Affiliation:
1. Department of Computer Science, Chungbuk National University, Cheongju 28644, Republic of Korea
Abstract
With the exponential growth of encrypted communication over the internet, research into systems capable of analyzing large volumes of encrypted traffic is essential. This study focuses on evaluating the performance of two prominent tools, ssldump and tshark, in decrypting and inspecting encrypted network traffic, assuming an environment where decryption keys are available. The performance of ssldump and tshark was assessed using various metrics, including execution time, and the ability to handle different file sizes and session counts. The results showed that tshark exhibited faster processing speeds for smaller file sizes and a higher number of sessions, while ssldump demonstrated better performance for larger file sizes and fewer sessions. However, notable performance differences were not observed based solely on the type of cipher suite or encryption method used. To enhance performance, the study proposes the session-based split and conquer (SSC) technique for automating parallelization using a multi-process approach. SSC shows up to a 39× improvement in performance, depending on system capabilities and workload.
Funder
Electronics and Telecommunications Research Institute
Reference19 articles.
1. Advanced encryption standard;Rijmen;Proc. Fed. Inf. Process. Stand. Publ. Natl. Inst. Stand. Technol.,2001
2. Diffie, W., and Hellman, M.E. (2022). Exhaustive cryptanalysis of the NBS data encryption standard. Democratizing Cryptography: The Work of Whitfield Diffie and Martin Hellman, ACM.
3. Schneier, B. (1993, January 9–11). Description of a new variable-length key, 64-bit block cipher (Blowfish). Proceedings of the International Workshop on Fast Software Encryption, Cambridge, UK.
4. The Twofish encryption algorithm;Schneier;Dr. Dobb’s J. Softw. Tools Prof. Program.,1998
5. A method for obtaining digital signatures and public-key cryptosystems;Rivest;Commun. ACM,1978