TLS Decryption in passive monitoring system with server private key

Abstract: Many network operators need to be able to ensure that customers get the level of service they pay for. To avoid bandwidth and server performance bottlenecks, and easily troubleshoot network problems, the network providers need to be able to see what payload data is sent. Modern networks encrypt data when sending it between nodes that makes passive monitoring more complex. A prevalent encryption mechanism on an IP-based network is TLS that needs to be decrypted.                This article’s purpose is to check if it is possible to decrypt TLS traffic in a passive monitoring system with the server’s private key. This is done by implementing a decryptor in a passive monitoring system in the programming language Java. The implemented solution intercepts the traffic, takes out relevant data from the traffic, and derives the session key from that data. How this is done is dependent on what cipher suite is used for the session. Because of delimitations and lack of time the solution is only able to decrypt the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256. The result showed that it is possible to decrypt TLS traffic and should be possible for more than the specified cipher suite. But there exists a major problem that's called forward secrecy. This is used in the key exchange algorithm called Diffie–Hellman and makes it impossible to decrypt with only server private key. The conclusion is that it is possible but because of forward secrecy, it is not recommended. TLS 1.3 only uses cipher suites with the key exchange algorithm Diffie–Hellman and the forward secrecy functionality is important for security.