• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.459-466
• /
• 2017

One of the most widely-used open source project; OpenSSL is a cryptography library that is used to secure most web sites, servers and clients. One can secure the communication with the Secure Socket Layer (SSL) or its successor, Transport Layer Security (TLS) protocols by using the OpenSSL library. Since cryptography protocols will be updated and enhanced in order to keep the system protected, the library was written in such a way that simplifies the integration of new cryptographic methods, especially for the symmetric cryptography protocols. However, it gets a lot more complicated in adding an asymmetric cryptography protocol and no guide can be found for the integration of the asymmetric cryptography protocol. In this paper, we explained the architecture of the OpenSSL library and provide a simple tutorial to modify the OpenSSL library in order to accommodate custom protocols of both symmetric and asymmetric cryptography.

• Journal of Internet Computing and Services
• /
• v.4 no.5
• /
• pp.87-96
• /
• 2003

The additional mechanism is required to set up a secure connection among the communication subjects in the internet environment. Each entity should transfer and receive the encrypted and hashed data to guarantee the data integrity. Also, the mutual authentication procedure should be processed using a secure communication protocol. Although the OpenSSL which implements the TLS is using by many developers and its stability and performance are proved, it has a difficulty in using because of its large size. So, this paper designs and implements the secure communication which the users can use easily by modification works of OpenSSL library API. We proved the real application results using the client/server case which supports a secure communication using the implemented API.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.12
• /
• pp.822-830
• /
• 2014

Recently, A Security service in Internet environments has been more important and the use of SSL & TLS is increasing for the personel homepage as well as administrative institutions. Also, IETF suggests using DTLS, which can provide a security service to constrained devices with lower CPU power and limited memory space under IoT environments. In this paper, we implement LEA(Lightweight Encryption Algorithm) algorithm and apply it to OpenSSL. The implemented algorithm is compared with other symmetric encryption algorithms such as AES etc, and it shows the superior performance in calculation speed.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.730-732
• /
• 2004

1996년 P. Kocher에 의해 시차공격(Timing attack)이 제안된 후 일반적인 RSA구현 시 시간차를 줄이기 위해 중국인의 나머지 정리와 Montgomery 알고리즘과 같은 다양한 방법들이 적용되어왔다. 2003년 D. Brumley와 D. Boneh가 OpenSSL(2)에서 구현된 RSA 알고리즘을 분석하여 시차공격(3)이 가능함을 보였다. 본 논문은 이들의 방법을 OpenSSL을 기반으로 하는 서버를 대상으로 구현한 실험 결과를 보인다.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.4
• /
• pp.226-238
• /
• 2010

OpenSSL is an open-source library implementing SSL that is a secure communication protocol. However, the library has a severe vulnerability that its security information can be easily exposed to malicious software when the library is used in a form of shared library on Linux and UNIX operating systems. We propose a scheme to attack the vulnerability of the OpenSSL library. The scheme injects codes into a running client program to execute the following attacks on the vulnerability in a SSL handshake. First, when a client sends a server a list of cryptographic algorithms that the client is willing to support, our scheme replaces all algorithms in the list with a specific algorithm. Such a replacement causes the server to select the specific algorithm. Second, the scheme steals a key for data encryption and decryption when the key is generated. Then the key is sent to an outside attacker. After that, the outside attacker decrypts encrypted data that has been transmitted between the client and the server, using the specified algorithm and the key. To show that our scheme is realizable, we perform an experiment of collecting encrypted login data that an ftp client using the OpenSSL shared library sends its server and then decrypting the login data.

• The KIPS Transactions:PartC
• /
• v.11C no.2
• /
• pp.163-170
• /
• 2004

The additional mechanism Is required to set up a secure connection among the communication subjects in the internet environment. Each entity should transfer and receive the encrypted and hashed data to guarantee the data integrity. Also, the mutual authentication procedure should be processed using a secure communication protocol. The SSL/TLS is a protocol which creates the secure communication channel among the communication subjects and sends/receives a data. Although the OpenSSL which implements the TLS is using by many developers and its stability and performance are proved, it has a difficulty in using because of its large size. So, this Paper designs and implements the secure communication which the users can use easily by modification works of OpenSSL library API. We proved the real application results using the DRM client/server case which supports a secure communication using the implemented API.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.985-996
• /
• 2019

This paper analyzes the source code of FIPS-OpenSSL cryptographic module approved as FIPS cryptographic module in USA and shows how the selftest requirements are implemented as software cryptographic library with respect to pre-operational test and conditional tests. Even though FIPS-OpenSSL follows FIPS 140-2 standard, lots of security requirements are similar between FIPS 140-2 and Korean cryptographic module validation standards. Therefore, analysis from this paper contributes to help Korean cryptographic module vendors develop correct and secure selftest functions on their own cryptographic modules, which results in reducing the test period.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.203-206
• /
• 2003

네트워크 상에서 송수신되는 데이터를 외부의 침입으로부터 보호하는 것은 매우 중요하며, 그 중 데이터의 무결성을 검증하고 보장하기 위한 방법으로 SSL(Secure Socket Layer)을 사용한다. 본 논문에서는 클라이언트와 서버간에 송수신되는 데이터의 무결성이 위배되었을 경우 그 정보를 검증 및 관리할 수 있도록 OpenSSL을 이용한 무결성 위배 데이터 검증 및 관리 시스템을 구성하고, 검증된 데이터를 IDS(Intrusion Detection System)로 전송하여 침입 탐지 정보와 무결성 검증 정보를 통합적으로 관리할 수 있는 IDS 통합 시스템을 제안 및 설계하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.617-618
• /
• 2009

본 논문에서는 SSL/VPN 터널링 기법을 이용하여 CCTV에서 영상정보를 보호하기 위한 SSL 통신 메카니즘을 제안하고, 제안한 방법을 기본으로한 보안 시스템의 설계 및 구축에 관하여 기술한다. 제안한 보안 시스템(VPN client와 Server) 은 Linux System O/S 인 Fedora 8 버전에서 개발하였으며 사용한 라이브러리는 OpenSSL과 PPTP와 PPP를 사용하였다.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2003.11a
• /
• pp.154-157
• /
• 2003

네트워크 상에서 송수신되는 데이터를 외부의 침입으로부터 보호하는 것은 매우 중요하며, 그 중 데이터의 무결성을 검증하고 보장하기 위한 방법으로 SSL(Secure Socket Layer)을 사용한다. 본 논문에서는 웹 환경에서 클라이언트와 서버간에 송수신되는 데이터의 무결성이 위배되었을 경우, 그 정보를 검증 및 관리할 수 있는 무결성 위배 데이터 검증 및 관리 시스템을 OpenSSL을 이용하여 구성하고, 꾑 서버를 통해 기록된 무결성 위배 로그 데이터는 IDS(Intrusion Detection System)로 전송하여 침입 탐지 정보와 항께 데이터의 무결성 검증 정보를 통합적으로 관리할 수 있도록 IDS와 연계된 무결성 정보 통합관리 시스템을 제안 및 설계하고자 한다.