Therefore, the message format of encrypted traffic sent from sslocal to ssserver is analyzed here. The traffic that an attacker can obtain is usually the encrypted traffic sent from sslocal to ssserver, rather than the traffic sent by the Socks5 agent of the local computer to the SS client. Shadowsocks(R) service components include sslocal running on the local computer and ssserver running on the remote server, as shown in Figure 1.
Shadowsocks(R) Protocol and Message Format Finally, the study is summarized in Section 5. In Section 4, according to the protocol vulnerability found, some suggestions about improving the protocol security of shadowsocks(R) are proposed. In Section 3, from the perspective of protocol analysis, the shadowsocks (R) encryption mechanism is analyzed in detail, its vulnerability is found, and the decryption method is given. In Section 2, the shadowsocks(R) protocol and message format are further clarified. The structure of this paper is as follows. Finally, some methods to improve the protocol security of shadowsocks(R) are proposed to resist the existing attacks. The attack method is effective for all encryption options of shadowsocks(R). Based on Chen’s work, this paper further clarifies the shadowsocks(R) protocol format, studies the encryption mechanism of shadowsocks(R) from the perspective of protocol analysis, and proposes an attack method of shadowsocks(R). started with the cryptographic algorithm used by shadowsocks(R) and preliminarily discussed the confidentiality of user data under the protection of shadowsocks(R) in theory. The attack method is an active attack and cannot decrypt the shadowsocks packets encrypted with AEAD encryption options, so it has many limitations in actual attacks. Peng broke the confidentiality of shadowsocks by exploiting vulnerability in the shadowsocks protocol and decrypt the shadowsocks packets encrypted with none-AEAD ciphers using a redirection attack. Therefore, the encryption protocol designed by shadowsocks is only limited to preshared key and no complete forward confidentiality. The original design purpose of shadowsocks is to bypass GFW rather than provide security in the sense of cryptography. In the real network, SS is relatively easier to identify than SSR, and the identification of SSR still needs further research. In recent years, there are many research studies on the identification of shadowsocks traffic. The reason why shadowsocks(R) are sought after by many people is mainly that its traffic concealment is strong and difficult to be detected by GFW. It is currently the most used wall climbing software. Shadowsocks(R) has the advantages of being fast, difficult to detect, and cross-platform. Shadowsocks(R) is the collective name of SS and SSR. SS and SSR are often used to break through the great firewall (GFW) to browse blocked, obscured, or disturbed content. ShadowsocksR (SSR) adds some data obfuscation methods based on shadowsocks, fixes some security problems, and improves QoS priority. It is an encrypted transmission protocol based on the Socks5 proxy. Shadowsocks (SS) is an open-source tool for scientific Internet access. Finally, some methods to improve the protocol security of shadowsocks(R) are proposed. Compared with Peng’s attack method, the method is more effective and more suitable for actual attacks. The attack method is a passive attack and can decrypt the shadowsocks packets encrypted with any encryption option. The vulnerability of the shadowsocks(R) encryption mechanism is found, and an attack method of shadowsocks(R) is proposed. Based on Chen’s work, this paper further clarifies the shadowsocks(R) protocol format and studies the encryption mechanism of shadowsocks(R) from the perspective of protocol analysis. Peng broke the confidentiality of shadowsocks by exploiting vulnerability in the shadowsocks protocol and decrypted the shadowsocks packets encrypted with none-AEAD encryption options using a redirection attack. Shadowsocks(R) is a private protocol without a handshake negotiation mechanism.
#Shadowsocks protocol software
Shadowsocks(R) is a proxy software based on Socks5, which is the collective name of shadowsocks and shadowsocksR.
0 kommentar(er)
