计算机工程与应用 ›› 2020, Vol. 56 ›› Issue (20): 67-72.DOI: 10.3778/j.issn.1002-8331.1908-0183

• 网络、通信与安全 • 上一篇    下一篇

SSL协议隐蔽通道的研究与实现

杨皓云,王俊峰,刘嘉勇,唐彰国   

  1. 1.四川大学 网络空间安全学院,成都 610065
    2.四川大学 计算机学院,成都 610065
    3.四川师范大学 物理与电子工程学院,成都 610066
  • 出版日期:2020-10-15 发布日期:2020-10-13

Research and Implementation of Covert Channel of SSL Protocol

YANG Haoyun, WANG Junfeng, LIU Jiayong, TANG Zhangguo   

  1. 1.College of Cybersecurity, Sichuan University, Chengdu 610065, China
    2.College of Computer Science, Sichuan University, Chengdu 610065, China
    3.School of Physics and Electronic Engineering, Sichuan Normal University, Chengdu 610066, China
  • Online:2020-10-15 Published:2020-10-13

摘要:

为提升隐蔽通道的网络穿透能力及抗分析性能,提出了一种基于SSL安全协议的新型隐蔽通道。通过SSL握手报文的随机数字段建立隐蔽域,利用SSL握手协商构建消息通道,采用一包一密进行流量变形伪装,通过访问HTTPS服务实现网络隐蔽通道传输。在多种不同HTTPS环境下的实验验证了该方法的可行性,测试结果表明,相比传统存储型隐蔽通道,该隐蔽信道的容量有大幅度提高,单个报文可携带28 Byte信息,且具有更高的抗隐蔽域估计及抗统计画像能力。

关键词: 安全套接层(SSL), 隐蔽通道, 握手协商, 超文本安全传输协议(HTTPS)

Abstract:

In order to improve the network penetration capability and anti-analytic performance of the covert channel, a new covert channel based on SSL security protocol is proposed. The covert field is established through the random number field of the SSL handshake packet, and a message channel is constructed using SSL handshake negotiation. One packet uses one secret key to implement traffic deformation camouflage. The network covert channel transmission is realized by accessing the HTTPS service. Experiments in a variety of different HTTPS environments verify the feasibility of the proposed method. The experimental results show that the capacity of the covert channel is greatly improved compared with the traditional storage covert channel, and a single packet can carry 28 Byte of information. The SSL covert channel has higher anti-hidden domain estimation and anti-statistical image ability.

Key words: Secure Sockets Layer(SSL), covert channel, handshake negotiation, Hypertext Transfer Protocol Secure(HTTPS)