Research on Novel TLS Protocol Network Traffic Management and Monitoring Method

Abstract

With the development of Internet technology, more and more websites use the novel TLS encryption technologies (such as TLS1.3, DOH, ESNI, etc.). The full encryption technology of network traffic brings great challenges to identify and prevent threats in encrypted traffic. In the face of new threat behavior, the traditional network management needs a long-term experimental process such as observation and analysis, feature extraction and online recognition. The whole process is time-consuming and labor-consuming. With the full encryption of the novel protocol, this confrontation will continue to escalate and unsustainable. This paper proposes a new idea of network management, which changes the traditional confrontation management into cooperation management, and can compromise privacy protection and network management. The main idea is to study the traffic management method combining "endpoint" and "pipe" and the novel protocol extension method. Securely transmit the secret key and data senseless decryption method through the hidden channel method to obtain the real URL access path of users. On this basis, this paper proposes and designs two traffic management methods: key acquisition and covert transmission method and TLS protocol upgrade implementation method. The first method requires the cooperation of the client. By studying the extension of the TLS protocol, we can decrypt the original traffic and realize network management; the second method requires the cooperation of the client and the server. By upgrading the handshake process and data of the TLS protocol transmission implementation, we can implement network management. On the network management side, it is necessary to decrypt and restore the network management packets, while the user request and response data cannot be decrypted. These two approaches are a novel solution idea under the popular application of novel protocols.