| Citation: | GUO Shuai, CHENG Guang. Randomness of traffic data in TLS cipher suite[J]. Journal of Beijing University of Aeronautics and Astronautics, 2022, 48(2): 291-300. doi: 10.13700/j.bh.1001-5965.2020.0390(in Chinese)
|
Cipher suite is the cornerstone of transport layer security (TLS) to realize secure communication, which includes asymmetric cipher algorithm, symmetric cipher algorithm and message digest algorithm, among which symmetric cipher algorithm is used for data encryption in actual communication. Through the collection and analysis of real traffic, this paper obtains the distribution of different TLS cipher suites in the existing network. Then, an analysis method based on image ciphertext reconstruction, NIST randomness test suite and convolutional neural network (CNN) is designed to analyze the ciphertext randomness of mainstream symmetric cipher algorithms (AES, ChaCha20) and other common symmetric cipher algorithms (DES, 3DES, RC2, RC4). The experimental results show that the ciphertexts of all the symmetric cipher algorithms participating in the comparison have poor randomness in the electronic codebook (ECB) mode and cannot pass most tests. AES and ChaCha20, two mainstream TLS symmetric cipher algorithms, have good randomness in ciphertext except ECB mode, and have resistance to cipher algorithm recognition based on CNN or random forest. Relevant research can provide reference for the deep analysis of TLS cipher suite selection and encrypted traffic.
| [1] |
吴杨, 王韬, 邢萌, 等. 基于密文随机性度量值分布特征的分组密码算法识别方案[J]. 通信学报, 2015, 36(4): 150-159. https://www.cnki.com.cn/Article/CJFDTOTAL-TXXB201504016.htm
WU Y, WANG T, XING M, et al. Block ciphers identification scheme based on the distribution character of randomness test values of ciphertext[J]. Journal on Communications, 2015, 36(4): 150-159(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-TXXB201504016.htm
|
| [2] |
丁伟, 谈程. 一种基于密文分析的密码识别技术[J]. 通信技术, 2016, 49(10): 1382-1386. doi: 10.3969/j.issn.1002-0802.2016.10.022
DING W, TAN C. An approach of identifying cipher based on cipertext analysis[J]. Communications Technology, 2016, 49(10): 1382-1386(in Chinese). doi: 10.3969/j.issn.1002-0802.2016.10.022
|
| [3] |
黄良韬, 赵志诚, 赵亚群. 基于随机森林的密码体制分层识别方案[J]. 计算机学报, 2018, 41(2): 382-399. https://www.cnki.com.cn/Article/CJFDTOTAL-JSJX201802008.htm
HUANG L T, ZHAO Z C, ZHAO Y Q. A two-stage cryptosystem recognition scheme based on random forest[J]. Journal of Computers, 2018, 41(2): 382-399(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-JSJX201802008.htm
|
| [4] |
李洪超. 基于密文特征的密码算法识别研究[D]. 西安: 西安电子科技大学, 2018.
LI H C. Cipher-text features based cipher system recognition[D]. Xi'an: Xidian University, 2018(in Chinese).
|
| [5] |
赵志诚, 赵亚群, 刘凤梅. 基于随机性测试的分组密码体制识别方案[J]. 密码学报, 2019, 6(2): 177-190. https://www.cnki.com.cn/Article/CJFDTOTAL-MMXB201902004.htm
ZHAO Z C, ZHAO Y Q, LIU F M. Scheme of block ciphers recognition based on randomness test[J]. Journal of Cryptologic Research, 2019, 6(2): 177-190(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-MMXB201902004.htm
|
| [6] |
王旭, 陈永乐, 王庆生, 等. 结合特征选择与集成学习的密码体制识别方案[J]. 计算机工程, 2021, 47(1): 139-145. https://www.cnki.com.cn/Article/CJFDTOTAL-JSJC202101019.htm
WANG X, CHEN Y L, WANG Q S, el al. Cryptosystem identification scheme combining feature selection and ensemble learning[J]. Computer Engineering, 2021, 47(1): 139-145(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-JSJC202101019.htm
|
| [7] |
DIERKS T. The transport layer security (TLS) protocol version 1.2[EB/OL](2020-01-21)[2020-07-05]. https://tools.ietf.org/html/rfc5246.
|
| [8] |
BRACEWELL R. The Fourier transform and its applications[J]. American Journal of Physics, 2002, 34(8): 712. http://www.eee.hku.hk/~work8501/FTapp/FT-FM.pdf
|
| [9] |
RUKHIN A, SOTA J, NECHVATAL J, et al. A statistical test suite for random and pseudorandom number generators for cryptographic applications: SP800-22 Revla. 1a[S]. Washington, D.C. : National Institute of Standards and Technology, 2010.
|
| [10] |
CORTES C, VAPNIK V. Support-vector networks[J]. Machine Learning, 1995, 20: 273-297. http://bmjopen.bmj.com/external-ref?access_num=10.1007/BF00994018&link_type=DOI
|
| [11] |
QUINLAN J R. Induction of decision trees[J]. Machine Learning, 1986, 1(1): 81-106.
|
| [12] |
HO T K. Random decision forests[C]//Proceedings of 3rd International Conference on Document Analysis and Recognition. Piscataway: IEEE Press, 1995: 278-282.
|
| [13] |
HASTIE T, TIBSHIRANI R, FRIEDMAN J. The elements of statistical learning: Data mining, inference and prediction[M]. Berlin: Springer, 2009.
|
| [14] |
LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition[J]. Proceedings of the IEEE, 1998, 86(11): 2278-2324. http://www.researchgate.net/profile/Yann_Lecun/publication/2985446_Gradient-Based_Learning_Applied_to_Document_Recognition/links/0deec519dfa1983fc2000000/Gradient-Based-Learning-Applied-to-Document-Recognition.pdf
|
| [15] |
GRAVES A, LIWICKI M, FERNÁNDEZ S, et al. A novel connectionist system for unconstrained handwriting recognition[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2008, 31(5): 855-868. http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=1E59A7962580A746C9EDFEE0D18FCE2D?doi=10.1.1.139.4502&rep=rep1&type=pdf
|
| [16] |
ROKACH L. Ensemble-based classifiers[J]. Artificial Intelligence Review, 2010, 33(1-2): 1-39.
|
| [17] |
WILLIAM W. Enron email dataset[DS/OL]. [2020-08-01]. https://www.cs.cmu.edu/~./enron/.
|
Figures(9) / Tables(5)
Copyright © Journal of Beijing University of Aeronautics and Astronautics
Address: Editorial Department of Journal of Beijing University of Aeronautics and Astronautics, 37 Xueyuan Road, Haidian District, Beijing Post Code: 100191 Email: jbuaa@buaa.edu.cn
Supported by:
Beijing Renhe Information Technology Co., Ltd.
DownLoad:
