计算机应用与软件2017,Vol.34Issue(11):264-269,329,7.DOI:10.3969/j.issn.1000-386x.2017.11.049
TLS1.3协议更新发展及其攻击与防御研究
THE DEVELOPMENTS OF TLS1.3 AND ITS ATTACK AND DEFENSE
摘要
Abstract
Secure Sockets Layer/Transport Layer Security (SSL/TLS) is intended to provide a secure channel for network communications,providing authentication,confidentiality and integrity.Due to the complexity and loopholes in the design and implementation of protocol leading to many security risks,the development of the new version of TLS1.3 caused widespread concern in the information security academia and industry.We outlined the protocol structure of TLS1.3.On this basis,several innovative changes of TLS1.3 were systematically analysed and combed,such as key schedule,PSK and 0-RTT.We reviewed the attacks received by the protocols for the last 10 years,and extracted the principle of each attack and TLS1.3 response to these attacks.And we made some predictions about the future development of TLS and make some recommendations.关键词
TLS1.3/SSL/TLS攻击/0-RTT/PSK/密钥生成表Key words
TLS1.3/SSL/TLS attack/0-RTT/PSK/Key schedule分类
信息技术与安全科学引用本文复制引用
沈若愚,卢盛祺,赵运磊..TLS1.3协议更新发展及其攻击与防御研究[J].计算机应用与软件,2017,34(11):264-269,329,7.基金项目
国家自然科学基金项目(61472084) (61472084)
上海市科委项目(16DZ1100200). (16DZ1100200)
