Nubeva’s patented SKI Sensors intercept keys directly from TLS processes in the memory of the server or client as they are created during the handshake’s key exchange in real-time. SKI Sensors employ highly efficient key signatures that “understand” how TLS code works in memory so that keys can be traced and extracted.
SKI Sensors are a small piece of software implemented on the server or the client. The software is available as c libraries to be embedded into applications and agents, or delivered as standalone agents or containers available for a broad and growing range of operating systems and platforms.
The use of session keys requires two functions, key handing, and decryption itself
Once session keys are intercepted, SKI Sensors export the keys. Options for key handling include writing keys to file, piping to other local applications and processes, or securely forwarding them across networks to authorized receivers.
Once decryption is complete, keys are typically destroyed (e.g., inside 5 seconds) but can also be archived for forensics purposes.
Decrypt Using Keys:
Using Session keys, high-throughput, low latency, and low-cost decryption can be easily achieved without modifications to authentication, handshakes, or production traffic and without any server keypairs or PKI. Decryption can far exceed the performance specs of exotic crypto cards and chips using commodity CPU instruction sets.
Option 1: Simple Decrypt using keylog files on any enabled system.
Option 2: Make minor modifications to an existing decrypt engine to receive keys.
Option 3: Add SKI-based decryption support using Nubeva’s Decrypt C Library or turnkey Decrypt Container.
Once decryption is completed, keys can be destroyed (typically seconds after creation and use), and perfect forward secrecy is maintained. Optionally and with proper security considerations, keys can be archived for forensic purposes.