Semi-Passive Transport Layer Security Version 1.3 Decryption Opportunities

With the release of Transport Layer Security (TLS) version 1.3 protocol in 2018, many security improvements have proven challenging to overcome from both an offensive and defensive cybersecurity perspective. The adoption rate of this latest version is continuing to increase. TLS version 1.3 is now the preferred protocol for use in the vast majority of active websites. However, a security cryptosystem is only secure if the private keys are kept secret. In this research, methods of key logging will be explored, along with various ways of extraction to conserve network bandwidth or to provide a stealthy exfiltration. With the cryptographic keys now available, the end result is a successful decryption of passively captured network traffic. Key logging of distinct Gmail email sessions and multiple compression techniques were experimented and analyzed. The outcome has provided proven viable benefits for both the offensive and defensive cybersecurity analyst teams with follow-on development opportunities.