• Journal of the Korea Society of Computer and Information
• /
• v.19 no.1
• /
• pp.43-55
• /
• 2014

SPDY is the new protocol proposed by Google to complement problems of HTTP(Hypertext Transfer Protocol)/1.1 and to improve web speed. In this paper, we evaluated the performance of SPDY protocol in a variety environment. By this evaluation, we examined the characteristics of the SPDY protocol and compared the differences between the existing protocol and SPDY protocol. And we took a closer look at the Flow Control of SPDY. Through this, we analyzed the problem of SPDY. It improved performance at 3G network environment, but failed to improve performance at high speed WLAN and mobility environments. We also verified that Flow Control does not work well. And finally we proposed directions for improvement of this protocol.

• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.169-185
• /
• 2017

Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.