, 2017

Publication date: June 25, 2017

Published in: conference

ISSN: 2519-8459

ISBN: 978-1-61208-570-8

Location: Venice, Italy

Dates: from June 25, 2017 to June 29, 2017