Sensitive data detection system for large-scale SSL/TLS encrypted session flow

Abstract

The invention provides a sensitive data detection system for a large-scale SSL/TLS encrypted session stream. The system comprises an agent decryption module which is disposed at an Internet access gateway of a detection object, carries out the intermediate agent of an SSL/TLS encrypted data transmission process, and outputs the plaintext content, a detection task production scheduling module whichcalls a detection tool to generate a detection task and task information, schedules a task processor to execute the detection task, and sends the task information to a detection result generation module, a task processor module which is used for executing the detection task and generating a task result, a detection tool module which is used for detecting sensitive data contained in the plaintextcontent, and the detection result generation module which is used for judging and combining according to the task information and the task result to generate a detection result. According to the system, a complex decryption key management process is not needed, detection task production and result processing are separated, detection tasks are asynchronously produced, task processing resources arescheduled as required, and large-scale SSL/TLS encrypted session streams can be rapidly processed in real time.

Description

technical field [0001] The invention relates to the field of network security, in particular to a sensitive data detection system for large-scale SSL / TLS encrypted session flow. Background technique [0002] Transport Layer Security (Transport Layer Security, TLS) and Secure Sockets Layer (SecureSockets Layer, SSL) are the most widely used security enhancement protocols in the current network, which use asymmetric encryption mechanism to complete the encryption of both identity authentication and key Exchange, and then use the symmetric encryption mechanism to encrypt the transmitted data to ensure data security. The SSL and TLS protocols work between the transport layer and the application layer. By combining with the application layer protocol, a high-security application layer protocol can be constructed, such as https, TLS / SSL-based instant messaging, secure email, etc. It is estimated that by 2020, more than 90% of Internet traffic will be encrypted traffic, most of wh...

AI Technical Summary

Problems solved by technology

Its disadvantages are: it needs to obtain the encrypted private key, the key management process is complicated, and it cannot adapt to large-scale encrypted session flow; it is only suitable for the SSL / TLS protocol using the RSA key exchange mechanism

Its disadvantages are: the host application program needs to be modified, which affects the host business performance; the key management process is complicated and cannot adapt to the processing of large-scale encrypted session streams

Its disadvantages are that it will affect the communication process of both parties and reduce the performance of encrypted communication

[0008] In addition, the existing sensitive data leakage detection system uses a serial processing mechanism to process tasks such as data decryption and content detection, which cannot quickly process large-scale SSL / TLS encrypted session flows, and the task processing delay is relatively high

Images