一种安全协议的安全性分析及攻击研究

J4 ›› 2014, Vol. 36 ›› Issue (06): 1077-1082.

一种安全协议的安全性分析及攻击研究

钟军,吴雪阳,江一民,段光明

（78046部队，四川成都 610014）

收稿日期:2012-11-20 修回日期:2013-04-12 出版日期:2014-06-25 发布日期:2014-06-25

Study of security analysis and attack on a secure protocol

ZHONG Jun,WU Xueyang,JIANG Yimin,DUAN Guangming

(Troop 78046,Chengdu 610014,China)

Received:2012-11-20 Revised:2013-04-12 Online:2014-06-25 Published:2014-06-25

摘要/Abstract

摘要：

针对Web安全协议SSL的握手协议部分进行了详尽的阐述，对其安全性作了一定的分析，给出了理论上存在的三个协议漏洞的详尽描述，并且经过测试验证，指出了SSL协议存在***模式漏洞。

关键词: SSL协议, 协议漏洞, 安全性分析

Abstract:

The handshake protocol of web security protocol SSL is described detailedly and its security is analyzed. The three protocol logical bugs are theoretically elaborated in detail. In the end, by establishing the test environment, it is pointed out that the defect on *** mode exists in SSL protocol.

Key words: SSL protocol;protocol defects;security analysis

钟军,吴雪阳,江一民,段光明. 一种安全协议的安全性分析及攻击研究[J]. J4, 2014, 36(06): 1077-1082.

ZHONG Jun,WU Xueyang,JIANG Yimin,DUAN Guangming. Study of security analysis and attack on a secure protocol [J]. J4, 2014, 36(06): 1077-1082.

参考文献

［1］Freier A O, Karlton P, Kocher P C. The SSL protocol version 3.0［EB/OL］.［19960304］.http://www.freesaft.org//CIE/Topics/ssldraft/3SPEC.HTM.
［2］Dolev D, Yao A C. On the security of public key protocols［C］∥Proc of the IEEE 22nd Annual Symposium on Foundations of Computer Science,1981:350357.
［3］Dierks T, Allen C. Standards Track Request for Comments 2246［S］. The TLS protocol Version 1.0. Network Working Group, 1999.
［4］Dierks T, Rescorla E. Standards Track Request for Comments 4346［S］.The transport layer security (TLS) protocol version 1.1. Network Working Group, 2006.
［5］Dierks T, Rescorla E. Standards Track Request for Comments 5246［S］.The transport layer security (TLS) protocol version 1.2. Network Working Group, 2008.
［6］Khare R,Lawrence S.Standards Track Request for Comments 2817［S］.Upgrading to TLS within HTTP/1.1. Network Working Group, 2000.
［7］Rescorla E. Informational Request for Comments 2818［S］.HTTP Over TLS. Network Working Group, 2000.
［8］Wagner D, Schneier B. Analysis of the SSL 3.0 protocol［C］∥Proc of the 2nd USENIX Workshop on Electronic Commercem,1996:2940.
［9］Mitchell J, Shmatikov V, Stern U. Finitestate analysis of SSL 3.0［C］∥Proc of the 7th USENIX Security Symposium, 1998:201216.
［10］Paulson L C.Inductive analysis of the internet protocol TLS［J］. ACM Transactions on Computer and System Security, 1999,2(3):332351.
［11］Bleichenbacher D. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1［C］∥Proc of CRYPTO ’98, 1998:112.
［12］Manger J.A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS#1 v2.0［C］∥Proc of CRYPTO ’01, 2001:230238.

[1]	顾彦波，李敬文，火金萍，席晓慧. 一种多笔画图形加数字的图形密码方案[J]. 计算机工程与科学, 2019, 41(11): 1954-1960.
[2]	罗炜麟，魏欧，黄鸣宇. 基于SAT求解器的故障树最小割集求解算法[J]. 计算机工程与科学, 2017, 39(04): 725-733.
[3]	刘雪1,胡军1,2, 黄志球1,马金晶1,程桢1，石娇洁1. 模型驱动的嵌入式系统设计安全性验证方法研究[J]. J4, 2015, 37(08): 1498-1509.
[4]	李宁黄辰林罗军. 基于分布式隧道模型的SSLVPN的设计和实现[J]. J4, 2008, 30(8): 8-11.
[5]	欧阳星明舒之兵. 对SSL握手协议密钥交换方式的改进与应用[J]. J4, 2006, 28(11): 15-17.
[6]	余胜生王勇. LINUX下一种安全的SSLVPN设计与研究[J]. J4, 2006, 28(1): 1-2.
[7]	周敬利曾海鹏. SSL VPN服务器关键技术研究[J]. J4, 2005, 27(6): 7-9.