Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

SSL/TLS network encryption communication information real-time decryption method based on memory analysis

An encrypted communication and memory analysis technology, which is applied in the field of real-time decryption of SSL/TLS network encrypted communication information based on memory analysis, can solve problems such as undetectable, and achieve the effects of improving efficiency and accuracy, ensuring accuracy, and improving security

Active Publication Date: 2020-06-02
成都安舟信息技术有限公司
View PDF5 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Based on this, in view of the above problems, the present invention provides a real-time decryption method for SSL / TLS network encrypted communication information based on memory analysis, adopts a bypass deployment method, and uses information entropy theory, memory analysis technology and terminal behavior monitoring. Injection and API Hook technology, combined with network socket communication and network communication traffic capture and decryption system, realizes the extraction of network communication encryption keys and real-time decryption of network encrypted communication content, providing a solution for traditional network security detection and analysis and network attack evidence collection plaintext data, thereby solving the problem of being unable to detect due to network communication encryption, and improving detection efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SSL/TLS network encryption communication information real-time decryption method based on memory analysis
  • SSL/TLS network encryption communication information real-time decryption method based on memory analysis
  • SSL/TLS network encryption communication information real-time decryption method based on memory analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0054] like figure 1 As shown, a real-time decryption method for SSL / TLS network encrypted communication information based on memory analysis, comprising the following steps:

[0055] S1. Monitor the network encrypted communication session key generation function and the encrypted communication session ID generation function through the Agent using process injection technology and API Hook technology, and obtain the encrypted communication session ID and the corresponding encryption key;

[0056] S2. Obtain the local IP address of the client through the Agent;

[0057] S3. Encrypt the acquired encrypted communication session ID, network encrypted communication session key and local IP address of the client with a temporarily generated symmetric encryption key, and send the encrypted data to the network decryption terminal;

[0058] S4. After receiving the encrypted data, obtain the local IP address of the client, the encrypted communication session ID and the decryption key o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an SSL / TLS network encryption communication information real-time decryption method based on memory analysis. The method comprises the following steps: monitoring a network encryption communication session key generation function and an encryption communication session ID generation function by using a process injection technology and an API Hook technology through an Agentto obtain an encryption communication session ID and a corresponding encryption key; obtaining a local IP address of the client through the Agent; encrypting the acquired encryption communication session ID, the network encryption communication session key and the local IP address of the client through a temporarily generated symmetric encryption key, and sending the encrypted data to a network decryption end; and after receiving the encrypted data, obtaining a local IP address of the client, the encryption communication session ID and a decryption key of the corresponding session, and decrypting and storing the corresponding network encryption communication session in real time. According to the invention, the extraction of the network communication encryption key and the real-time decryption of the network encryption communication content can be effectively realized, and the detection efficiency is improved.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a real-time decryption method of SSL / TLS network encrypted communication information based on memory analysis. Background technique [0002] In cryptography, coding studies the method of keeping communication secrets from being leaked and stolen, while deciphering ciphers analyzes and decrypts intercepted ciphertexts for the purpose of obtaining communication information. In recent years, with the widespread promotion and application of the Internet, incidents of network theft and leaks have occurred frequently. Based on coding in cryptography, a variety of network encrypted communication mechanisms have been formed, such as SSL (Secure Sockets Layer) and its upgraded version of TLS. (Transport Layer Security Transport Layer Security). [0003] At present, network encrypted communication based on SSL / TLS has been widely popularized and applied, thereby ensuring the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0428H04L63/168H04L63/0435
Inventor 唐彰国李焕洲云胜强陈桂桦牛亚超严得荣
Owner 成都安舟信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products