Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2008.15-C.5.359

CipherSuite Setting Problem of SSL Protocol and It's Solutions  

Lee, Yun-Young (성균관대학교 전자전기컴퓨터공학과)
Hur, Soon-Haeng (성균관대학교 전자전기컴퓨터공학과)
Park, Sang-Joo (LG전자 연구원)
Shin, Dong-Hwi (한국정보보호진흥원 암호응용팀)
Won, Dong-Ho (성균관대학교 정보통신공학부)
Kim, Seung-Joo (성균관대학교 정보통신공학부)
Publication Information
The KIPS Transactions:PartC / v.15C, no.5, 2008 , pp. 359-366 More about this Journal
Abstract
As the use of Internet and information communication technology is being generalized, the SSL protocol is essential in Internet because the important data should be transferred securely. While the SSL protocol is designed to defend from active attack such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draw on a malfunction of the client system and modify the cipher suite setting to the symmetric key algorithm which has short key length, he should eavesdrop and cryptanalysis the encrypt data. In this paper, we examine the domestic web site whether they generate the security session through the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.
Keywords
SSL Protocol; Ciphersuite; Network Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 백승주, “Windows Vista의 사용자 계정 컨트롤 (User Account Control : UAC)”, http://www.microsoft.com/korea/technet/resources/Technetcolumn/column_uac1.mspx, Microsoft, 2006
2 Dierks, T. and E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.1”, RFC 4346, April 2006
3 “How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel”, Microsoft, 2004
4 “Internet Explorer7 홈페이지”, http://www.microsoft.com/korea/windows/products/winfamily/ie/default.mspx, Microsoft, 2007
5 Ashraf Elgohary, Tarec S. Sobh, M. Zaki, “Design of an enhancement for SSL/TLS protocols”, Computers & Security, Vol.25, Issue 4, pp.297-306 June 2006   DOI   ScienceOn
6 Secure password-based cipher suite for TLS
7 John Viega, Matt Messier, Pravir “Network security with OpenSSL”, O'REILLY
8 David Wagner, Bruce Schneier, “Analysis of the SSL 3.0 protocol”, USENIX Workshop on Electronic Commerce, ACM
9 Eric Rescorla, “SSL and TLS Designing and Building Secure Systems”, Addison-Wesley