首页    期刊浏览 2024年11月23日 星期六
登录注册

文章基本信息

  • 标题:Research and Implementation of Three HTTPS Attacks
  • 本地全文:下载
  • 作者:Cheng, Kefei ; Jia, Tingqiang ; Gao, Meng
  • 期刊名称:Journal of Networks
  • 印刷版ISSN:1796-2056
  • 出版年度:2011
  • 卷号:6
  • 期号:5
  • 页码:757-764
  • DOI:10.4304/jnw.6.5.757-764
  • 语种:English
  • 出版社:Academy Publisher
  • 摘要:With the rapid development of network applications, the issues of Network transmission security become very important. Therefore, SSL protocol is more and more widely used in a variety of network services. But the SSL protocol itself is not perfect, in practice, there are also problems. For the deficiencies of endpoint authentication in the SSL handshake process, the paper analyzes two kinds of defects existing in the SSL hand-shake process. Firstly, handshake process, in the first stage of the SSL connection, using plaintexts, existing the possibility of  being monitored and tampered. Secondly, SSL deployment of the actual application. Because of considering the factors about the performance of the network connection, that usually uses the way of switch connection based on HTTP protocol. In response to these deficiencies, this thesis adopts the two ways of forged certificates and converting the data stream from HTTPS to HTTP to attack them. In addition, a new attack mode against the data stream of HTTPS is designed and implemented. Experiments show that the above three methods cause significant security risks to HTTPS communications. Therefore, taking a static ARP table, enhanced certificate mechanism and mutual authentication of three different measures are proposed to enhance network security in the paper. It is shown that three ways can relative effectively defense against attacks on HTTPS in the experiments.
  • 关键词:SSL;HTTPS;Man in the Middle Attack;Session Hijacking
国家哲学社会科学文献中心版权所有