Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (3): 326-334.doi: 10.11896/jsjkx.221200147

• Information Security • Previous Articles     Next Articles

Cryptographic Protocol Reverse Method Based on Information Entropy and Closed Frequent Sequences

LIANG Chen1, HONG Zheng2, WU Lifa1, JI Qingbing3   

  1. 1 School of Cybersecurity,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
    2 College of Command and Control Engineering,Army Engineering University,Nanjing 210007,China
    3 No.30 Institute of CETC,Chengdu 610041,China
  • Received:2022-12-25 Revised:2023-04-06 Online:2024-03-15 Published:2024-03-13
  • About author:LIANG Chen,born in 1998,postgra-duate.Her main research interests include cybersecurity and reverse engineering.WU Lifa,born in 1968,Ph.D,professor,Ph.D supervisor.His main research interests include cybersecurity and software security.
  • Supported by:
    National Key Research and Development Program of China(2019YFB2101704).

PDF (PC)

738

Abstract: Unknown cryptographic protocols are widely used for the secure transmission of sensitive information,and reversing cryptographic protocol is of great significance to both attackers and defenders.In order to efficiently reverse complex cryptographic protocols,a cryptographic protocol reverse method based on information entropy and closed frequent sequences is proposed.The information entropy is used to distinguish the plaintext and ciphertext,and the closed frequent sequences mined by BIDE algorithm are used to identify dynamic fields and static fields in the messages.A length field identification algorithm is proposed.It slices the message,and compares the sliced field values with the set of length field values to achieve various forms of length field recognition in cryptographic protocols.Heuristic strategies are proposed to recognize the semantics of key fields including the fields specific to cryptographic protocols such as encryption suites and encryption algorithms.Experimental results show that the method can effectively identity fields and extract the formats of cryptographic protocols,outperforms the existing me-thods in various length fields identification and semantic recognition of key fields specific to cryptographic protocols as well.

Key words: Protocol reverse, Cryptographic protocol, Information entropy, Closed frequent sequence, Network traffic, Semantic recognition

CLC Number: 

  • TP393
[1]WANG Z F,CHENG G,MA W J,et al.Research progress of network protocol reverse engineering technologies based on network trace [J].Journal of Software,2022,33(1):254-273.
[2]KLEBER S,MAILE L,KARGL F.Survey of protocol reverse engineering algorithms:decomposition of tools for static traffic analysis[J/OL].IEEE Communications Surveys & Tutorials,2018.https://ieeexplore.ieee.org/document/8449079.
[3]WU L F,HONG Z,PAN F.Network protocol reverse analysis and application[M].Beijing:National Defense Industry Press,2016.
[4]YE Y,ZHANG Z,WANG F,et al.Netplier:probabilistic network protocol reverse engineering from message Traces[C]//Network and Distributed System Security Symposium.2021.
[5]GENTRY C,WATERS B.Adaptive security in broadcast en-cryption systems(with short ciphertexts) [C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.2009:171-188.
[6]ZHAO X,ZHANG F.Fully CCA2 secure identity-based broadcast encryption with black-box accountable authority[J].Journal of Systems and Software,2012,85(3):708-716.
[7]SHI X L,ZHU Y F,LIU L,et al.Method of encrypted protocol reverse engineering[J].Application Research of Computers,2015,32(1):214-217.
[8]GAO J F,ZHANG Y F,LUO S ,et al.Research on Taint Backtracking Reverse Analysis Method of Network Encoding Protocol[J].Netinfo Security,2017(1):68-76.
[9]MA R K,ZHENG H,WANG J Y,et al.Automatic protocol reverse engineering for industrial control systems with dynamic taint analysis[J].Frontiers of Information Technology & Electronic Engineering,2022,23(3):351-360.
[10]ZHU Y,HAN J,YUAN L,et al.SPFPA:A format parsing approach for unknown security protocols[J].Journal of Computer Research and Development,2015,52(10):2200.
[11]HE X D.Security Analysis of Security Protocol Implementations Based on Network Trace [D].Wuhan:South-Central Minzu University,2019.
[12]TANG S Y,CHENG G,JIANG B M,et al.Detection and recognition of VPN encrypted traffic based on segmented entropy distribution[J].Cyberspace Security.2020,11(8):23-27,33.
[13]XIAO D Q,ZHOU Q,ZHANG H G,et al.Analyzing encryption protocols based on temporal logic[J].Chinese Journal of Computers,2002,25(10):1083-1089.
[14]DING S F,ZHU H,XU X Z,et al.Entropy-based fuzzy information measures[J].Chinese Journal of Computers,2012,35(4):796-801.
[15]ZHU Y N,HAN J H,YUAN L,et al.Protocol ciphertext field identification by entropy estimating[J].Journal of Electronics & Information Technology,2016,38(8):1865-1871.
[16]FELFMANN A,ZITTERBART M,CROWCROFT J,et al.Technologies,Architectures,and Protocols for Computer Communication[C]//ACM SIGCOMM Conference on Applications,Technologies,Architectures,and Protocols for Computer Communication.2003.
[17]OLIVIAN J,GUOBAULT-LARRECG J.Detecting subvertedcryptographic protocols by entropy checking[D].LSV,ENS Cachan,2006.
[18]KLEBER S,MAILE L,KARGL F.Survey of protocol reverseengineering algorithms:Decomposition of tools for static traffic analysis[J].IEEE Communications Surveys & Tutorials,2018,21(1):526-561.
[19]WANG H,DING S F.Research and development of sequential pattern mining(SPM)[J].Computer Science,2009,36(12):14-17.
[20]WANG J,HAN J.BIDE:efficient mining of frequent closed sequences[C]//Proceedings 20th International Conference on Data Engineering.2004:79-90.
[21]SRIKANT R,AGRAWAL R.Mining sequential patterns:Generalizations and performance improvements[C]//International Conference on Extending Database Technology.1996:1-17.
[22]ZAKI M J.SPADE:An efficient algorithm for mining frequent sequences[J].Machine Learning,2001,42(1):31-60.
[23]PEI J,HAN J,MORTAZAVI-ASL B,et al.Mining sequential patterns by pattern-growth:The prefixspan approach[J].IEEE Transactions on knowledge and data engineering,2004,16(11):1424-1440.
[1] GUO Yuxing, YAO Kaixuan, WANG Zhiqiang, WEN Liangliang, LIANG Jiye. Black-box Graph Adversarial Attacks Based on Topology and Feature Fusion [J]. Computer Science, 2024, 51(1): 355-362.
[2] ZHOU Zhiqiang, ZHU Yan. Local Community Detection Algorithm for Attribute Networks Based on Multi-objective Particle Swarm Optimization [J]. Computer Science, 2023, 50(6A): 220200015-6.
[3] YANG Yahui, MA Rongkuan, GENG Yangyang, WEI Qiang, JIA Yan. Black-box Fuzzing Method Based on Reverse-engineering for Proprietary Industrial Control Protocol [J]. Computer Science, 2023, 50(4): 323-332.
[4] DU Qingpeng, XU Yinlong, WU Si. Stripe Matching and Merging Algorithm-based Redundancy Transition for Locally Repairable Codes [J]. Computer Science, 2023, 50(12): 89-96.
[5] MA Jiye, ZHU Guosheng, WEI Cao, ZENG Yuxuan. Noise Tolerant Algorithm for Network Traffic Classification Method [J]. Computer Science, 2023, 50(11A): 220800120-7.
[6] HE Yulin, ZHU Penghui, HUANG Zhexue, Fournier-Viger PHILIPPE. Classification Uncertainty Minimization-based Semi-supervised Ensemble Learning Algorithm [J]. Computer Science, 2023, 50(10): 88-95.
[7] WANG Xin-tong, WANG Xuan, SUN Zhi-xin. Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network [J]. Computer Science, 2022, 49(8): 314-322.
[8] XIA Yuan, ZHAO Yun-long, FAN Qi-lin. Data Stream Ensemble Classification Algorithm Based on Information Entropy Updating Weight [J]. Computer Science, 2022, 49(3): 92-98.
[9] YANG Zi-ji, PAN Yan, ZHU Yue-fei, LI Xiao-wei. Field Segmentation of Binary Protocol Based on Probability Model [J]. Computer Science, 2022, 49(10): 319-326.
[10] ZHOU Gang, GUO Fu-liang. Research on Ensemble Learning Method Based on Feature Selection for High-dimensional Data [J]. Computer Science, 2021, 48(6A): 250-254.
[11] XIANG Chang-sheng, CHEN Zhi-gang. Chaotic Prediction Model of Network Traffic for Massive Data [J]. Computer Science, 2021, 48(5): 289-293.
[12] ZHU Ping. Complex Algorithm Design and Maintenance Based on Thinking Map [J]. Computer Science, 2021, 48(11A): 682-687.
[13] ZHAO Qin-yan, LI Zong-min, LIU Yu-jie, LI Hua. Cascaded Siamese Network Visual Tracking Based on Information Entropy [J]. Computer Science, 2020, 47(9): 157-162.
[14] LIU Zi-qi, GUO Bing-hui, CHENG Zhen, YANG Xiao-bo and YIN Zi-qiao. Science and Technology Strategy Evaluation Based on Entropy Fuzzy AHP [J]. Computer Science, 2020, 47(6A): 1-5.
[15] LI Yi-hao, HONG Zheng, LIN Pei-hong, FENG Wen-bo. Message Format Inference Method Based on Rough Set Clustering [J]. Computer Science, 2020, 47(12): 319-326.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.