| 摘要: |
| 网络流量加密技术在带来隐私与安全的同时,也给网络流量管理和安全监管带来了挑战。先对加密流量进行解密,再甄别其是否嵌入恶意流量的加密流量误用检测方法存在安全隐私问题,且解密会带来额外的计算开销。零知识证明允许可信中间盒在不解密流量的情况下进行检测,为平衡隐私保护和安全监管策略执行提供了一种可行的解决方案。现有零知识证明中间盒基于Groth16协议将秘密值通过仿射变换隐藏到公共参考字符串中,但因其与证明成线性关系,可被用来生成欺诈证明。为解决这一安全隐患,本文引入Spartan协议,基于随机谕言模型构造挑战,实现了初始化阶段系统参数的可公开独立生成。为进一步提高零知识证明中间盒的工作效率,我们提出了一种并行验证多请求的零知识批量证明算法SpartanBatch,以多变量多项式不依赖具体输入的事实为依据,通过共享相同的随机挑战,实现验证结果被所有证明共享,从而降低高并发网络场景下检测任务的时延。此外,我们在检测系统的工程实现中引入了多线程设计和异步模式,以期优化系统的处理能力。我们在恶意域名检测和敏感数据泄漏两类场景下进行了零知识证明中间盒的性能对比实验。相比Groth16,Spartan将总体时间开销降低了70%,通信开销从兆字节级别压缩至千字节级别。在单个请求验证的基础上,进行多请求的并行验证实验,实验表明,SpartanBatch在恶意域名检测任务中将平均单个请求的处理时延降低至300毫秒,异步模式能提供实时通信场景下时延为0的最佳QoS体验。 |
| 关键词: 加密流量检测 隐私计算 零知识证明 中间盒 |
| DOI: |
| 投稿时间:2025-05-01修订日期:2025-11-18 |
| 基金项目: |
|
| Research on Encryption Traffic Misuse Detection Method Based on Zero-knowledge Batch Proofs |
|
XU YI1, Liu Hui Yu1, moyijun2
|
| (1.Huazhong University of Science and Technology;2.Huazhong University of Science and Technology) |
| Abstract: |
| While network traffic encryption technology enhances privacy and security, it also poses challenges for traffic management and security supervision. Traditional misuse detection methods for encrypted traffic involve decrypting the encrypted traffic first and then identifying whether it contains embedded malicious payloads. However, this approach raises security and privacy concerns, and the decryption process introduces additional computational overhead. Zero-knowledge proofs enable trusted middleboxes to perform detection without decrypting the traffic, offering a feasible solution to balance privacy protection and the enforcement of security supervision policies. The existing zero-knowledge proof middlebox hides secret values into a common reference string through affine transformation based on the Groth16 protocol, but due to its linear relationship with the proof, it can be used to generate fraudulent proofs. To address this security vulnerability, this article introduces the Spartan protocol and constructs a challenge based on a random oracle model, achieving publicly available and independent generation of system parameters during the setup phase. To further improve the efficiency of the zero-knowledge proof middlebox, we propose a parallel validation multi request zero-knowledge batch proof algorithm SpartanBatch, which is based on the fact that multivariate polynomials do not depend on specific inputs. By sharing the same random challenge, the verification results are shared among all proofs, thereby reducing the latency of detection tasks in high concurrency network scenarios. In addition, we have introduced multi-threaded design and asynchronous mode in the engineering implementation of the detection system to optimize the system's processing capability. We conducted performance comparison experiments of zero-knowledge proof middleboxes in two scenarios: malicious domain name detection and sensitive data leakage. Compared to Groth16, Spartan has reduced overall time overhead by 70% and compressed communication overhead from the megabyte level to the kilobyte level. On the basis of single request verification, parallel verification experiments were conducted for multiple requests. The experiments showed that SpartanBatch reduced the average processing latency of a single request to around 300 milliseconds in malicious domain name detection tasks. Asynchronous mode can deliver the optimal QoS experience with zero-delay in real-time communication scenarios. |
| Key words: encrypted traffic analysis privacy computing zero-knowledge proofs middleboxes |
