Abstract
The popularity of Internet traffic encryption has made encrypted traffic detection becoming a hot topic in the present academic community. Due to its fine-grained detection strategy that avoids the influence of traffic shaping, the encrypted payload detection method based on deep packet inspection (DPI) can obtain better detection results when compared to machine learning detection methods based on traffic features. Yet, existing DPI-based methods will cause non-negligible delays due to encryption in real-time scenarios. Signcryption can improve the delay in DPI-based detection scenarios. However, existing signcryption schemes fail to resolve the conflict between the correctness of detection results and message confidentiality. This paper proposes an encrypted traffic detection scheme based on signcryption that can effectively reduce latency. Furthermore, in the high concurrency scenario, the gateway is introduced to replace the client to complete the preprocessing protocol with the middle agent, avoiding the execution of preprocessing protocols between each client and the middle agent, thus reducing the latency caused by excessive calculation. In this paper, the algorithms of rule signcryption, preprocessing protocol, client processing packet, and traffic detection are designed for this scheme. The confidentiality and unforgeability of the scheme are analyzed by the random oracle model. Finally, through simulation experiments, our scheme significantly improves the delay problem in the preprocessing phase compared with the state-of-the-art methods.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anderson, B., Paul, S., McGrew, D.: Deciphering malware’s use of TLS (without decryption). J. Comput. Virol. Hacking Techniques 14, 195–211 (2018). https://doi.org/10.1007/s11416-017-0306-6
Cisco: 2018 Annual Cybersecurity Report: The evolution of malware and rise of artificial intelligence, https://www.cisco.com/c/en/us/products/security/security-reports.html. Accessed 22 Jul 2019
De Caro, A., Iovino, V.: jPBC: Java pairing based cryptography. In: 2011 IEEE Symposium On Computers And Communications (ISCC), pp. 850–855. IEEE (2011). https://doi.org/10.1109/ISCC.2011.5983948
Deng, N., Deng, S., Hu, C., Lei, K.: An efficient revocable attribute-based signcryption scheme with outsourced unsigncryption in cloud computing. IEEE Access 8, 42805–42815 (2019). https://doi.org/10.1109/ACCESS.2019.2963233
Durumeric, Z., et al.: The security impact of HTTPS interception. In: NDSS (2017)
Eltayieb, N., Elhabob, R., Hassan, A., Li, F.: A blockchain-based attribute-based signcryption scheme to secure data sharing in the cloud. J. Syst. Architect. 102, 101653 (2020). https://doi.org/10.1016/j.sysarc.2019.101653
Gorbunov, S., Vaikuntanathan, V., Wichs, D.: Leveled fully homomorphic signatures from standard lattices. In: Proceedings of the Forty-seventh Annual ACM symposium on Theory of Computing, pp. 469–477 (2015). https://doi.org/10.1145/2746539.2746576
Grubbs, P., et al.: Pancake: Frequency smoothing for encrypted data stores. In: Usenix Security (2020)
Islam, S.H., Biswas, G.: A pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks. Annals of télécommunications-annales des telecommunications 67, 547–558 (2012). https://doi.org/10.1007/s12243-012-0296-9
Islam, S.H., Khan, M.K., Al-Khouri, A.M.: Anonymous and provably secure certificateless multireceiver encryption without bilinear pairing. Security Commun. Netw. 8(13), 2214–2231 (2015). https://doi.org/10.1002/sec.1165
Jianjin, Z., Qi, L., Shengli, L., Yanqing, Y., Yueping, H.: Towards traffic supervision in 6g: a graph neural network-based encrypted malicious traffic detection method. SCIENTIA SINICA Inform. 52, 270–286 (2022). https://doi.org/10.1360/SSI-2021-0280
Karati, A., Fan, C.I., Hsu, R.H.: Provably secure and generalized signcryption with public verifiability for secure data transmission between resource-constrained iot devices. IEEE Internet Things J. 6(6), 10431–10440 (2019). https://doi.org/10.1109/JIOT.2019.2939204
Kim, J., Camtepe, S., Baek, J., Susilo, W., Pieprzyk, J., Nepal, S.: P2DPI: practical and privacy-preserving deep packet inspection. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp. 135–146 (2021). https://doi.org/10.1145/3433210.3437525
Lacharité, M.S., Paterson, K.G.: Frequency-smoothing encryption: preventing snapshot attacks on deterministically encrypted data. Cryptology ePrint Archive (2017)
Naylor, D., Finamore, A., Leontiadis, I., Grunenberger, Y., Mellia, M., Munafò, M.: The cost of the "s" in https. In: Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies, pp. 133–140 (2014). https://doi.org/10.1145/2674005.2674991
Ning, J., et al.: Pine: enabling privacy-preserving deep packet inspection on TLS with rule-hiding and fast connection establishment. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) Computer Security – ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14–18, 2020, Proceedings, Part I, pp. 3–22. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58951-6_1
Ning, J., Poh, G.S., Loh, J.C., Chia, J., Chang, E.C.: Privdpi: Privacy-preserving encrypted traffic inspection with reusable obfuscated rules. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1657–1670 (2019). https://doi.org/10.1145/3319535.3354204
Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_33
Radivilova, T., Kirichenko, L., Ageyev, D., Tawalbeh, M., Bulakh, V.: Decrypting SSL/TLS traffic for hidden threats detection. In: 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT), pp. 143–146. IEEE (2018). https://doi.org/10.1109/DESSERT.2018.8409116
Roccia, T.: Malware packers use tricks to avoid analysis, detection. McAfee Blogs (2017)
Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: Blindbox: Deep packet inspection over encrypted traffic. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 213–226 (2015). https://doi.org/10.1145/2785956.2787502
Snort: Snort rules. https://www.snort.org/ Accessed 12 Mar (2022)
Symantec: Four pillars of integrated cyber defense. https://www.broadcom.com/products/cyber-security Accessed 11 Apr 2021
Yaacoubi, O.: The rise of encrypted malware. Netw. Secur. 2019(5), 6–9 (2019). https://doi.org/10.1016/S1353-4858(19)30059-5
Zhang, H., Papadopoulos, C., Massey, D.: Detecting encrypted botnet traffic. In: 2013 Proceedings IEEE INFOCOM, pp. 3453–1358. IEEE (2013). https://doi.org/10.1109/INFCOM.2013.6567180
Zhang, Z., Kang, C., Xiong, G., Li, Z.: Deep forest with LRRS feature for fine-grained website fingerprinting with encrypted SSL/TLS. In: Proceedings of the 28th ACM International Conference on Information and Knowledge Management, pp. 851–860 (2019). https://doi.org/10.1145/3357384.3357993
Zheng, Y.: Digital signcryption or how to achieve cost (signature & encryption) \(\ll \) cost (signature) + cost (encryption). In: Advances in Cryptology-CRYPTO’97: 17th Annual International Cryptology Conference Santa Barbara, California, USA August 17–21, 1997 Proceedings 17, pp. 165–179. Springer (1997). https://doi.org/10.1007/bfb0052234
Acknowledgments
This work was supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (Grant No. 62121001)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Zhu, H., Li, F., Liu, L., Zeng, Y., Li, X., Ma, J. (2023). Signcryption-Based Encrypted Traffic Detection Scheme for Fast Establishing Secure Connections. In: Zhang, M., Au, M.H., Zhang, Y. (eds) Provable and Practical Security. ProvSec 2023. Lecture Notes in Computer Science, vol 14217. Springer, Cham. https://doi.org/10.1007/978-3-031-45513-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-45513-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-45512-4
Online ISBN: 978-3-031-45513-1
eBook Packages: Computer ScienceComputer Science (R0)