• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.11
• /
• pp.2160-2168
• /
• 2015

The SSL/TLS, one of the most popular encryption protocol, was developed as a solution of various network security problem while the network traffic has become complex and diverse. But the SSL/TLS traffic has been identified as its protocol name, not its used services, which is required for the effective network traffic management. This paper proposes a new method to generate service signatures automatically from SSL/TLS payload data and to classify network traffic in accordance with their application services. We utilize the certificate publication information field in the certificate exchanging record of SSL/TLS traffic for the service signatures, which occurs when SSL/TLS performs Handshaking before encrypt transmission. We proved the performance and feasibility of the proposed method by experimental result that classify about 95% SSL/TLS traffic with 95% accuracy for every SSL/TLS services.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.2
• /
• pp.289-298
• /
• 2016

Though, thanks to NPKI(National Public Key Infrastructure), the Korean secure Internet transaction environment has been rapidly grown in the last decade, it also faces with several problems, which need to be solved in near future, mainly resulted from the lack of openness and compatability of the NPKI-based environment which is operating in a closed way. It is believed that those problems of the NPKI can be solved when it is implemented to be based on the SSL/TLS, an international standard for web-based secure Internet transactions. The transition to the SSL/TLS-based NPKI needs to be performed so that the advantages of current NPKI are well maintained. The purpose of this paper is to comparatively analyze the NPKI and the SSL/TLS so as to give basic idea of implementing the current NPKI to be based on the SSL/TLS. The analysis will show not only how the SSL/TLS-based NPKI can improve current NPKI but also how the advantages of current NPKI can be maintained by the SSL/TLS-based NPKI.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2002.05d
• /
• pp.840-843
• /
• 2002

본 논문에서는 전송계층에서의 안전한 통신을 위한 사실상의 표준으로서 자리를 잡고 있는 Secure Sockets Layer(SSL)와 Transport Layer Security(TLS)의 Handshake 프로토콜 취약성을 평가하기 위한 평가 도구를 제안한다. SSL/TLS Handshake 프로토콜 고유의 취약성과는 달리 구현 제품들에서의 문제점으로 인하여 보안성이 결여될 수 있다. 현재 SSL/TLS를 구현한 제품들이 다양하게 구현되어 있으나 구현과정에서 벤더나 프로그래머에 따라 SSL/TLS Handshake 프로토콜 고유의 취약성들이 다르게 표출될 수 있으므로 본 논문에서는 이들 구현제품들의 문제점으로 인한 보안성 결여를 평가하기 위한 도구를 개발한다.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.10
• /
• pp.1269-1284
• /
• 2001

The Secure Sockets Layer is a protocol for encryption TCP/IP traffic that provides confidentiality, authentication and data integrity. Also the SSL is intended to provide the widely applicable connection-oriented mechanism which is applicable for various application-layer, for Internet client/server communication security. SSL, designed by Netscape is supported by all clients' browsers and server supporting security services. Now the version of SSL is 3.0. The first official TLS vl.0 specification was released by IETF Transport Layer Security working group in January 1999. As the version of SSL has had upgraded, a lot of vulnerabilities were revealed. SSL and TLS generate the private key with parameters exchange method in handshake protocol, a lot of attacks may be caused on this exchange mechanism, also the same thing may be come about in record protocol. In this paper, we analyze SSL protocol, compare the difference between TLS and SSL protocol, and suggest what developers should pay attention to implementation.

• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.169-185
• /
• 2017

Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.3
• /
• pp.595-603
• /
• 2017

We propose a scheme to reduce the time for the SSL/TLS handshake by embedding it into the TCP 3-way handshake. The scheme can be selectively applied on the standard TCP for making the SSL/TCP handshake happen within the TCP handshake, rather than performing the TCP handshake and SSL/TLS handshake in sequence. We implemented a prototype of the scheme and did some experiments on its performance. Experimental results showed that, compared to the sequential handshakes of the TCP and the SSL/TLS, the time reduction achieved by the scheme varied in the range of 3.2% and 14%(when the elapsed time by the ping program from the client to the server was 11.6ms). The longer the time measured by the ping program, which would grow as the propagation and queuing delays do, the larger the reduction rate. It accords with the supposition that the reduced time due to the scheme will increase in proportion to the amount of the elapsed time measured by the ping program.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.145-153
• /
• 2018

SSL (Secure Socket Layer) and TLS (Transport Layer Security) are widely used protocols for secure and encrypted communication over a computer network. However, there have been reported several security vulnerabilities of SSL/TLS over the years. The vulnerabilities can let an adversary carry out critical attacks on SSL/TLS enabled servers. In this paper, we have developed a system which can periodically scan SSL/TLS vulnerabilities on internal network servers and quickly detects, reports and visualizes the vulnerabilities. We have evaluated the system on working servers of Naver services and analyzed detected vulnerabilities. 816 vulnerabilities are found on 213 internal server domains (4.2 vulnerabilities on average) and most vulnerable servers are not opened to public. However, 46 server domains have old vulnerabilites which were found 2016. We could patch and response to SSL/TLS vulnerabilites of servers by leveraging the proposed system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.1-8
• /
• 2019

Internet of Things (IoT) is proliferating to provide more intelligent services by interconnecting various Internet devices, and TCP based MQTT is being used as a standard communication protocol of the IoT. Although it is recommended to use TLS/SSL security protocol for TCP with MQTT-based IoT devices, encryption and decryption performance degenerates when applied to low-specification / low-capacity IoT devices. In this paper, we propose an end-to-end message security protocol using elliptic curve cryptosystem, a lightweight encryption algorithm, which improves performance on both sides of the client and server, based on the simulation of TLS/SSL and the proposed protocol.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.610-612
• /
• 2002

전송계층에서의 안전한 통신을 위한 Secure Sockets Layer(SSL)와 Transport Layer Security(TLS)의 Handshake 프로토콜에서 Session ID의 저장이 매우 짧은 시간 동안 저장됨으로 전체적인 Full Handshake의 횟수가 증가한다. 따라서, 안전한 Session resume 보장함으로 서버의 session cache 기한을 연장할 수 있으며 전체적인 Full Handshake 프로토콜의 횟수를 줄일 수 있다. 본 논문에서는 Handshake 프로토콜의 성능 개선을 위하여 S/key와 같은 해쉬의 일방향 성질을 이용하는 개선된 Session resume의 방안을 제안한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.07a
• /
• pp.629-630
• /
• 2022

본 논문에서는 SSL VPN 장비에서 사용되는 대칭키 교환을 위한 TLS HANDSHAKE 과정 중, 중간자 공격을 방어하기 위한 공유 대칭키를 별도로 주입하는 기능을 개발한다. 일반적으로 TLS 프로토콜은 공격자에 안전하다고 알려져 있으나 TLS 중간자 공격으로 대칭키가 노출될 위험이 존재한다. 또한 양자컴퓨팅의 발전으로 비대칭키 연산 역시 노출될 가능성이 대두되고 있다. 본 논문에서는 이렇한 공격들을 효과적으로 방어 할 수 있는 양자키분배기(QKD)로 부터 넘겨받은 양자키를 TLS HANDSHAKE 과정에 넣어 주어 이 같은 공격에 안전한 시스템을 구축할 수 있도록 구현한다.