• Title/Summary/Keyword: SSL/TLS Handshake

Search Result 7, Processing Time 0.019 seconds

Development of Security Analysis Tool for SSL/TLS Handshake Protocol (SSL/TLS Handshake 프로토콜의 보안성 평가도구 개발)

  • 박지철;양종필;박영호;이경현
    • Proceedings of the Korea Multimedia Society Conference
    • /
    • 2002.05d
    • /
    • pp.840-843
    • /
    • 2002
  • 본 논문에서는 전송계층에서의 안전한 통신을 위한 사실상의 표준으로서 자리를 잡고 있는 Secure Sockets Layer(SSL)와 Transport Layer Security(TLS)의 Handshake 프로토콜 취약성을 평가하기 위한 평가 도구를 제안한다. SSL/TLS Handshake 프로토콜 고유의 취약성과는 달리 구현 제품들에서의 문제점으로 인하여 보안성이 결여될 수 있다. 현재 SSL/TLS를 구현한 제품들이 다양하게 구현되어 있으나 구현과정에서 벤더나 프로그래머에 따라 SSL/TLS Handshake 프로토콜 고유의 취약성들이 다르게 표출될 수 있으므로 본 논문에서는 이들 구현제품들의 문제점으로 인한 보안성 결여를 평가하기 위한 도구를 개발한다.

  • PDF

SSLmTCP Handshake : Embedding the SSL Handshake into the TCP 3-Way Handshake (SSLmTCP 핸드쉐이크 : SSL 핸드쉐이크를 포함하는 TCP 3-단계 핸드쉐이크)

  • Byun, Ki-Seok;Park, Jun-Cheol
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.42 no.3
    • /
    • pp.595-603
    • /
    • 2017
  • We propose a scheme to reduce the time for the SSL/TLS handshake by embedding it into the TCP 3-way handshake. The scheme can be selectively applied on the standard TCP for making the SSL/TCP handshake happen within the TCP handshake, rather than performing the TCP handshake and SSL/TLS handshake in sequence. We implemented a prototype of the scheme and did some experiments on its performance. Experimental results showed that, compared to the sequential handshakes of the TCP and the SSL/TLS, the time reduction achieved by the scheme varied in the range of 3.2% and 14%(when the elapsed time by the ping program from the client to the server was 11.6ms). The longer the time measured by the ping program, which would grow as the propagation and queuing delays do, the larger the reduction rate. It accords with the supposition that the reduced time due to the scheme will increase in proportion to the amount of the elapsed time measured by the ping program.

Performance Improvement of SSL/TLS Handshake Protocol through extension of a Session Resume (Session Resume의 기한 연장을 이용한 SSL/TLS Handshake 프로토콜의 성능 개선)

  • 박지철;한명진;이경현
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2002.10c
    • /
    • pp.610-612
    • /
    • 2002
  • 전송계층에서의 안전한 통신을 위한 Secure Sockets Layer(SSL)와 Transport Layer Security(TLS)의 Handshake 프로토콜에서 Session ID의 저장이 매우 짧은 시간 동안 저장됨으로 전체적인 Full Handshake의 횟수가 증가한다. 따라서, 안전한 Session resume 보장함으로 서버의 session cache 기한을 연장할 수 있으며 전체적인 Full Handshake 프로토콜의 횟수를 줄일 수 있다. 본 논문에서는 Handshake 프로토콜의 성능 개선을 위하여 S/key와 같은 해쉬의 일방향 성질을 이용하는 개선된 Session resume의 방안을 제안한다.

  • PDF

AN Implement EKI system for TLS HANDSHAKE (SSL HANDSHAKE 보완을 위한 EKI(External Key Insert)기능의 구현)

  • Hong, se-young;Park, Jae-Pil
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2022.07a
    • /
    • pp.629-630
    • /
    • 2022
  • 본 논문에서는 SSL VPN 장비에서 사용되는 대칭키 교환을 위한 TLS HANDSHAKE 과정 중, 중간자 공격을 방어하기 위한 공유 대칭키를 별도로 주입하는 기능을 개발한다. 일반적으로 TLS 프로토콜은 공격자에 안전하다고 알려져 있으나 TLS 중간자 공격으로 대칭키가 노출될 위험이 존재한다. 또한 양자컴퓨팅의 발전으로 비대칭키 연산 역시 노출될 가능성이 대두되고 있다. 본 논문에서는 이렇한 공격들을 효과적으로 방어 할 수 있는 양자키분배기(QKD)로 부터 넘겨받은 양자키를 TLS HANDSHAKE 과정에 넣어 주어 이 같은 공격에 안전한 시스템을 구축할 수 있도록 구현한다.

  • PDF

Service Identification Method for Encrypted Traffic Based on SSL/TLS (SSL/TLS 기반 암호화 트래픽의 서비스 식별 방법)

  • Kim, Sung-Min;Park, Jun-Sang;Yoon, Sung-Ho;Kim, Jong-Hyun;Choi, Sun-Oh;Kim, Myung-Sup
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.40 no.11
    • /
    • pp.2160-2168
    • /
    • 2015
  • The SSL/TLS, one of the most popular encryption protocol, was developed as a solution of various network security problem while the network traffic has become complex and diverse. But the SSL/TLS traffic has been identified as its protocol name, not its used services, which is required for the effective network traffic management. This paper proposes a new method to generate service signatures automatically from SSL/TLS payload data and to classify network traffic in accordance with their application services. We utilize the certificate publication information field in the certificate exchanging record of SSL/TLS traffic for the service signatures, which occurs when SSL/TLS performs Handshaking before encrypt transmission. We proved the performance and feasibility of the proposed method by experimental result that classify about 95% SSL/TLS traffic with 95% accuracy for every SSL/TLS services.

An Analysis of the Vulnerability of SSL/TLS for Secure Web Services (안전한 웹 서비스를 위한 SSL/TLS 프로토콜 취약성 분석)

  • 조한진;이재광
    • Journal of the Korea Computer Industry Society
    • /
    • v.2 no.10
    • /
    • pp.1269-1284
    • /
    • 2001
  • The Secure Sockets Layer is a protocol for encryption TCP/IP traffic that provides confidentiality, authentication and data integrity. Also the SSL is intended to provide the widely applicable connection-oriented mechanism which is applicable for various application-layer, for Internet client/server communication security. SSL, designed by Netscape is supported by all clients' browsers and server supporting security services. Now the version of SSL is 3.0. The first official TLS vl.0 specification was released by IETF Transport Layer Security working group in January 1999. As the version of SSL has had upgraded, a lot of vulnerabilities were revealed. SSL and TLS generate the private key with parameters exchange method in handshake protocol, a lot of attacks may be caused on this exchange mechanism, also the same thing may be come about in record protocol. In this paper, we analyze SSL protocol, compare the difference between TLS and SSL protocol, and suggest what developers should pay attention to implementation.

  • PDF

New Security Approaches for SSL/TLS Attacks Resistance in Practice (SSL/TLS 공격에 대한 신규 대응 방안)

  • Phuc, Tran Song Dat;Lee, Changhoon
    • The Journal of Society for e-Business Studies
    • /
    • v.22 no.2
    • /
    • pp.169-185
    • /
    • 2017
  • Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.