Skip to main content
SpringerLink
Log in

Signcryption-Based Encrypted Traffic Detection Scheme for Fast Establishing Secure Connections

  • Conference paper
  • First Online:
Provable and Practical Security (ProvSec 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14217))

Included in the following conference series:

  • 272 Accesses

Abstract

The popularity of Internet traffic encryption has made encrypted traffic detection becoming a hot topic in the present academic community. Due to its fine-grained detection strategy that avoids the influence of traffic shaping, the encrypted payload detection method based on deep packet inspection (DPI) can obtain better detection results when compared to machine learning detection methods based on traffic features. Yet, existing DPI-based methods will cause non-negligible delays due to encryption in real-time scenarios. Signcryption can improve the delay in DPI-based detection scenarios. However, existing signcryption schemes fail to resolve the conflict between the correctness of detection results and message confidentiality. This paper proposes an encrypted traffic detection scheme based on signcryption that can effectively reduce latency. Furthermore, in the high concurrency scenario, the gateway is introduced to replace the client to complete the preprocessing protocol with the middle agent, avoiding the execution of preprocessing protocols between each client and the middle agent, thus reducing the latency caused by excessive calculation. In this paper, the algorithms of rule signcryption, preprocessing protocol, client processing packet, and traffic detection are designed for this scheme. The confidentiality and unforgeability of the scheme are analyzed by the random oracle model. Finally, through simulation experiments, our scheme significantly improves the delay problem in the preprocessing phase compared with the state-of-the-art methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Anderson, B., Paul, S., McGrew, D.: Deciphering malware’s use of TLS (without decryption). J. Comput. Virol. Hacking Techniques 14, 195–211 (2018). https://doi.org/10.1007/s11416-017-0306-6

    Article  Google Scholar 

  2. Cisco: 2018 Annual Cybersecurity Report: The evolution of malware and rise of artificial intelligence, https://www.cisco.com/c/en/us/products/security/security-reports.html. Accessed 22 Jul 2019

  3. De Caro, A., Iovino, V.: jPBC: Java pairing based cryptography. In: 2011 IEEE Symposium On Computers And Communications (ISCC), pp. 850–855. IEEE (2011). https://doi.org/10.1109/ISCC.2011.5983948

  4. Deng, N., Deng, S., Hu, C., Lei, K.: An efficient revocable attribute-based signcryption scheme with outsourced unsigncryption in cloud computing. IEEE Access 8, 42805–42815 (2019). https://doi.org/10.1109/ACCESS.2019.2963233

    Article  Google Scholar 

  5. Durumeric, Z., et al.: The security impact of HTTPS interception. In: NDSS (2017)

    Google Scholar 

  6. Eltayieb, N., Elhabob, R., Hassan, A., Li, F.: A blockchain-based attribute-based signcryption scheme to secure data sharing in the cloud. J. Syst. Architect. 102, 101653 (2020). https://doi.org/10.1016/j.sysarc.2019.101653

    Article  Google Scholar 

  7. Gorbunov, S., Vaikuntanathan, V., Wichs, D.: Leveled fully homomorphic signatures from standard lattices. In: Proceedings of the Forty-seventh Annual ACM symposium on Theory of Computing, pp. 469–477 (2015). https://doi.org/10.1145/2746539.2746576

  8. Grubbs, P., et al.: Pancake: Frequency smoothing for encrypted data stores. In: Usenix Security (2020)

    Google Scholar 

  9. Islam, S.H., Biswas, G.: A pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks. Annals of télécommunications-annales des telecommunications 67, 547–558 (2012). https://doi.org/10.1007/s12243-012-0296-9

    Article  Google Scholar 

  10. Islam, S.H., Khan, M.K., Al-Khouri, A.M.: Anonymous and provably secure certificateless multireceiver encryption without bilinear pairing. Security Commun. Netw. 8(13), 2214–2231 (2015). https://doi.org/10.1002/sec.1165

    Article  Google Scholar 

  11. Jianjin, Z., Qi, L., Shengli, L., Yanqing, Y., Yueping, H.: Towards traffic supervision in 6g: a graph neural network-based encrypted malicious traffic detection method. SCIENTIA SINICA Inform. 52, 270–286 (2022). https://doi.org/10.1360/SSI-2021-0280

    Article  Google Scholar 

  12. Karati, A., Fan, C.I., Hsu, R.H.: Provably secure and generalized signcryption with public verifiability for secure data transmission between resource-constrained iot devices. IEEE Internet Things J. 6(6), 10431–10440 (2019). https://doi.org/10.1109/JIOT.2019.2939204

    Article  Google Scholar 

  13. Kim, J., Camtepe, S., Baek, J., Susilo, W., Pieprzyk, J., Nepal, S.: P2DPI: practical and privacy-preserving deep packet inspection. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp. 135–146 (2021). https://doi.org/10.1145/3433210.3437525

  14. Lacharité, M.S., Paterson, K.G.: Frequency-smoothing encryption: preventing snapshot attacks on deterministically encrypted data. Cryptology ePrint Archive (2017)

    Google Scholar 

  15. Naylor, D., Finamore, A., Leontiadis, I., Grunenberger, Y., Mellia, M., Munafò, M.: The cost of the "s" in https. In: Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies, pp. 133–140 (2014). https://doi.org/10.1145/2674005.2674991

  16. Ning, J., et al.: Pine: enabling privacy-preserving deep packet inspection on TLS with rule-hiding and fast connection establishment. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) Computer Security – ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14–18, 2020, Proceedings, Part I, pp. 3–22. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58951-6_1

    Chapter  Google Scholar 

  17. Ning, J., Poh, G.S., Loh, J.C., Chia, J., Chang, E.C.: Privdpi: Privacy-preserving encrypted traffic inspection with reusable obfuscated rules. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1657–1670 (2019). https://doi.org/10.1145/3319535.3354204

  18. Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_33

    Chapter  Google Scholar 

  19. Radivilova, T., Kirichenko, L., Ageyev, D., Tawalbeh, M., Bulakh, V.: Decrypting SSL/TLS traffic for hidden threats detection. In: 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT), pp. 143–146. IEEE (2018). https://doi.org/10.1109/DESSERT.2018.8409116

  20. Roccia, T.: Malware packers use tricks to avoid analysis, detection. McAfee Blogs (2017)

    Google Scholar 

  21. Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: Blindbox: Deep packet inspection over encrypted traffic. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 213–226 (2015). https://doi.org/10.1145/2785956.2787502

  22. Snort: Snort rules. https://www.snort.org/ Accessed 12 Mar (2022)

  23. Symantec: Four pillars of integrated cyber defense. https://www.broadcom.com/products/cyber-security Accessed 11 Apr 2021

  24. Yaacoubi, O.: The rise of encrypted malware. Netw. Secur. 2019(5), 6–9 (2019). https://doi.org/10.1016/S1353-4858(19)30059-5

    Article  Google Scholar 

  25. Zhang, H., Papadopoulos, C., Massey, D.: Detecting encrypted botnet traffic. In: 2013 Proceedings IEEE INFOCOM, pp. 3453–1358. IEEE (2013). https://doi.org/10.1109/INFCOM.2013.6567180

  26. Zhang, Z., Kang, C., Xiong, G., Li, Z.: Deep forest with LRRS feature for fine-grained website fingerprinting with encrypted SSL/TLS. In: Proceedings of the 28th ACM International Conference on Information and Knowledge Management, pp. 851–860 (2019). https://doi.org/10.1145/3357384.3357993

  27. Zheng, Y.: Digital signcryption or how to achieve cost (signature & encryption) \(\ll \) cost (signature) + cost (encryption). In: Advances in Cryptology-CRYPTO’97: 17th Annual International Cryptology Conference Santa Barbara, California, USA August 17–21, 1997 Proceedings 17, pp. 165–179. Springer (1997). https://doi.org/10.1007/bfb0052234

Download references

Acknowledgments

This work was supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (Grant No. 62121001)

Author information

Authors and Affiliations

  1. School of Cyber Engineering, Xidian University, Xi’an, 710071, China

    Hao Zhu, Yong Zeng, Xiaoli Li & Jianfeng Ma

  2. School of Computer Science and Engineering, University of Electronic Science and Technology, Chengdu, 611731, China

    Fagen Li

  3. WuHan Marine Communication Research Institute, Wuhan, 430000, China

    Lihui Liu

Authors
  1. Hao Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fagen Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lihui Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yong Zeng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiaoli Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaoli Li .

Editor information

Editors and Affiliations

  1. Hubei University of Technology, Wuhan, China

    Mingwu Zhang

  2. Hong Kong Polytechnic University, Kowloon, Hong Kong

    Man Ho Au

  3. University of Wollongong, Wollongong, NSW, Australia

    Yudi Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhu, H., Li, F., Liu, L., Zeng, Y., Li, X., Ma, J. (2023). Signcryption-Based Encrypted Traffic Detection Scheme for Fast Establishing Secure Connections. In: Zhang, M., Au, M.H., Zhang, Y. (eds) Provable and Practical Security. ProvSec 2023. Lecture Notes in Computer Science, vol 14217. Springer, Cham. https://doi.org/10.1007/978-3-031-45513-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-45513-1_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-45512-4

  • Online ISBN: 978-3-031-45513-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation