CN115396240B - Method, system and storage medium for detecting and detecting national secret SSL protocol - Google Patents
Method, system and storage medium for detecting and detecting national secret SSL protocol Download PDFInfo
- Publication number
- CN115396240B CN115396240B CN202211330818.0A CN202211330818A CN115396240B CN 115396240 B CN115396240 B CN 115396240B CN 202211330818 A CN202211330818 A CN 202211330818A CN 115396240 B CN115396240 B CN 115396240B
- Authority
- CN
- China
- Prior art keywords
- detection
- server
- protocol
- password
- password specification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000001514 detection method Methods 0.000 claims abstract description 225
- 238000012545 processing Methods 0.000 claims description 33
- 230000001939 inductive effect Effects 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 15
- 230000008859 change Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 12
- 230000002159 abnormal effect Effects 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 8
- 230000003044 adaptive effect Effects 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 230000002085 persistent effect Effects 0.000 claims description 3
- 238000000547 structure data Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a method, a system and a storage medium for luring and detecting a national secret SSL protocol, belonging to the technical field of network security and comprising the following steps: the detection end acquires a password specification supported by the server end through detection, selects a specification which is matched with a network application scene appropriately, and establishes SSL connection with the server end; after the detection end completes SSL protocol detection on the server end, a server end password specification capability list is obtained, and the server end password specification capability list is traversed and is adapted to the compliance model of the detection end one by one; and acquiring a server password specification capability set, respectively detecting the correctness of each algorithm suite in the capability set, and detecting and judging the correctness of the server SSL algorithm suite implementation through a correctness model. The method realizes the detection of the network server country secret SSL protocol and the detection of the correctness of the compliance, and can judge 3 aspects of the network server country secret SSL protocol according to the detection result.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method, a system and a storage medium for luring and detecting a national secret SSL protocol.
Background
The national cipher SSL protocol is a protocol which is defined by referring to a transmission layer security protocol, combining practical application requirements and practical experience of manufacturers in China according to relevant password policies and regulations in China, adding an ECC (error correction code) and IBC (identity based key) authentication mode and a key exchange mode in a TLS1.1 handshake protocol, canceling a DH (distributed data) key exchange mode and modifying a password suite, and mainly comprises a handshake protocol, a password specification change protocol, an alarm protocol and a recording layer protocol, wherein the handshake protocol is used for identity authentication and security parameter negotiation; the password specification change protocol is used for notifying the change of the security parameters; the alarm protocol is used for closing the notice and alarming for errors; the record layer protocol is used for segmenting, compressing and decompressing transmission data, encrypting and decrypting, checking integrity and the like.
The national secret SSL protocol is mainly applied to negotiation between end to establish an SSL security transmission channel, so that confidentiality and integrity protection of data transmission are realized, and one-way authentication and two-way authentication of a client server side can be realized based on an asymmetric key (a public key digital certificate). The national secret SSL protocol is integrated in the browser, HTTPS safe transmission can be realized, and the authenticity and the validity of a server certificate are verified, so that the credible verification of the server is realized. The server can also utilize the bidirectional authentication to realize the effective verification of the access client, thereby ensuring the authenticity and credibility of the access client. The national Security Socket Layer (SSL) protocol can also be used for a client to access protected server resources in an intranet, and the SSLVPN security gateway is deployed to realize fine-grained access control, single sign-on application portals, client identity verification, data encryption transmission and integrity protection on the intranet resources.
The national secret SSL protocol supports 12 combinations of cipher suites, the cipher suites are mainly formed by combining a key exchange algorithm, a symmetric encryption algorithm and a message authentication code algorithm, and for unconventional scenes of a client and a server, the client does not know the combination of the SSL protocol suites supported by the server, improper handshake messages initiated by the client receive warning messages from the server, and in such a case, the server closes the connection, and SSL handshake cannot continue. And because of the non-plaintext characteristic of the national secret SSL protocol, once the handshake between the client and the server is completed, the security parameters negotiated by the two parties are used for encrypted transmission, the TCP layer IP layer is used as a bearing protocol layer to transparently forward the record layer encrypted data packet of the SSL protocol, even if the data of each protocol layer of the SSL protocol is intercepted by a network packet capturing tool, the protocol details cannot be really restored because the data is encrypted and unreadable, and the protocol details must be completely restored to judge the compliance and the correctness of the SSL protocol of the server, but at present, a method for detecting the compliance and the correctness of the national secret SSL protocol is not available.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, provides a method, a system and a storage medium for luring and detecting a national secret SSL protocol, and solves the problems of unknown and uncertain support of a server SSL protocol algorithm suite and rapid detection of the compliance, correctness and effectiveness of the server national secret SSL protocol.
The purpose of the invention is realized by the following technical scheme: a method for luring and detecting a cryptographic SSL protocol comprises the following steps:
s1, protocol detection: the detection end acquires the password specification supported by the server end through probing, selects the specification which is matched with the network application scene appropriately, and establishes SSL connection with the server end;
s2, compliance detection: after the detection end completes SSL protocol detection of the server end, a server end password specification capability list is obtained, the server end password specification capability list is traversed, the server end password specification capability list is adapted to the compliance model of the detection end one by one, and the SSL protocol algorithm compliance detection of the server end is completed;
s3, correctness detection: and acquiring a server password specification capability set, respectively carrying out correctness detection on each algorithm suite in the capability set, and detecting and judging the correctness of the server SSL algorithm suite by using a correctness model.
The protocol detection step specifically comprises the following steps:
s11, initializing a detection environment of a detection end;
s12, acquiring a system password suite configuration list through a detection end, and positioning the system password suite configuration list at the head position of the list;
s13, acquiring a password suite of the current position of the list, initializing the suite, reconstructing protocol structure data, and establishing safe communication connection with a server;
s14, if the connection returned by the server side is a confirmation message, the detection side closes the safety connection, stores the password suite into the password specification capability list of the server side, and moves down the reading position of the configuration list to obtain the next password suite;
s15, if the connection returned by the server side is a rejection message, the detection side closes the safety connection, and the configuration list reading position is moved downwards to obtain the next password suite;
s16, repeating the steps S13-S15, and traversing all password suites in the configuration list until the reading of the list is finished;
s17, the detection end obtains all password specification capabilities supported by the server end, protocol detection of the detection end to the server end is completed, and at the moment, a server end password specification capability list is stored and persisted.
The compliance detection step specifically comprises the following steps:
s21, acquiring a server password specification capability set which is obtained by luring detection and is stored persistently;
s22, obtaining a detection end algorithm compliance model;
s23, traversing the server password specification capability sets one by one;
s24, searching whether the compliance model of the detection end is matched with the password specification of the current server end;
s25, if the step is adaptive, continuing to execute the steps S23 and S24;
s26, if the password is not adapted, ending the abnormal operation, and returning to the password specification of the current non-compliant server;
and S27, completing traversal of the server side password specification, normally finishing, and returning to the server side SSL protocol suite compliance mark.
The correctness detection step specifically comprises the following steps:
s31, acquiring a server password specification capability set which is obtained by luring detection and is stored persistently;
s32, acquiring a detection end correctness model;
s33, traversing the server password specification capability sets one by one;
s34, initializing a current password specification protocol suite and a state controller;
s35, the detection end initiates a handshake request to the server end, and the state controller is updated;
s36, waiting for the readable message queue of the server;
s37, extracting a server message queue when the message is ready;
s38, the correctness model of the detection end carries out correctness verification and detection on the input state controller and the server side message queue;
s39, if the correctness detection is passed, updating the state controller, if the detection is finished, repeating the step S33, and if the detection is not finished, repeating the step S36;
s310, if the correctness detection does not pass, recording and persisting the server side password specification which does not pass the current correctness detection;
s311, repeating the step S33, and starting to detect the next server password specification;
and S312, finishing traversal of the server side password specification and finishing detection.
A national secret SSL protocol detection and detection system comprises a main control module, a protocol detection module, a password specification analysis module, a password specification traversal module, a protocol detection module, a compliance model, a feature library and a correctness model;
the main control module is used for carrying out trigger control on the protocol detection module, the password specification analysis module, the password specification traversal module, the protocol detection module, the compliance model, the feature library and the correctness model;
the detection inducing module is used for initiating protocol detection inducing for the remote SSL server, actively closing network connection with the server after each protocol detection inducing, and transmitting the characteristic data obtained by the detection inducing to the password specification analysis module for processing;
the password specification analysis module is used for carrying out feature extraction, feature analysis, feature identification and processing on the feature data obtained by the detection so as to obtain a server password specification capability set;
the password specification traversal module is used for traversing the password specification capability set of the server obtained by the inducing detection, creating a new process every time a password specification is obtained by the traversal, realizing the asynchronous communication with the SSL server, scheduling and managing the created process, and establishing an SSL handshake protocol between the driving process and the server corresponding to the password specification type;
the protocol detection module is used for realizing handshake protocol, password specification change protocol, record layer protocol and alarm protocol detection in SSL protocol set;
the compliance model is used for traversing the server side password specification capability sets one by one to carry out compliance detection according to the server side password specification capability sets obtained by the password specification analysis module;
the characteristic library is used for storing characteristic data obtained by the password specification analysis module;
and the correctness model is used for traversing the server side password specification capability sets one by one for correctness detection according to the server side password specification capability sets obtained by the password specification analysis module.
The system also comprises an alarm processing module, an identification library, a log analysis module and a rule library; the alarm processing module is used for analyzing alarm data which is sent by the SSL server and is in Alert type, and acquiring an alarm code through analyzing the alarm data so as to carry out protocol debugging and problem positioning; the identification library is used for managing and configuring a password protocol identification, a password exchange algorithm identification, an authentication algorithm identification, an encryption algorithm identification and a Hash algorithm identification so as to establish an identification library; the log analysis module is used for displaying and analyzing logs of states, steps and attribute values in the detection process so as to conveniently restore, judge and analyze the protocol; the rule base is used for establishing a basic rule base covering three dimensions through high abstraction and expression of rules from three dimensions of compliance, correctness and effectiveness realized by an SSL protocol.
The protocol detection module comprises the following detection steps:
a1, a detection end initiates handshake information to a server end and waits for the server end to respond;
a2, the message queue mark of the waiting receiving server is read ready;
a3, recognizing and processing handshake messages of a server side, otherwise, alarming abnormally;
a4, identifying and processing the certificate message of the server, otherwise, alarming abnormally;
a5, identifying and processing the key exchange message of the server, otherwise, alarming abnormally;
a6, identifying and processing a server certificate request message, setting a detection end certificate request identifier, and otherwise, giving an alarm abnormally;
a7, identifying and processing a handshake finishing message of the server side, otherwise, alarming abnormally;
and A8, if the abnormal alarm exists, the detection of the server-side protocol fails, and if the abnormal alarm does not exist, the detection is further realized by receiving the SSL protocol.
The receiving SSL protocol implementation detection comprises:
b1, the certificate request identification of the detection end is valid, and the detection end initiates a certificate message;
b2, the detection end sends a key exchange message to generate and exchange key security parameters;
b3, the certificate request identification of the detection end is valid, and the detection end initiates a certificate verification message;
b4, the detection end sends a password specification change message;
b5, the detection end sends a handshake completion message;
b6, waiting for the message queue identifier of the server to be read ready;
b7, identifying whether a service end warning message exists in the message queue, if so, failing to detect the service end protocol, and finishing the detection;
b8, identifying and processing the password specification change message of the server, otherwise, alarming abnormally;
b9, identifying and processing handshake completion information of the server side, and otherwise, alarming abnormally;
and B10, finishing the protocol detection, and passing the protocol detection of the server.
A computer device comprising a memory having stored thereon a computer program and a processor implementing the steps of the method for secure SSL protocol probing and detection when executing the computer program.
A computer readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method for secure SSL protocol probing and detection.
The invention has the following advantages: a method, a system and a storage medium for detecting and detecting a national secret SSL protocol realize the detection and the correctness detection of the compliance of the national secret SSL protocol of a network server. Whether the network service end country secret SSL protocol meets the technical specification can be judged through detection and detection, and 3 aspects of the compliance, the correctness and the effectiveness of the realization of the network service end country secret SSL protocol can be judged according to the detection result. The problem that the existing traditional detection technology is established on the basis that the client and the server adopt the same password specification for single detection, does not have the sensing capability of the server SSL protocol password specification, and lacks universality, universality and expandability is solved.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention;
FIG. 2 is a schematic diagram of the framework of the system of the present invention;
FIG. 3 is a first schematic diagram illustrating SSL protocol detection in the protocol detection module;
fig. 4 is a schematic diagram of a SSL protocol detection process in the protocol detection module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. The components of the embodiments of the present application, as generally described and illustrated in the figures herein, could be arranged and designed in a wide variety of different configurations. Thus, the detailed description of the embodiments of the present application provided below in connection with the appended drawings is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application. The invention is further described below with reference to the accompanying drawings.
As shown in fig. 1, one embodiment of the present invention relates to a method for detecting and detecting a cryptographic SSL protocol, which solves the problems of the conventional method that the cryptographic specification of the SSL server is unknown and uncertain by the SSL client, and the SSL protocol cannot be established once the cryptographic specification selected by the client is not suitable for the server; the specific detection method comprises the following steps:
s1, protocol detection: the detection end acquires the password specification supported by the server end through probing, selects the specification which is matched with the network application scene appropriately, and establishes SSL connection with the server end; the mechanism that the SSL connection password specification is determined by the server side in the traditional mode at present is fundamentally changed, and the initiative right and the decision right are handed to the communication request client side.
S2, compliance detection: after the detection end completes SSL protocol detection of the server end, a server end password specification capability list is obtained, the server end password specification capability list is traversed, the server end password specification capability list is adapted to the compliance model of the detection end one by one, and the SSL protocol algorithm compliance detection of the server end is completed;
s3, correctness detection: and acquiring a server side password specification capability set, respectively carrying out correctness detection on each algorithm suite in the capability set according to GM/T0024 SSL VPN technical specification, and detecting and judging the correctness of the realization of the SSL algorithm suite of the server side through a correctness model.
Further, the protocol inducing step specifically comprises the following steps:
s11, initializing a detection environment of a detection end;
s12, acquiring a system password suite configuration list through a detection end, and positioning the system password suite configuration list at the head position of the list;
s13, acquiring a password suite of the current position of the list, initializing the suite, reconstructing protocol structure data, and establishing a secure communication connection with a server;
s14, if the connection returned by the server side is a confirmation message, the detection side closes the safety connection, stores the password suite into a password specification capability list of the server side, and moves down the reading position of the configuration list to obtain the next password suite;
s15, if the connection returned by the server side is a rejection message, the detection side closes the safety connection and moves down the configuration list reading position to obtain the next password suite;
s16, repeating the steps S13-S15, and traversing all password suites in the configuration list until the reading of the list is finished;
s17, the detection end obtains all password specification capabilities supported by the server end, protocol detection of the detection end to the server end is completed, and at the moment, a server end password specification capability list is stored and persisted.
Further, the compliance detection step specifically comprises the following steps:
s21, acquiring a server password specification capability set which is obtained by luring detection and is stored persistently;
s22, obtaining a detection end algorithm compliance model;
s23, traversing the server password specification capability sets one by one;
s24, searching whether the compliance model of the detection end is matched with the password specification of the current server end;
s25, if the step is adaptive, continuing to execute the steps S23 and S24;
s26, if the password is not adapted, ending the abnormal operation, and returning to the password specification of the current non-compliant server;
and S27, completing traversal of the server side password specification, normally finishing, and returning to the server side SSL protocol suite compliance mark.
Further, the correctness detection step specifically includes the following steps:
s31, acquiring a server password specification capability set which is acquired by luring detection and stored persistently;
s32, acquiring a detection end correctness model;
s33, traversing the server password specification capability sets one by one;
s34, initializing a current password specification protocol suite and a state controller;
s35, the detection end initiates a handshake request to the server end, and the state controller is updated;
s36, waiting for the readable message queue of the server;
s37, extracting a server message queue when the message is ready;
s38, the correctness model of the detection end carries out correctness verification and detection on the input state controller and the server side message queue;
s39, if the correctness detection is passed, updating the state controller, if the detection is finished, repeating the step S33, and if the detection is not finished, repeating the step S36;
s310, if the correctness detection does not pass, recording and persisting the server side password specification which does not pass the current correctness detection;
s311, repeating the step S33, and starting to detect the next server password specification;
and S312, finishing traversal of the server side password specification and finishing detection.
As shown in fig. 2, another embodiment of the present invention relates to a system for inducing and detecting a cryptographic SSL protocol, which includes a main control module, a protocol inducing module, a cryptographic specification analyzing module, a cryptographic specification traversing module, a protocol detecting module, a compliance model, a feature library, and a correctness model;
the main control module is used for triggering and controlling the protocol detection module, the password specification analysis module, the password specification traversal module, the protocol detection module, the compliance model, the feature library and the correctness model;
the detection inducing module is used for initiating protocol detection inducing for the remote SSL server, actively closing network connection with the server after each protocol detection inducing, and transmitting the characteristic data obtained by the detection inducing to the password specification analysis module for processing;
the password specification analysis module is used for carrying out feature extraction, feature analysis, feature identification and processing on the feature data obtained by the detection so as to obtain a server password specification capability set;
the password specification traversal module is used for traversing the password specification capability set of the server obtained by the inducing detection, a new process is created when a password specification is obtained by the traversal, an asynchronous non-blocking communication SOCKET is created by the new process, the asynchronous communication with the SSL server is realized, the created process is scheduled and managed, and the SSL handshake protocol is established between the driving process and the server corresponding to the password specification type;
the protocol detection module is used for realizing the detection of a handshake protocol, a password specification change protocol, a record layer protocol and an alarm protocol in SSL protocol set by referring to GM/T0024 SSL VPN technical specification;
the compliance model is used for traversing the server side password specification capability sets one by one according to the server side password specification capability sets obtained by the password specification analysis module to carry out compliance detection;
the characteristic library is used for storing the characteristic data obtained by the password specification analysis module;
and the correctness model is used for traversing the server side password specification capability sets one by one for correctness detection according to the server side password specification capability sets obtained by the password specification analysis module.
Furthermore, the system also comprises an alarm processing module, an identification library, a log analysis module and a rule library; the alarm processing module is used for analyzing the alarm data which is sent by the SSL server and is in Alert type, and acquiring an alarm code through analyzing the alarm data so as to carry out protocol debugging and problem positioning; the identification library is used for managing and configuring a password protocol identification, a password exchange algorithm identification, an authentication algorithm identification, an encryption algorithm identification and a Hash algorithm identification so as to establish an identification library; the log analysis module is used for displaying and analyzing logs of states, steps and attribute values in the detection process so as to conveniently restore, study, judge and analyze the protocol; the rule base is used for establishing a basic rule base covering three dimensions through high abstraction and expression of rules from three dimensions of compliance, correctness and effectiveness realized by an SSL protocol.
Further, as shown in fig. 3, the detection steps of the protocol detection module are as follows:
a1, a detection terminal initiates handshake information to a server terminal and waits for the response of the server terminal;
a2, the message queue mark of the waiting receiving server is read ready;
a3, recognizing and processing handshake messages of a server side, otherwise, alarming abnormally;
a4, identifying and processing the certificate message of the server, otherwise, alarming abnormally;
a5, identifying and processing the key exchange message of the server, otherwise, alarming abnormally;
a6, identifying and processing a server certificate request message, setting a detection end certificate request identifier, and otherwise, giving an alarm abnormally;
a7, identifying and processing a handshake finishing message of the server side, otherwise, alarming abnormally;
and A8, if the abnormal alarm exists, the detection of the server-side protocol fails, and if the abnormal alarm does not exist, the detection is further realized by receiving the SSL protocol.
As shown in fig. 4, receiving SSL protocol implementation detection includes:
b1, the certificate request identification of the detection end is valid, and the detection end initiates a certificate message;
b2, the detection end sends a key exchange message to generate and exchange key security parameters;
b3, the certificate request identification of the detection end is valid, and the detection end initiates a certificate verification message;
b4, the detection end sends a password specification change message;
b5, the detection end sends a handshake completion message;
b6, the message queue mark of the waiting server is read ready;
b7, identifying whether a service end warning message exists in the message queue, if so, failing to detect the service end protocol, and finishing the detection;
b8, identifying and processing the password specification change message of the server, otherwise, alarming abnormally;
b9, identifying and processing handshake completion information of the server side, and otherwise, alarming abnormally;
and B10, finishing the protocol detection, and passing the protocol detection of the server.
Yet another embodiment of the present invention relates to a computer device, which includes a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method for detecting and detecting a cryptographic SSL protocol when executing the computer program.
Yet another embodiment of the invention relates to a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method for secure SSL protocol probing and detection. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U.S. disk, removable hard disk, magnetic diskette, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signal, telecommunications signal, and software distribution medium, etc. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
The foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A national secret SSL protocol detection method is characterized in that: the detection method comprises the following steps:
s1, protocol detection: the detection end acquires a password specification supported by the server end through detection, selects a specification which is matched with a network application scene appropriately, and establishes SSL connection with the server end;
s2, compliance detection: after the detection end completes SSL protocol detection of the server end, a server end password specification capability list is obtained, the server end password specification capability list is traversed, the server end password specification capability list is adapted to the compliance model of the detection end one by one, and the SSL protocol algorithm compliance detection of the server end is completed;
s3, correctness detection: and acquiring a server password specification capability set, respectively carrying out correctness detection on each algorithm suite in the capability set according to GM/T0024 SSLVPN technical specifications, and carrying out detection judgment on the correctness of the server SSL algorithm suite implementation through a correctness model.
2. The method of claim 1, wherein the method comprises the steps of: the protocol inducing step specifically comprises the following steps:
s11, initializing a detection environment of a detection end;
s12, acquiring a system password suite configuration list through a detection end, and positioning the system password suite configuration list at the head position of the list;
s13, acquiring a password suite of the current position of the list, initializing the suite, reconstructing protocol structure data, and establishing safe communication connection with a server;
s14, if the connection returned by the server side is a confirmation message, the detection side closes the safety connection, stores the password suite into the password specification capability list of the server side, and moves down the reading position of the configuration list to obtain the next password suite;
s15, if the connection returned by the server side is a rejection message, the detection side closes the safety connection, and the configuration list reading position is moved downwards to obtain the next password suite;
s16, repeating the steps S13-S15, and traversing all password suites in the configuration list until the reading of the list is finished;
s17, the detection end obtains all password specification capabilities supported by the server end, protocol detection of the detection end to the server end is completed, and at the moment, a server end password specification capability list is stored and persisted.
3. The method of claim 1, wherein the method comprises: the compliance detection step specifically comprises the following steps:
s21, acquiring a server password specification capability set which is obtained by luring detection and is stored persistently;
s22, obtaining a detection end algorithm compliance model;
s23, traversing the server password specification capability sets one by one;
s24, searching whether the compliance model of the detection end is matched with the password specification of the current server end;
s25, if the step is adaptive, continuing to execute the steps S23 and S24;
s26, if the password is not adapted, ending the abnormal operation, and returning to the password specification of the current non-compliant server;
and S27, completing traversal of the server side password specification, normally finishing, and returning to the server side SSL protocol suite compliance mark.
4. The method of claim 1, wherein the method comprises: the correctness detection step specifically comprises the following steps:
s31, acquiring a server password specification capability set which is obtained by luring detection and is stored persistently;
s32, acquiring a detection end correctness model;
s33, traversing the server password specification capability sets one by one;
s34, initializing a current password specification protocol suite and a state controller;
s35, the detection end initiates a handshake request to the server end, and the state controller is updated;
s36, waiting for the readable message queue of the server;
s37, extracting a server message queue when the message is ready;
s38, the correctness model of the detection end carries out correctness verification and detection on the input state controller and the server side message queue;
s39, if the correctness detection is passed, updating the state controller, if the detection is finished, repeating the step S33, and if the detection is not finished, repeating the step S36;
s310, if the correctness detection does not pass, recording and persisting the server side password specification which does not pass the current correctness detection;
s311, repeating the step S33, and starting to detect the next server password specification;
and S312, ending traversal of the server-side password specification and ending detection.
5. The utility model provides a secret SSL agreement lures and surveys and detecting system which characterized in that: the system comprises a main control module, a protocol detection module, a password specification analysis module, a password specification traversal module, a protocol detection module, a compliance model, a feature library and a correctness model;
the main control module is used for carrying out trigger control on the protocol detection module, the password specification analysis module, the password specification traversal module, the protocol detection module, the compliance model, the feature library and the correctness model;
the detection inducing module is used for initiating protocol detection inducing for the remote SSL server, actively closing network connection with the server after each protocol detection inducing, and transmitting the characteristic data obtained by the detection inducing to the password specification analysis module for processing;
the password specification analysis module is used for carrying out feature extraction, feature analysis, feature identification and processing on the feature data obtained by the detection so as to obtain a server password specification capability set;
the password specification traversal module is used for traversing the server password specification capability set obtained by the induced detection, creating a new process when a password specification is obtained by traversal, realizing asynchronous communication with the SSL server, scheduling and managing the created process, and driving the process to establish an SSL handshake protocol with the server corresponding to the password specification type;
the protocol detection module is used for realizing the detection of a handshake protocol, a password specification change protocol, a record layer protocol and an alarm protocol in SSL protocol concentration according to GM/T0024 SSLVPN technical specification;
the compliance model is used for traversing the server side password specification capability sets one by one to carry out compliance detection according to the server side password specification capability sets obtained by the password specification analysis module;
the characteristic library is used for storing the characteristic data obtained by the password specification analysis module;
and the correctness model is used for traversing the server side password specification capability sets one by one for correctness detection according to the server side password specification capability sets obtained by the password specification analysis module.
6. The system of claim 5, wherein the SSL comprises: the system also comprises an alarm processing module, an identification library, a log analysis module and a rule library; the alarm processing module is used for analyzing alarm data which is sent by the SSL server and is in Alert type, and acquiring an alarm code through analyzing the alarm data so as to carry out protocol debugging and problem positioning; the identification library is used for managing and configuring a password protocol identification, a password exchange algorithm identification, an authentication algorithm identification, an encryption algorithm identification and a Hash algorithm identification so as to establish an identification library; the log analysis module is used for displaying and analyzing logs of states, steps and attribute values in the detection process so as to conveniently restore, judge and analyze the protocol; the rule base is used for establishing a basic rule base covering three dimensions through high abstraction and expression of rules from three dimensions of compliance, correctness and effectiveness realized by an SSL protocol.
7. The system of claim 5, wherein the SSL comprises: the protocol detection module comprises the following detection steps:
a1, a detection terminal initiates handshake information to a server terminal and waits for the response of the server terminal;
a2, waiting to receive the message queue mark of the server and reading the ready;
a3, recognizing and processing handshake messages of a server side, otherwise, alarming abnormally;
a4, identifying and processing the certificate message of the server, otherwise, alarming abnormally;
a5, identifying and processing the key exchange message of the server, otherwise, alarming abnormally;
a6, identifying and processing a server certificate request message, setting a detection end certificate request identifier, and otherwise, giving an alarm abnormally;
a7, identifying and processing a handshake finishing message of the server side, otherwise, alarming abnormally;
and A8, if the abnormal alarm exists, the detection of the server-side protocol fails, and if the abnormal alarm does not exist, the detection is further realized by receiving the SSL protocol.
8. The system of claim 7, wherein the cryptographic SSL protocol probing and detecting system comprises: the receiving SSL protocol implementation detection comprises:
b1, the certificate request identification of the detection end is valid, and the detection end initiates a certificate message;
b2, the detection end sends a key exchange message to generate and exchange key security parameters;
b3, the certificate request identification of the detection end is valid, and the detection end initiates a certificate verification message;
b4, sending a password specification change message by the detection end;
b5, the detection end sends a handshake completion message;
b6, the message queue mark of the waiting server is read ready;
b7, identifying whether a service end warning message exists in the message queue, if so, failing to detect the service end protocol, and finishing the detection;
b8, identifying and processing the password specification change message of the server, otherwise, alarming abnormally;
b9, identifying and processing handshake completion information of the server side, and otherwise, alarming abnormally;
and B10, finishing the protocol detection, and passing the protocol detection of the server.
9. A computer device comprising a memory and a processor, the memory having stored thereon a computer program, wherein the processor when executing the computer program performs the steps of a method for secure SSL protocol probing and detection as claimed in any of claims 1-4.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of a method for secure SSL protocol probing and detection according to any one of claims 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211330818.0A CN115396240B (en) | 2022-10-28 | 2022-10-28 | Method, system and storage medium for detecting and detecting national secret SSL protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211330818.0A CN115396240B (en) | 2022-10-28 | 2022-10-28 | Method, system and storage medium for detecting and detecting national secret SSL protocol |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115396240A CN115396240A (en) | 2022-11-25 |
CN115396240B true CN115396240B (en) | 2023-01-24 |
Family
ID=84115225
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211330818.0A Active CN115396240B (en) | 2022-10-28 | 2022-10-28 | Method, system and storage medium for detecting and detecting national secret SSL protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115396240B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116346688B (en) * | 2023-05-24 | 2023-08-04 | 江苏金盾检测技术股份有限公司 | SSL VPN security authentication gateway service compliance detection system and method |
CN117097564B (en) * | 2023-10-18 | 2024-02-02 | 沃通电子认证服务有限公司 | Password service calling method, device, terminal equipment and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113746807A (en) * | 2021-08-11 | 2021-12-03 | 北银金融科技有限责任公司 | Block chain node point support cryptographic algorithm communication detection method |
CN115174114A (en) * | 2022-07-07 | 2022-10-11 | 渔翁信息技术股份有限公司 | SSL tunnel establishment method, server and client |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030035547A1 (en) * | 2001-03-27 | 2003-02-20 | John Newton | Server with multiple encryption libraries |
BR112019020749A2 (en) * | 2017-04-03 | 2020-04-28 | Listat Ltd | method of transmitting data packets from a client device to the cloud. |
CN114491328A (en) * | 2020-11-13 | 2022-05-13 | 北京奇虎科技有限公司 | Website access method, equipment, storage medium and device |
CN114567469B (en) * | 2022-02-21 | 2024-05-28 | 北京创原天地科技有限公司 | Application password type detection method and platform based on B/S mode |
-
2022
- 2022-10-28 CN CN202211330818.0A patent/CN115396240B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113746807A (en) * | 2021-08-11 | 2021-12-03 | 北银金融科技有限责任公司 | Block chain node point support cryptographic algorithm communication detection method |
CN115174114A (en) * | 2022-07-07 | 2022-10-11 | 渔翁信息技术股份有限公司 | SSL tunnel establishment method, server and client |
Also Published As
Publication number | Publication date |
---|---|
CN115396240A (en) | 2022-11-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN115396240B (en) | Method, system and storage medium for detecting and detecting national secret SSL protocol | |
JP6514218B2 (en) | Client authentication using social data | |
CN109471865B (en) | Offline data management method, system, server and storage medium | |
CN107948204A (en) | One-key login method and system, related equipment and computer readable storage medium | |
US9094823B2 (en) | Data processing for securing local resources in a mobile device | |
WO2014105263A1 (en) | Multi-factor authentication and comprehensive login system for client-server networks | |
CN110222085B (en) | Processing method and device for certificate storage data and storage medium | |
CN109729000B (en) | Instant messaging method and device | |
CN113438081B (en) | Authentication method, device and equipment | |
CN114124476B (en) | Sensitive information leakage vulnerability detection method, system and device for Web application | |
CN111314381A (en) | Safety isolation gateway | |
KR102336605B1 (en) | Method and apparatus for detecting malicious traffic | |
CN111405550B (en) | WhatsApp key file extraction method and WhatsApp key file extraction equipment | |
CN110602111B (en) | Interface anti-brushing method and system based on long connection | |
CN108390819A (en) | IM information protection method, device, equipment and computer storage medium | |
CN117155716B (en) | Access verification method and device, storage medium and electronic equipment | |
CN111356132B (en) | Bluetooth access control method, system, electronic equipment and storage medium | |
CN107018156A (en) | The defence support method of Domain Hijacking | |
CN111294276A (en) | Mailbox-based remote control method, system, device and medium | |
WO2015085940A1 (en) | Mobile terminal antitheft method and client | |
US20080022004A1 (en) | Method And System For Providing Resources By Using Virtual Path | |
CN115633359A (en) | PFCP session security detection method, device, electronic equipment and storage medium | |
JP4874226B2 (en) | Client terminal device, relay server, information processing system, client terminal device control method, relay server control method, and program | |
CN111259400B (en) | Vulnerability detection method, device and system | |
CN114491328A (en) | Website access method, equipment, storage medium and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |