Secure communication secret sharing

摘要

Embodiments are directed to sharing secure communication secrets with a network monitoring device (NMD). The NMD may passively monitor network packets communicated between client computers and server computers. If a secure communication session is established between a client computer and a server computer, a key provider may provide the NMD a session key that corresponds to the secure communication session. The NMD may buffer each network packet associated with the secure communication session until the NMD is provided a session key for the secure communication session. The NMD may use the session key to decrypt network packets communicated between the client computer and the server computer. The NMD may then proceed to analyze the secure communication session based on the contents of the decrypted network packets.

主权项

1. A method for monitoring communication over a network with a network monitoring device (NMD) that performs actions, comprising:
providing correlation information for one or more network packets that are employed to establish a secure communication session; and providing a session key and other correlation information that corresponds to the secure communication session; providing one or more network connection flows that correspond to the secure communication session based on a match of the secure communication session's other correlation information with other correlation information provided by one or more key providers; decrypting the one or more network packets in the one or more network connection flows communicated over the secure communication session; and providing a display to a user of analysis of the secure communication session.