Research And Development Of Cryptography Application Security Situational Awareness Platform

With the high development of network information,the interconnection of all things has become a trend,the isolated island of information has gradually disappeared,and the importance of cyberspace security has become increasingly prominent.Cryptography is the basic core technology to ensure the security of cyberspace.Using compliant and secure cipher is not only a powerful guarantee for the individual legitimate rights of citizens,but also a strong guarantee for national security.However,according to the application of cryptography in our country,there are many common problems such as insufficient awareness of the use of cipher,using unpopular,irregular,and incorrect cipher and so on.Therefore,it is of great significance to evaluate the security of cryptography application in network and information systems.Aiming at the above problems,this paper takes the "General Requirements For Information System Cryptography Application" as a guide to design and implement a cryptography application security situation awareness platform that integrates collection,analysis,transmission,storage and visualization.This platform analyzes network traffic to determine whether the data transmitted in the network is encrypted,whether the encrypted protocol used is in compliance with national standards,and whether the encrypted parameters in the protocol are in compliance,thereby achieving a comprehensive analysis and evaluation of the validity,correctness and compliance of cryptography application at the network and communication security level.The platform consists of two parts: the capture side as well as the storage and display side.The capture side is responsible for the collection of network traffic based on the campus network,and completes network traffic conversion from packet level to flow level through packet header analysis and flow table processing.For the identification of encrypted traffic,this paper selects the Entropy and Monte Carlo ? value as the standard to measure the randomness of the packet payload,and chooses the C4.5 decision tree algorithm to build the classification model.For the identification of encrypted protocols,this paper first uses the method based on port number to quickly identify encrypted protocols.Then,through indepth analysis and research on the international and national standards of the SSL protocol and IPSec protocol,this paper uses DPI-based method to extract and match the signatures of each encrypted protocol,and extracts the password parameters from the process of establishing a secure connection.The platform completes the data stream docking between the capture side and the storage and display side through Apache Nifi.The storage and display side uses Logstash to collect the results of the traffic analysis,and uses Elastic Search to store and index the results.Then,based on front-end technologies such as Vue and Echarts,the platform achieves interactive visual display by combining with ES.According to specific application scenarios,the platform implements compliance detection of the password application on the network through the following steps: setting password parameter field values,defining detection strategies,generating ES query expressions to match the result data stored in the ES,and finally giving detection results.Finally,based on the campus network,this paper builds a test environment for the platform,and performs functional testing and display on the platform.The test results show that the platform can successfully identify the encrypted traffic and the encrypted protocol used by the traffic,during the identification process,it can also extract encrypted parameters to verify compliance,and achieve the expected functions.