Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.3.459

Custom Cryptographic Protocol Implementation Method Based on OpenSSL  

Lam, JunHuy (Dongseo University)
Lee, Sang-Gon (Dongseo University)
Lee, Hoon-Jae (Dongseo University)
Andrianto, Vincentius Christian (Dongseo University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.3, 2017 , pp. 459-466 More about this Journal
Abstract
One of the most widely-used open source project; OpenSSL is a cryptography library that is used to secure most web sites, servers and clients. One can secure the communication with the Secure Socket Layer (SSL) or its successor, Transport Layer Security (TLS) protocols by using the OpenSSL library. Since cryptography protocols will be updated and enhanced in order to keep the system protected, the library was written in such a way that simplifies the integration of new cryptographic methods, especially for the symmetric cryptography protocols. However, it gets a lot more complicated in adding an asymmetric cryptography protocol and no guide can be found for the integration of the asymmetric cryptography protocol. In this paper, we explained the architecture of the OpenSSL library and provide a simple tutorial to modify the OpenSSL library in order to accommodate custom protocols of both symmetric and asymmetric cryptography.
Keywords
OpenSSL architecture; custom security protocol; custom asymmetric protocol; custom symmetric protocol;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Ivan Ristic, OpenSSL Cookbook, 2nd Ed., Feisty Duck Limited, UK, March 2015.
2 Kenneth Ballard, "Secure programming with OpenSSL API," IBM developerWorks, June 2012.
3 F. Armknecht, Y. Gasmi, and et.al., "An Efficient Implementation of Trusted Channels based on OpenSSL," Proceedings of the 3rd ACM workshop on Scalable trusted computing, pp. 41-50, Oct. 2008.
4 M. Carvalho, J. DeMott, R. Ford, and D. Wheeler, "Heartbleed 101," IEEE Security & Privacy, 12(4), 63-67, July. 2014.   DOI
5 Z, Durumeric, J. Kasten and et al., "The Matter of Heartbleed," Proceedings of the 2014 Conference on Internet Measurement Conference, pp 475-488, Nov. 2014.
6 J.A. Kupsch and B.P. Miller, "Why Do Software Assurance Tools Have Problems Finding Bugs Like Heartbleed?," Continuous Software Assurance Marketplace, 22 Apr. 2014. Web. https://www.swampinabox.org/doc/SWAMP-WP003-Heartbleed.pdf
7 LibreSSL. OpenBSD Foundation. Web. https://www.libressl.org/goals.html
8 Jon B. "OpenSSL code beyond repair, claims creator of "LibreSSL" fork", Ars Technica, Apr. 2014.
9 D.A. Wheeler, "Sloccount, 2008," Web. http://www.dwheeler.com/sloccount
10 S. Yilek, E. Rescorla, and et al., "When private keys are public: results from the 2008 Debian OpenSSL vulnerability," Proceedings of the 9th ACM SIGCOMM conference on Internet measurement, pp.15-27, Nov. 2009.
11 P. Jurkiewicz and M. Niemiec, "Implementation of a New Cipher in OpenSSL Environment the Case of INDECT Block Cipher," International Journal of Computer and Communication Engineering, 5(1), pp. 41-49, Jan. 2016.   DOI