Results of research projects conducted in 2017 in the framework of scientific and technical cooperation have been published on Netoscope's website. Three studies were conducted. Two of them focused on protocols used for TLS connections; influence of DNS on instant messaging systems was studied in the third one.
Researchers who worked on the project “Extensions of TLS certificates in X.509 standard group” collected and analyzed statistics for key X.509 extensions and their parameter values for TLS protocol. According to the findings, there were no mass anomalies. This indicates stable and predictable development of TLS technologies for HTTPS on Runet.
Indicators of the Diffie-Hellman Protocol usage on Runet reflect general penetration of information protection technologies. This is why the study “Parameters of the Diffie-Hellman Protocol used by TLS servers for Runet’s HTTPS” demonstrated both the general state and trends in the field typical for Russia. The researchers stated that the distribution of the “elliptical” version of the protocol (ECDH) is growing. This is due to the fact that this option is recommended in almost all modern TLS configuration instructions for system administrators and, in addition, mass hosting also uses ECDH. Usage of the Diffie-Hellman Protocol in TLS for HTTPS nods on Runet is consistent with the worldwide trend.
Research project “Usage of DNS system by modern instant messaging systems” provided interesting findings. Within the study, researchers reviewed scenarios where the most popular messengers in Russia - Telegram, Facebook Messenger, WhatsApp, and Viber – used the domain name system (DNS). Studied apps showed different approaches to usage of DNS. For example, Telegram stands apart and doesn’t use DNS directly, there were no typical queries. Moreover, Telegram, apart from encryption, uses additional methods to obfuscate traffic. Other analyzed apps use DNS in a regular way: to detect the current addressing settings of central message exchange servers and to access external resources.
“Research is one of the main activities of Netoscope. The amount of data that the partners collected on Netoscope platform allows us to conduct high-quality and relevant studies, which, I’m certain, will be useful for all Russian Internet users”, said Andrey Vorobyev, CEO of the Coordination Center for TLD .RU/.РФ.
We remind that the Coordination Center for TLD .RU/.РФ created a research platform for aggregation of information about malicious resources registered in Russian country-code top-level domains in 2012. In a year informational and analytical resource Netoscope was created online, where the most recent data on cyber threats and the progress of fighting them is shared. At present, 13 companies take part in Netoscope: OOO BIZon (LLC), Group-IB, Kaspersky Lab, Mail.ru, Roskomnadzor, RU-CERT, Technical Center of Internet, Yandex, SURFnet, iThreat Cyber Group Inc., SkyDNS, and MasterCard Members’ Association.
