摘要
网络安全审计系统用以审计用户行为保障内网安全,已受到越来越多的关注和重视。数据采集作为后续分析审计工作的基础,对系统起着至关重要的作用。传输层安全协议TLS是网络上应用广泛的安全协议,为建立起一条安全的TLS连接,客户端和服务器需要额外的握手过程进行协商,这一过程是十分耗时的。TLS会话重用特性使得双方重用已经协商好的会话参数,从而减轻握手开销。作为提高TLS性能的有效方式,会话重用已得到广泛的支持和应用。本文讨论了TLS协议重用会话的数据采集问题,通过分析session ID和session ticket两种会话重用方式的流程和特性,提出了基于哈希的会话重用采集方法。最后,在多核网络处理器平台上实现了该方法,实验证明了方法的有效性。
The network security audit system is used to monitor the user’s behavior to ensure the Intranet security, which has gained more and more attention. The data collection provides the audit data for system and it pays a vital role in the system. Transport layer Security is an important security protocol, the client and the server need an additional handshake procedure to establish a secure channel, which is time-consuming. TLS session resumption allows client and server to reuse the negotiated session parameters, thus reduces the handshake overhead. There are a large number of TLS connections which reuse sessions in the network. This paper discusses the data acquisition problem of TLS session resumption. By analyzing two kinds of TLS session resumption methods, this paper proposes a method based on hash to collect data of TLS session resumption. Finally, the method is implemented on the multi-core network processor, and the experiment proves the effectiveness of the method.
作者
闫露
邓浩江
陈晓
叶晓舟
YAN Lu;DENG Haojiang;CHEN Xiao;YE Xiaozhou(National Network New Media Engineering Research Center, Institute of Acoustics, Chinese Academy of Sciences, Beijing, 100190, China;University of Chinese Academy of Sciences, Beijing, 100190, China)
出处
《网络新媒体技术》
2019年第3期16-22,共7页
Network New Media Technology
基金
中科院声学所率先行动计划项目:端到端虚拟化关键技术研究与系统研发(SXJH201609)
关键词
安全审计
数据采集
传输层安全协议
会话重用
security audit system
data collection
Transport layer security(TLS)
session resumption
