HTTPS通信流截获解析系统的设计与实现

来源期刊：中南大学学报(自然科学版)2005年第4期

论文作者：徐楠 陈松乔 眭鸿飞

文章页码：664 - 667

关键词：信息隐藏;通信流分析;匿名通信

Key words：information hiding; traffic analysis; anonymous traffic

摘    要：针对安全传输协议中存在的如SSL和TLS虽然可以保障通信内容的机密性,但无法完全隐藏传输数据长度、通信的持续时间以及通信的频度等信息的问题,提出一种新的方法,即利用HTTPS通信流报文的首部信息,解析并重构出与用户浏览序列对应的页面“指纹”序列;在分析SSL和HTTP通信行为的基础上,给出了基于最大包长度以及时间阈值对HTTPS通信流报文进行解析重组获取页面“指纹”序列的“指纹”序列抽取算法。在此基础上,对HTTPS通信流截获解析系统即HTCPS进行总体设计。实验结果表明,该方法不但能够对HTTPS通信流进行解析,并且能重构出页面“指纹”序列。

Abstract: Although communication security can be guaranteed by the technique of typical security transfer protocols such as SSL and TLS, it is still difficult to hide the data volume, frequency and the duration of communication. A new method was proposed, which can use the information leaked in the header of HTTPS packets and reconstruct the“fingerprint”sequence of Web page corresponding to user s browsing sequence. The communication behavior of SSL and HTTP was analyzed, and a fingerprint extracting algorithm was derived based on the maximum transfer length of HTTPS packet and a timing threshold which can reconstruct the communication flow file, and finally a general scheme for the design of HTTPS traffic capturing and parsing system (HTCPS) was proposed. The results show that this approach can not only capture HTTPS browsing traffic successfully, but also reconstruct the fingerprint sequence for the Web browsing sequence.

基金信息：国家自然科学基金资助项目