CN115396240B - Method, system and storage medium for detecting and detecting national secret SSL protocol - Google Patents

Method, system and storage medium for detecting and detecting national secret SSL protocol Download PDF

Info

Publication number
CN115396240B
CN115396240B CN202211330818.0A CN202211330818A CN115396240B CN 115396240 B CN115396240 B CN 115396240B CN 202211330818 A CN202211330818 A CN 202211330818A CN 115396240 B CN115396240 B CN 115396240B
Authority
CN
China
Prior art keywords
detection
server
protocol
password
password specification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211330818.0A
Other languages
Chinese (zh)
Other versions
CN115396240A (en
Inventor
杨伟
杨森
王杨
李昆阳
陈万钢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Haofu Cipher Detection Technology Chengdu Co ltd
Original Assignee
Haofu Cipher Detection Technology Chengdu Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Haofu Cipher Detection Technology Chengdu Co ltd filed Critical Haofu Cipher Detection Technology Chengdu Co ltd
Priority to CN202211330818.0A priority Critical patent/CN115396240B/en
Publication of CN115396240A publication Critical patent/CN115396240A/en
Application granted granted Critical
Publication of CN115396240B publication Critical patent/CN115396240B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a method, a system and a storage medium for luring and detecting a national secret SSL protocol, belonging to the technical field of network security and comprising the following steps: the detection end acquires a password specification supported by the server end through detection, selects a specification which is matched with a network application scene appropriately, and establishes SSL connection with the server end; after the detection end completes SSL protocol detection on the server end, a server end password specification capability list is obtained, and the server end password specification capability list is traversed and is adapted to the compliance model of the detection end one by one; and acquiring a server password specification capability set, respectively detecting the correctness of each algorithm suite in the capability set, and detecting and judging the correctness of the server SSL algorithm suite implementation through a correctness model. The method realizes the detection of the network server country secret SSL protocol and the detection of the correctness of the compliance, and can judge 3 aspects of the network server country secret SSL protocol according to the detection result.

Description

Method, system and storage medium for detecting and detecting national secret SSL protocol
Technical Field
The invention relates to the technical field of network security, in particular to a method, a system and a storage medium for luring and detecting a national secret SSL protocol.
Background
The national cipher SSL protocol is a protocol which is defined by referring to a transmission layer security protocol, combining practical application requirements and practical experience of manufacturers in China according to relevant password policies and regulations in China, adding an ECC (error correction code) and IBC (identity based key) authentication mode and a key exchange mode in a TLS1.1 handshake protocol, canceling a DH (distributed data) key exchange mode and modifying a password suite, and mainly comprises a handshake protocol, a password specification change protocol, an alarm protocol and a recording layer protocol, wherein the handshake protocol is used for identity authentication and security parameter negotiation; the password specification change protocol is used for notifying the change of the security parameters; the alarm protocol is used for closing the notice and alarming for errors; the record layer protocol is used for segmenting, compressing and decompressing transmission data, encrypting and decrypting, checking integrity and the like.
The national secret SSL protocol is mainly applied to negotiation between end to establish an SSL security transmission channel, so that confidentiality and integrity protection of data transmission are realized, and one-way authentication and two-way authentication of a client server side can be realized based on an asymmetric key (a public key digital certificate). The national secret SSL protocol is integrated in the browser, HTTPS safe transmission can be realized, and the authenticity and the validity of a server certificate are verified, so that the credible verification of the server is realized. The server can also utilize the bidirectional authentication to realize the effective verification of the access client, thereby ensuring the authenticity and credibility of the access client. The national Security Socket Layer (SSL) protocol can also be used for a client to access protected server resources in an intranet, and the SSLVPN security gateway is deployed to realize fine-grained access control, single sign-on application portals, client identity verification, data encryption transmission and integrity protection on the intranet resources.
The national secret SSL protocol supports 12 combinations of cipher suites, the cipher suites are mainly formed by combining a key exchange algorithm, a symmetric encryption algorithm and a message authentication code algorithm, and for unconventional scenes of a client and a server, the client does not know the combination of the SSL protocol suites supported by the server, improper handshake messages initiated by the client receive warning messages from the server, and in such a case, the server closes the connection, and SSL handshake cannot continue. And because of the non-plaintext characteristic of the national secret SSL protocol, once the handshake between the client and the server is completed, the security parameters negotiated by the two parties are used for encrypted transmission, the TCP layer IP layer is used as a bearing protocol layer to transparently forward the record layer encrypted data packet of the SSL protocol, even if the data of each protocol layer of the SSL protocol is intercepted by a network packet capturing tool, the protocol details cannot be really restored because the data is encrypted and unreadable, and the protocol details must be completely restored to judge the compliance and the correctness of the SSL protocol of the server, but at present, a method for detecting the compliance and the correctness of the national secret SSL protocol is not available.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, provides a method, a system and a storage medium for luring and detecting a national secret SSL protocol, and solves the problems of unknown and uncertain support of a server SSL protocol algorithm suite and rapid detection of the compliance, correctness and effectiveness of the server national secret SSL protocol.
The purpose of the invention is realized by the following technical scheme: a method for luring and detecting a cryptographic SSL protocol comprises the following steps:
s1, protocol detection: the detection end acquires the password specification supported by the server end through probing, selects the specification which is matched with the network application scene appropriately, and establishes SSL connection with the server end;
s2, compliance detection: after the detection end completes SSL protocol detection of the server end, a server end password specification capability list is obtained, the server end password specification capability list is traversed, the server end password specification capability list is adapted to the compliance model of the detection end one by one, and the SSL protocol algorithm compliance detection of the server end is completed;
s3, correctness detection: and acquiring a server password specification capability set, respectively carrying out correctness detection on each algorithm suite in the capability set, and detecting and judging the correctness of the server SSL algorithm suite by using a correctness model.
The protocol detection step specifically comprises the following steps:
s11, initializing a detection environment of a detection end;
s12, acquiring a system password suite configuration list through a detection end, and positioning the system password suite configuration list at the head position of the list;
s13, acquiring a password suite of the current position of the list, initializing the suite, reconstructing protocol structure data, and establishing safe communication connection with a server;
s14, if the connection returned by the server side is a confirmation message, the detection side closes the safety connection, stores the password suite into the password specification capability list of the server side, and moves down the reading position of the configuration list to obtain the next password suite;
s15, if the connection returned by the server side is a rejection message, the detection side closes the safety connection, and the configuration list reading position is moved downwards to obtain the next password suite;
s16, repeating the steps S13-S15, and traversing all password suites in the configuration list until the reading of the list is finished;
s17, the detection end obtains all password specification capabilities supported by the server end, protocol detection of the detection end to the server end is completed, and at the moment, a server end password specification capability list is stored and persisted.
The compliance detection step specifically comprises the following steps:
s21, acquiring a server password specification capability set which is obtained by luring detection and is stored persistently;
s22, obtaining a detection end algorithm compliance model;
s23, traversing the server password specification capability sets one by one;
s24, searching whether the compliance model of the detection end is matched with the password specification of the current server end;
s25, if the step is adaptive, continuing to execute the steps S23 and S24;
s26, if the password is not adapted, ending the abnormal operation, and returning to the password specification of the current non-compliant server;
and S27, completing traversal of the server side password specification, normally finishing, and returning to the server side SSL protocol suite compliance mark.
The correctness detection step specifically comprises the following steps:
s31, acquiring a server password specification capability set which is obtained by luring detection and is stored persistently;
s32, acquiring a detection end correctness model;
s33, traversing the server password specification capability sets one by one;
s34, initializing a current password specification protocol suite and a state controller;
s35, the detection end initiates a handshake request to the server end, and the state controller is updated;
s36, waiting for the readable message queue of the server;
s37, extracting a server message queue when the message is ready;
s38, the correctness model of the detection end carries out correctness verification and detection on the input state controller and the server side message queue;
s39, if the correctness detection is passed, updating the state controller, if the detection is finished, repeating the step S33, and if the detection is not finished, repeating the step S36;
s310, if the correctness detection does not pass, recording and persisting the server side password specification which does not pass the current correctness detection;
s311, repeating the step S33, and starting to detect the next server password specification;
and S312, finishing traversal of the server side password specification and finishing detection.
A national secret SSL protocol detection and detection system comprises a main control module, a protocol detection module, a password specification analysis module, a password specification traversal module, a protocol detection module, a compliance model, a feature library and a correctness model;
the main control module is used for carrying out trigger control on the protocol detection module, the password specification analysis module, the password specification traversal module, the protocol detection module, the compliance model, the feature library and the correctness model;
the detection inducing module is used for initiating protocol detection inducing for the remote SSL server, actively closing network connection with the server after each protocol detection inducing, and transmitting the characteristic data obtained by the detection inducing to the password specification analysis module for processing;
the password specification analysis module is used for carrying out feature extraction, feature analysis, feature identification and processing on the feature data obtained by the detection so as to obtain a server password specification capability set;
the password specification traversal module is used for traversing the password specification capability set of the server obtained by the inducing detection, creating a new process every time a password specification is obtained by the traversal, realizing the asynchronous communication with the SSL server, scheduling and managing the created process, and establishing an SSL handshake protocol between the driving process and the server corresponding to the password specification type;
the protocol detection module is used for realizing handshake protocol, password specification change protocol, record layer protocol and alarm protocol detection in SSL protocol set;
the compliance model is used for traversing the server side password specification capability sets one by one to carry out compliance detection according to the server side password specification capability sets obtained by the password specification analysis module;
the characteristic library is used for storing characteristic data obtained by the password specification analysis module;
and the correctness model is used for traversing the server side password specification capability sets one by one for correctness detection according to the server side password specification capability sets obtained by the password specification analysis module.
The system also comprises an alarm processing module, an identification library, a log analysis module and a rule library; the alarm processing module is used for analyzing alarm data which is sent by the SSL server and is in Alert type, and acquiring an alarm code through analyzing the alarm data so as to carry out protocol debugging and problem positioning; the identification library is used for managing and configuring a password protocol identification, a password exchange algorithm identification, an authentication algorithm identification, an encryption algorithm identification and a Hash algorithm identification so as to establish an identification library; the log analysis module is used for displaying and analyzing logs of states, steps and attribute values in the detection process so as to conveniently restore, judge and analyze the protocol; the rule base is used for establishing a basic rule base covering three dimensions through high abstraction and expression of rules from three dimensions of compliance, correctness and effectiveness realized by an SSL protocol.
The protocol detection module comprises the following detection steps:
a1, a detection end initiates handshake information to a server end and waits for the server end to respond;
a2, the message queue mark of the waiting receiving server is read ready;
a3, recognizing and processing handshake messages of a server side, otherwise, alarming abnormally;
a4, identifying and processing the certificate message of the server, otherwise, alarming abnormally;
a5, identifying and processing the key exchange message of the server, otherwise, alarming abnormally;
a6, identifying and processing a server certificate request message, setting a detection end certificate request identifier, and otherwise, giving an alarm abnormally;
a7, identifying and processing a handshake finishing message of the server side, otherwise, alarming abnormally;
and A8, if the abnormal alarm exists, the detection of the server-side protocol fails, and if the abnormal alarm does not exist, the detection is further realized by receiving the SSL protocol.
The receiving SSL protocol implementation detection comprises:
b1, the certificate request identification of the detection end is valid, and the detection end initiates a certificate message;
b2, the detection end sends a key exchange message to generate and exchange key security parameters;
b3, the certificate request identification of the detection end is valid, and the detection end initiates a certificate verification message;
b4, the detection end sends a password specification change message;
b5, the detection end sends a handshake completion message;
b6, waiting for the message queue identifier of the server to be read ready;
b7, identifying whether a service end warning message exists in the message queue, if so, failing to detect the service end protocol, and finishing the detection;
b8, identifying and processing the password specification change message of the server, otherwise, alarming abnormally;
b9, identifying and processing handshake completion information of the server side, and otherwise, alarming abnormally;
and B10, finishing the protocol detection, and passing the protocol detection of the server.
A computer device comprising a memory having stored thereon a computer program and a processor implementing the steps of the method for secure SSL protocol probing and detection when executing the computer program.
A computer readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method for secure SSL protocol probing and detection.
The invention has the following advantages: a method, a system and a storage medium for detecting and detecting a national secret SSL protocol realize the detection and the correctness detection of the compliance of the national secret SSL protocol of a network server. Whether the network service end country secret SSL protocol meets the technical specification can be judged through detection and detection, and 3 aspects of the compliance, the correctness and the effectiveness of the realization of the network service end country secret SSL protocol can be judged according to the detection result. The problem that the existing traditional detection technology is established on the basis that the client and the server adopt the same password specification for single detection, does not have the sensing capability of the server SSL protocol password specification, and lacks universality, universality and expandability is solved.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention;
FIG. 2 is a schematic diagram of the framework of the system of the present invention;
FIG. 3 is a first schematic diagram illustrating SSL protocol detection in the protocol detection module;
fig. 4 is a schematic diagram of a SSL protocol detection process in the protocol detection module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. The components of the embodiments of the present application, as generally described and illustrated in the figures herein, could be arranged and designed in a wide variety of different configurations. Thus, the detailed description of the embodiments of the present application provided below in connection with the appended drawings is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application. The invention is further described below with reference to the accompanying drawings.
As shown in fig. 1, one embodiment of the present invention relates to a method for detecting and detecting a cryptographic SSL protocol, which solves the problems of the conventional method that the cryptographic specification of the SSL server is unknown and uncertain by the SSL client, and the SSL protocol cannot be established once the cryptographic specification selected by the client is not suitable for the server; the specific detection method comprises the following steps:
s1, protocol detection: the detection end acquires the password specification supported by the server end through probing, selects the specification which is matched with the network application scene appropriately, and establishes SSL connection with the server end; the mechanism that the SSL connection password specification is determined by the server side in the traditional mode at present is fundamentally changed, and the initiative right and the decision right are handed to the communication request client side.
S2, compliance detection: after the detection end completes SSL protocol detection of the server end, a server end password specification capability list is obtained, the server end password specification capability list is traversed, the server end password specification capability list is adapted to the compliance model of the detection end one by one, and the SSL protocol algorithm compliance detection of the server end is completed;
s3, correctness detection: and acquiring a server side password specification capability set, respectively carrying out correctness detection on each algorithm suite in the capability set according to GM/T0024 SSL VPN technical specification, and detecting and judging the correctness of the realization of the SSL algorithm suite of the server side through a correctness model.
Further, the protocol inducing step specifically comprises the following steps:
s11, initializing a detection environment of a detection end;
s12, acquiring a system password suite configuration list through a detection end, and positioning the system password suite configuration list at the head position of the list;
s13, acquiring a password suite of the current position of the list, initializing the suite, reconstructing protocol structure data, and establishing a secure communication connection with a server;
s14, if the connection returned by the server side is a confirmation message, the detection side closes the safety connection, stores the password suite into a password specification capability list of the server side, and moves down the reading position of the configuration list to obtain the next password suite;
s15, if the connection returned by the server side is a rejection message, the detection side closes the safety connection and moves down the configuration list reading position to obtain the next password suite;
s16, repeating the steps S13-S15, and traversing all password suites in the configuration list until the reading of the list is finished;
s17, the detection end obtains all password specification capabilities supported by the server end, protocol detection of the detection end to the server end is completed, and at the moment, a server end password specification capability list is stored and persisted.
Further, the compliance detection step specifically comprises the following steps:
s21, acquiring a server password specification capability set which is obtained by luring detection and is stored persistently;
s22, obtaining a detection end algorithm compliance model;
s23, traversing the server password specification capability sets one by one;
s24, searching whether the compliance model of the detection end is matched with the password specification of the current server end;
s25, if the step is adaptive, continuing to execute the steps S23 and S24;
s26, if the password is not adapted, ending the abnormal operation, and returning to the password specification of the current non-compliant server;
and S27, completing traversal of the server side password specification, normally finishing, and returning to the server side SSL protocol suite compliance mark.
Further, the correctness detection step specifically includes the following steps:
s31, acquiring a server password specification capability set which is acquired by luring detection and stored persistently;
s32, acquiring a detection end correctness model;
s33, traversing the server password specification capability sets one by one;
s34, initializing a current password specification protocol suite and a state controller;
s35, the detection end initiates a handshake request to the server end, and the state controller is updated;
s36, waiting for the readable message queue of the server;
s37, extracting a server message queue when the message is ready;
s38, the correctness model of the detection end carries out correctness verification and detection on the input state controller and the server side message queue;
s39, if the correctness detection is passed, updating the state controller, if the detection is finished, repeating the step S33, and if the detection is not finished, repeating the step S36;
s310, if the correctness detection does not pass, recording and persisting the server side password specification which does not pass the current correctness detection;
s311, repeating the step S33, and starting to detect the next server password specification;
and S312, finishing traversal of the server side password specification and finishing detection.
As shown in fig. 2, another embodiment of the present invention relates to a system for inducing and detecting a cryptographic SSL protocol, which includes a main control module, a protocol inducing module, a cryptographic specification analyzing module, a cryptographic specification traversing module, a protocol detecting module, a compliance model, a feature library, and a correctness model;
the main control module is used for triggering and controlling the protocol detection module, the password specification analysis module, the password specification traversal module, the protocol detection module, the compliance model, the feature library and the correctness model;
the detection inducing module is used for initiating protocol detection inducing for the remote SSL server, actively closing network connection with the server after each protocol detection inducing, and transmitting the characteristic data obtained by the detection inducing to the password specification analysis module for processing;
the password specification analysis module is used for carrying out feature extraction, feature analysis, feature identification and processing on the feature data obtained by the detection so as to obtain a server password specification capability set;
the password specification traversal module is used for traversing the password specification capability set of the server obtained by the inducing detection, a new process is created when a password specification is obtained by the traversal, an asynchronous non-blocking communication SOCKET is created by the new process, the asynchronous communication with the SSL server is realized, the created process is scheduled and managed, and the SSL handshake protocol is established between the driving process and the server corresponding to the password specification type;
the protocol detection module is used for realizing the detection of a handshake protocol, a password specification change protocol, a record layer protocol and an alarm protocol in SSL protocol set by referring to GM/T0024 SSL VPN technical specification;
the compliance model is used for traversing the server side password specification capability sets one by one according to the server side password specification capability sets obtained by the password specification analysis module to carry out compliance detection;
the characteristic library is used for storing the characteristic data obtained by the password specification analysis module;
and the correctness model is used for traversing the server side password specification capability sets one by one for correctness detection according to the server side password specification capability sets obtained by the password specification analysis module.
Furthermore, the system also comprises an alarm processing module, an identification library, a log analysis module and a rule library; the alarm processing module is used for analyzing the alarm data which is sent by the SSL server and is in Alert type, and acquiring an alarm code through analyzing the alarm data so as to carry out protocol debugging and problem positioning; the identification library is used for managing and configuring a password protocol identification, a password exchange algorithm identification, an authentication algorithm identification, an encryption algorithm identification and a Hash algorithm identification so as to establish an identification library; the log analysis module is used for displaying and analyzing logs of states, steps and attribute values in the detection process so as to conveniently restore, study, judge and analyze the protocol; the rule base is used for establishing a basic rule base covering three dimensions through high abstraction and expression of rules from three dimensions of compliance, correctness and effectiveness realized by an SSL protocol.
Further, as shown in fig. 3, the detection steps of the protocol detection module are as follows:
a1, a detection terminal initiates handshake information to a server terminal and waits for the response of the server terminal;
a2, the message queue mark of the waiting receiving server is read ready;
a3, recognizing and processing handshake messages of a server side, otherwise, alarming abnormally;
a4, identifying and processing the certificate message of the server, otherwise, alarming abnormally;
a5, identifying and processing the key exchange message of the server, otherwise, alarming abnormally;
a6, identifying and processing a server certificate request message, setting a detection end certificate request identifier, and otherwise, giving an alarm abnormally;
a7, identifying and processing a handshake finishing message of the server side, otherwise, alarming abnormally;
and A8, if the abnormal alarm exists, the detection of the server-side protocol fails, and if the abnormal alarm does not exist, the detection is further realized by receiving the SSL protocol.
As shown in fig. 4, receiving SSL protocol implementation detection includes:
b1, the certificate request identification of the detection end is valid, and the detection end initiates a certificate message;
b2, the detection end sends a key exchange message to generate and exchange key security parameters;
b3, the certificate request identification of the detection end is valid, and the detection end initiates a certificate verification message;
b4, the detection end sends a password specification change message;
b5, the detection end sends a handshake completion message;
b6, the message queue mark of the waiting server is read ready;
b7, identifying whether a service end warning message exists in the message queue, if so, failing to detect the service end protocol, and finishing the detection;
b8, identifying and processing the password specification change message of the server, otherwise, alarming abnormally;
b9, identifying and processing handshake completion information of the server side, and otherwise, alarming abnormally;
and B10, finishing the protocol detection, and passing the protocol detection of the server.
Yet another embodiment of the present invention relates to a computer device, which includes a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method for detecting and detecting a cryptographic SSL protocol when executing the computer program.
Yet another embodiment of the invention relates to a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method for secure SSL protocol probing and detection. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U.S. disk, removable hard disk, magnetic diskette, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signal, telecommunications signal, and software distribution medium, etc. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
The foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A national secret SSL protocol detection method is characterized in that: the detection method comprises the following steps:
s1, protocol detection: the detection end acquires a password specification supported by the server end through detection, selects a specification which is matched with a network application scene appropriately, and establishes SSL connection with the server end;
s2, compliance detection: after the detection end completes SSL protocol detection of the server end, a server end password specification capability list is obtained, the server end password specification capability list is traversed, the server end password specification capability list is adapted to the compliance model of the detection end one by one, and the SSL protocol algorithm compliance detection of the server end is completed;
s3, correctness detection: and acquiring a server password specification capability set, respectively carrying out correctness detection on each algorithm suite in the capability set according to GM/T0024 SSLVPN technical specifications, and carrying out detection judgment on the correctness of the server SSL algorithm suite implementation through a correctness model.
2. The method of claim 1, wherein the method comprises the steps of: the protocol inducing step specifically comprises the following steps:
s11, initializing a detection environment of a detection end;
s12, acquiring a system password suite configuration list through a detection end, and positioning the system password suite configuration list at the head position of the list;
s13, acquiring a password suite of the current position of the list, initializing the suite, reconstructing protocol structure data, and establishing safe communication connection with a server;
s14, if the connection returned by the server side is a confirmation message, the detection side closes the safety connection, stores the password suite into the password specification capability list of the server side, and moves down the reading position of the configuration list to obtain the next password suite;
s15, if the connection returned by the server side is a rejection message, the detection side closes the safety connection, and the configuration list reading position is moved downwards to obtain the next password suite;
s16, repeating the steps S13-S15, and traversing all password suites in the configuration list until the reading of the list is finished;
s17, the detection end obtains all password specification capabilities supported by the server end, protocol detection of the detection end to the server end is completed, and at the moment, a server end password specification capability list is stored and persisted.
3. The method of claim 1, wherein the method comprises: the compliance detection step specifically comprises the following steps:
s21, acquiring a server password specification capability set which is obtained by luring detection and is stored persistently;
s22, obtaining a detection end algorithm compliance model;
s23, traversing the server password specification capability sets one by one;
s24, searching whether the compliance model of the detection end is matched with the password specification of the current server end;
s25, if the step is adaptive, continuing to execute the steps S23 and S24;
s26, if the password is not adapted, ending the abnormal operation, and returning to the password specification of the current non-compliant server;
and S27, completing traversal of the server side password specification, normally finishing, and returning to the server side SSL protocol suite compliance mark.
4. The method of claim 1, wherein the method comprises: the correctness detection step specifically comprises the following steps:
s31, acquiring a server password specification capability set which is obtained by luring detection and is stored persistently;
s32, acquiring a detection end correctness model;
s33, traversing the server password specification capability sets one by one;
s34, initializing a current password specification protocol suite and a state controller;
s35, the detection end initiates a handshake request to the server end, and the state controller is updated;
s36, waiting for the readable message queue of the server;
s37, extracting a server message queue when the message is ready;
s38, the correctness model of the detection end carries out correctness verification and detection on the input state controller and the server side message queue;
s39, if the correctness detection is passed, updating the state controller, if the detection is finished, repeating the step S33, and if the detection is not finished, repeating the step S36;
s310, if the correctness detection does not pass, recording and persisting the server side password specification which does not pass the current correctness detection;
s311, repeating the step S33, and starting to detect the next server password specification;
and S312, ending traversal of the server-side password specification and ending detection.
5. The utility model provides a secret SSL agreement lures and surveys and detecting system which characterized in that: the system comprises a main control module, a protocol detection module, a password specification analysis module, a password specification traversal module, a protocol detection module, a compliance model, a feature library and a correctness model;
the main control module is used for carrying out trigger control on the protocol detection module, the password specification analysis module, the password specification traversal module, the protocol detection module, the compliance model, the feature library and the correctness model;
the detection inducing module is used for initiating protocol detection inducing for the remote SSL server, actively closing network connection with the server after each protocol detection inducing, and transmitting the characteristic data obtained by the detection inducing to the password specification analysis module for processing;
the password specification analysis module is used for carrying out feature extraction, feature analysis, feature identification and processing on the feature data obtained by the detection so as to obtain a server password specification capability set;
the password specification traversal module is used for traversing the server password specification capability set obtained by the induced detection, creating a new process when a password specification is obtained by traversal, realizing asynchronous communication with the SSL server, scheduling and managing the created process, and driving the process to establish an SSL handshake protocol with the server corresponding to the password specification type;
the protocol detection module is used for realizing the detection of a handshake protocol, a password specification change protocol, a record layer protocol and an alarm protocol in SSL protocol concentration according to GM/T0024 SSLVPN technical specification;
the compliance model is used for traversing the server side password specification capability sets one by one to carry out compliance detection according to the server side password specification capability sets obtained by the password specification analysis module;
the characteristic library is used for storing the characteristic data obtained by the password specification analysis module;
and the correctness model is used for traversing the server side password specification capability sets one by one for correctness detection according to the server side password specification capability sets obtained by the password specification analysis module.
6. The system of claim 5, wherein the SSL comprises: the system also comprises an alarm processing module, an identification library, a log analysis module and a rule library; the alarm processing module is used for analyzing alarm data which is sent by the SSL server and is in Alert type, and acquiring an alarm code through analyzing the alarm data so as to carry out protocol debugging and problem positioning; the identification library is used for managing and configuring a password protocol identification, a password exchange algorithm identification, an authentication algorithm identification, an encryption algorithm identification and a Hash algorithm identification so as to establish an identification library; the log analysis module is used for displaying and analyzing logs of states, steps and attribute values in the detection process so as to conveniently restore, judge and analyze the protocol; the rule base is used for establishing a basic rule base covering three dimensions through high abstraction and expression of rules from three dimensions of compliance, correctness and effectiveness realized by an SSL protocol.
7. The system of claim 5, wherein the SSL comprises: the protocol detection module comprises the following detection steps:
a1, a detection terminal initiates handshake information to a server terminal and waits for the response of the server terminal;
a2, waiting to receive the message queue mark of the server and reading the ready;
a3, recognizing and processing handshake messages of a server side, otherwise, alarming abnormally;
a4, identifying and processing the certificate message of the server, otherwise, alarming abnormally;
a5, identifying and processing the key exchange message of the server, otherwise, alarming abnormally;
a6, identifying and processing a server certificate request message, setting a detection end certificate request identifier, and otherwise, giving an alarm abnormally;
a7, identifying and processing a handshake finishing message of the server side, otherwise, alarming abnormally;
and A8, if the abnormal alarm exists, the detection of the server-side protocol fails, and if the abnormal alarm does not exist, the detection is further realized by receiving the SSL protocol.
8. The system of claim 7, wherein the cryptographic SSL protocol probing and detecting system comprises: the receiving SSL protocol implementation detection comprises:
b1, the certificate request identification of the detection end is valid, and the detection end initiates a certificate message;
b2, the detection end sends a key exchange message to generate and exchange key security parameters;
b3, the certificate request identification of the detection end is valid, and the detection end initiates a certificate verification message;
b4, sending a password specification change message by the detection end;
b5, the detection end sends a handshake completion message;
b6, the message queue mark of the waiting server is read ready;
b7, identifying whether a service end warning message exists in the message queue, if so, failing to detect the service end protocol, and finishing the detection;
b8, identifying and processing the password specification change message of the server, otherwise, alarming abnormally;
b9, identifying and processing handshake completion information of the server side, and otherwise, alarming abnormally;
and B10, finishing the protocol detection, and passing the protocol detection of the server.
9. A computer device comprising a memory and a processor, the memory having stored thereon a computer program, wherein the processor when executing the computer program performs the steps of a method for secure SSL protocol probing and detection as claimed in any of claims 1-4.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of a method for secure SSL protocol probing and detection according to any one of claims 1-4.
CN202211330818.0A 2022-10-28 2022-10-28 Method, system and storage medium for detecting and detecting national secret SSL protocol Active CN115396240B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211330818.0A CN115396240B (en) 2022-10-28 2022-10-28 Method, system and storage medium for detecting and detecting national secret SSL protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211330818.0A CN115396240B (en) 2022-10-28 2022-10-28 Method, system and storage medium for detecting and detecting national secret SSL protocol

Publications (2)

Publication Number Publication Date
CN115396240A CN115396240A (en) 2022-11-25
CN115396240B true CN115396240B (en) 2023-01-24

Family

ID=84115225

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211330818.0A Active CN115396240B (en) 2022-10-28 2022-10-28 Method, system and storage medium for detecting and detecting national secret SSL protocol

Country Status (1)

Country Link
CN (1) CN115396240B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116346688B (en) * 2023-05-24 2023-08-04 江苏金盾检测技术股份有限公司 SSL VPN security authentication gateway service compliance detection system and method
CN117097564B (en) * 2023-10-18 2024-02-02 沃通电子认证服务有限公司 Password service calling method, device, terminal equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113746807A (en) * 2021-08-11 2021-12-03 北银金融科技有限责任公司 Block chain node point support cryptographic algorithm communication detection method
CN115174114A (en) * 2022-07-07 2022-10-11 渔翁信息技术股份有限公司 SSL tunnel establishment method, server and client

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030035547A1 (en) * 2001-03-27 2003-02-20 John Newton Server with multiple encryption libraries
BR112019020749A2 (en) * 2017-04-03 2020-04-28 Listat Ltd method of transmitting data packets from a client device to the cloud.
CN114491328A (en) * 2020-11-13 2022-05-13 北京奇虎科技有限公司 Website access method, equipment, storage medium and device
CN114567469B (en) * 2022-02-21 2024-05-28 北京创原天地科技有限公司 Application password type detection method and platform based on B/S mode

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113746807A (en) * 2021-08-11 2021-12-03 北银金融科技有限责任公司 Block chain node point support cryptographic algorithm communication detection method
CN115174114A (en) * 2022-07-07 2022-10-11 渔翁信息技术股份有限公司 SSL tunnel establishment method, server and client

Also Published As

Publication number Publication date
CN115396240A (en) 2022-11-25

Similar Documents

Publication Publication Date Title
CN115396240B (en) Method, system and storage medium for detecting and detecting national secret SSL protocol
JP6514218B2 (en) Client authentication using social data
CN109471865B (en) Offline data management method, system, server and storage medium
CN107948204A (en) One-key login method and system, related equipment and computer readable storage medium
US9094823B2 (en) Data processing for securing local resources in a mobile device
WO2014105263A1 (en) Multi-factor authentication and comprehensive login system for client-server networks
CN110222085B (en) Processing method and device for certificate storage data and storage medium
CN109729000B (en) Instant messaging method and device
CN113438081B (en) Authentication method, device and equipment
CN114124476B (en) Sensitive information leakage vulnerability detection method, system and device for Web application
CN111314381A (en) Safety isolation gateway
KR102336605B1 (en) Method and apparatus for detecting malicious traffic
CN111405550B (en) WhatsApp key file extraction method and WhatsApp key file extraction equipment
CN110602111B (en) Interface anti-brushing method and system based on long connection
CN108390819A (en) IM information protection method, device, equipment and computer storage medium
CN117155716B (en) Access verification method and device, storage medium and electronic equipment
CN111356132B (en) Bluetooth access control method, system, electronic equipment and storage medium
CN107018156A (en) The defence support method of Domain Hijacking
CN111294276A (en) Mailbox-based remote control method, system, device and medium
WO2015085940A1 (en) Mobile terminal antitheft method and client
US20080022004A1 (en) Method And System For Providing Resources By Using Virtual Path
CN115633359A (en) PFCP session security detection method, device, electronic equipment and storage medium
JP4874226B2 (en) Client terminal device, relay server, information processing system, client terminal device control method, relay server control method, and program
CN111259400B (en) Vulnerability detection method, device and system
CN114491328A (en) Website access method, equipment, storage medium and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant