TLS密码套件的流量数据随机性分析

Randomness of traffic data in TLS cipher suite

密码套件是安全传输层协议(TLS)实现安全通信的基石,包含了密钥交换算法、对称密码算法和消息摘要算法,其中对称密码算法被用于实际通信的数据加密。通过对真实流量的采集与分析,得出了不同TLS密码套件在现网中的分布情况。设计了一种基于密文图像重构、美国国家标准与技术研究院随机性测试套件、卷积神经网络(CNN)等手段的分析方法,对现网主流对称密码算法(AES、ChaCha20)与其他常见对称密码算法(DES、3DES、RC2、RC4)的密文随机性进行分析。实验结果表明:参与对比的所有对称密码算法在电子密码本(ECB)模式下其密文均具有较差的随机性,无法通过大多数测试;AES与ChaCha20二种主流TLS对称密码算法在除ECB模式下其密文均具有良好的随机性,对基于CNN与随机森林的密码算法识别也具有抵抗能力。研究成果可为TLS密码套件的选择与加密流量的深层分析提供参考。

Cipher suite is the cornerstone of transport layer security(TLS)to realize secure communication,which includes asymmetric cipher algorithm,symmetric cipher algorithm and message digest algorithm,among which symmetric cipher algorithm is used for data encryption in actual communication.Through the collection and analysis of real traffic,this paper obtains the distribution of different TLS cipher suites in the existing network.Then,an analysis method based on image ciphertext reconstruction,NIST randomness test suite and convolutional neural network(CNN)is designed to analyze the ciphertext randomness of mainstream symmetric cipher algorithms(AES,ChaCha20)and other common symmetric cipher algorithms(DES,3DES,RC2,RC4).The experimental results show that the ciphertexts of all the symmetric cipher algorithms participating in the comparison have poor randomness in the electronic codebook(ECB)mode and cannot pass most tests.AES and ChaCha20,two mainstream TLS symmetric cipher algorithms,have good randomness in ciphertext except ECB mode,and have resistance to cipher algorithm recognition based on CNN or random forest.Relevant research can provide reference for the deep analysis of TLS cipher suite selection and encrypted traffic.