A sensitive data detection system for large-scale ssl/tls encrypted session streams

Abstract

The invention provides a sensitive data detection system oriented to large-scale SSL / TLS encrypted session flow, including: a proxy decryption module, which is set at the Internet entry and exit gateway of the detection object, performs intermediate proxy for the SSL / TLS encrypted data transmission process, and outputs plaintext Content; detection task production scheduling module, which calls detection tools to generate detection tasks and task information, schedules the task processor to execute detection tasks, and sends the task information to the detection result generation module; task processor module is used to execute detection tasks and generate The task result; the detection tool module is used to detect the sensitive data contained in the plaintext content; the detection result generation module is used to judge and merge according to the task information and the task result to generate the detection result. This system does not require complex decryption key management process, separates detection task production and result processing, produces detection tasks asynchronously, schedules task processing resources on demand, and can quickly process large-scale SSL / TLS encrypted session streams in real time.

Description

technical field [0001] The invention relates to the field of network security, in particular to a sensitive data detection system for large-scale SSL / TLS encrypted session flow. Background technique [0002] Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are the most widely used security enhancement protocols in the current network. They use an asymmetric encryption mechanism to complete the identity authentication and key of the encryption parties. Exchange, and then use a symmetric encryption mechanism to encrypt the transmitted data to ensure data security. The SSL and TLS protocols work between the transport layer and the application layer. By combining with the application layer protocols, high-security application layer protocols can be constructed, such as https and TLS / SSL-based instant messaging and secure mail. It is estimated that by 2020, more than 90% of Internet traffic will be encrypted traffic, most of which is based on SSL / TLS encryption. ...

AI Technical Summary

Problems solved by technology

Its disadvantages are: it needs to obtain the encrypted private key, the key management process is complicated, and it cannot adapt to large-scale encrypted session flow; it is only suitable for the SSL / TLS protocol using the RSA key exchange mechanism

Its disadvantages are: the host application program needs to be modified, which affects the host business performance; the key management process is complicated and cannot adapt to the processing of large-scale encrypted session streams

Its disadvantages are that it will affect the communication process of both parties and reduce the performance of encrypted communication

[0008] In addition, the existing sensitive data leakage detection system uses a serial processing mechanism to process tasks such as data decryption and content detection, which cannot quickly process large-scale SSL / TLS encrypted session flows, and the task processing delay is relatively high

Images