Cryptographic Protocol Reverse Method Based on Information Entropy and Closed Frequent Sequences

Abstract

Read online

Unknown cryptographic protocols are widely used for the secure transmission of sensitive information,and reversing cryptographic protocol is of great significance to both attackers and defenders.In order to efficiently reverse complex cryptographic protocols,a cryptographic protocol reverse method based on information entropy and closed frequent sequences is proposed.The information entropy is used to distinguish the plaintext and ciphertext,and the closed frequent sequences mined by BIDE algorithm are used to identify dynamic fields and static fields in the messages.A length field identification algorithm is proposed.It slices the message,and compares the sliced field values with the set of length field values to achieve various forms of length field recognition in cryptographic protocols.Heuristic strategies are proposed to recognize the semantics of key fields including the fields specific to cryptographic protocols such as encryption suites and encryption algorithms.Experimental results show that the method can effectively identity fields and extract the formats of cryptographic protocols,outperforms the existing me-thods in various length fields identification and semantic recognition of key fields specific to cryptographic protocols as well.

Keywords

• protocol reverse|cryptographic protocol|information entropy|closed frequent sequence|network traffic|semantic recognition