计算机工程2017,Vol.43Issue(3):147-153,7.DOI:10.3969/j.issn.1000-3428.2017.03.026
针对SSL/TLS协议会话密钥的安全威胁与防御方法
Security Threat and Defense Method for SSL/TLS Protocol Session Key
摘要
Abstract
Through analyzing the specific implementation of the Security Socket Layer/Transport Layer Security(SSL/TLS) protocol in the client,this paper takes advantage of the vulnerabilities and flaws of SSL/TLS protocol session master key which is handled by browser and the secure parameters which are delivered in the process of protocol handshake.Combined with the Netfilter mechanism to hijack the session,it proposes a new security threat scheme for SSL/TLS protocol(SKAS).What's more,it gives three defense methods of random number one-way encryption,bidirectional encryption and protection session master key security based on the security research of SKAS scheme.After the actual experiments,it is verified the feasibility of SKAS threat scheme.The success rate of attacks can reach more than 90% and this scheme also can achieve a wide attack and a deep threat.The three kinds of defense method can resist the SKAS threat and guarantee communication data security of SSL/TLS protocol between the client and server.关键词
安全套接层协议/安全传输层协议/会话密钥/Netfilter机制/会话劫持/安全防御Key words
Security Socket Layer(SSL) protocol/Transport Layer Security(TLS) protocol/session key/Netfilter mechanism/session hijacking/security defense分类
信息技术与安全科学引用本文复制引用
刘新亮,杜瑞颖,陈晶,王持恒,姚世雄,陈炯..针对SSL/TLS协议会话密钥的安全威胁与防御方法[J].计算机工程,2017,43(3):147-153,7.基金项目
国家自然科学基金(61572380) (61572380)
最高人民检察院技术信息研究中心中央级公益性科研院所基本科研业务费专项资金(JBKY20150620). (JBKY20150620)
