In cryptography, Perfect Forward Secrecy (PFS) is a function of a key-exchange protocol, which results in the generation of a shared secret (e.g., pre-master secret or PMS) that may be used as an input to the key used to encrypt/decrypt an Secure Sockets Layer (SSL) session for secured communication between two parties (e.g., a web server and a browser of a client device). Key-exchange protocols that provide PFS are ephemeral because they use a temporary public/private key pair to generate the shared secret. Non-ephemeral protocols such as RSA use a long-lived secret, usually the same one for all connections, and thus the security of all sessions past and present are tied to the security of the private key. In contrast, PFS protects past sessions against future compromises of secret keys since encrypted communication sessions recorded in the past cannot be retrieved and decrypted should long-term secret keys or passwords be compromised in the future, even if the adversary actively interfered.
Until recently, SSL network traffic (e.g., network data packets being transmitted between the parties over a secured communication channel) can be monitored and analyzed by a third party monitoring platform/component that owns the RSA public/private keys that remain the same for all communication sessions. With the increasing popularity of PFS traffic, however, such RSA-based traffic monitoring scheme may no longer work due to the ephemeral nature of PFS traffic. Therefore, there is a need for a new approach to monitor PFS network traffic.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent upon a reading of the specification and a study of the drawings.