摘要
密码套件是安全传输层协议(TLS)实现安全通信的基石,包含了密钥交换算法、对称密码算法和消息摘要算法,其中对称密码算法被用于实际通信的数据加密。通过对真实流量的采集与分析,得出了不同TLS密码套件在现网中的分布情况。设计了一种基于密文图像重构、美国国家标准与技术研究院随机性测试套件、卷积神经网络(CNN)等手段的分析方法,对现网主流对称密码算法(AES、ChaCha20)与其他常见对称密码算法(DES、3DES、RC2、RC4)的密文随机性进行分析。实验结果表明:参与对比的所有对称密码算法在电子密码本(ECB)模式下其密文均具有较差的随机性,无法通过大多数测试;AES与ChaCha20二种主流TLS对称密码算法在除ECB模式下其密文均具有良好的随机性,对基于CNN与随机森林的密码算法识别也具有抵抗能力。研究成果可为TLS密码套件的选择与加密流量的深层分析提供参考。
Cipher suite is the cornerstone of transport layer security(TLS)to realize secure communication,which includes asymmetric cipher algorithm,symmetric cipher algorithm and message digest algorithm,among which symmetric cipher algorithm is used for data encryption in actual communication.Through the collection and analysis of real traffic,this paper obtains the distribution of different TLS cipher suites in the existing network.Then,an analysis method based on image ciphertext reconstruction,NIST randomness test suite and convolutional neural network(CNN)is designed to analyze the ciphertext randomness of mainstream symmetric cipher algorithms(AES,ChaCha20)and other common symmetric cipher algorithms(DES,3DES,RC2,RC4).The experimental results show that the ciphertexts of all the symmetric cipher algorithms participating in the comparison have poor randomness in the electronic codebook(ECB)mode and cannot pass most tests.AES and ChaCha20,two mainstream TLS symmetric cipher algorithms,have good randomness in ciphertext except ECB mode,and have resistance to cipher algorithm recognition based on CNN or random forest.Relevant research can provide reference for the deep analysis of TLS cipher suite selection and encrypted traffic.
作者
郭帅
程光
GUO Shuai;CHENG Guang(School of Cyber Science and Engineering,Southeast University,Nanjing 211189,China;Key Laboratory of Computer Network and Information Integration(Southeast University),Ministry of Education,Nanjing 211189,China;Purple Mountain Laboratory for Network and Communication Security,Nanjing 211111,China)
出处
《北京航空航天大学学报》
EI
CAS
CSCD
北大核心
2022年第2期291-300,共10页
Journal of Beijing University of Aeronautics and Astronautics
基金
国家重点研发计划(2018YFB1800602)
教育部-中国移动科研基金(MCM20180506)
赛尔网络下一代互联网技术创新项目(NGIICS20190101,NGII20170406)。
关键词
随机性度量
密码算法识别
机器学习
加密流量识别
网络测量
randomness measurement
cipher algorithm recognition
machine learning
encrypted traffic identification
network measurement