|
|||||
|
|
| SSL3.0基本握手协议的运行模式分析 | |
| 引用本文: | 莫燕,张玉清,李学干.SSL3.0基本握手协议的运行模式分析[J].中国科学院研究生院学报,2005,22(4):511-517. |
| 作者姓名: | 莫燕 张玉清 李学干 |
| 作者单位: | 1. 中国科学院研究生院国家计算机网络入侵防范中心,北京,100049;西安电子科技大学计算机学院,西安,710071 2. 中国科学院研究生院国家计算机网络入侵防范中心,北京,100049 3. 西安电子科技大学计算机学院,西安,710071 |
| 基金项目: | 国家自然科学基金项目 ( 60 10 2 0 0 4,60 2 73 0 2 7,60 0 2 5 2 0 5 )资助 |
| 摘 要: | 主要使用运行模式法对简化的SSL3 0基本握手协议进行了形式化分析.通过分析,找到了3种不同的攻击形式,并且对这3种攻击形式进行了深入研究,发现这3种攻击虽然从表面上看都是由于允许不同版本共存的漏洞引起的,但是经过仔细分析攻击的形式,发现这3种攻击是存在差异的.主要是角色欺骗不相同,而这又可能会造成潜在攻击.最后对这个协议进行了改进,从而有效避免了以上3种攻击,提高了协议的安全性 |
| 关 键 词: | SSL协议 形式化分析 运行模式分析法 |
| 文章编号: | 1002-1175(2005)04-0511-07 |
| 修稿时间: | 2004年5月9日 |
The Running-Mode Analysis of SSL3.0 Basic Handshake Protocol |
|
| Mo Yan,ZHANG Yu-Qing,LI Xue-gan.The Running-Mode Analysis of SSL3.0 Basic Handshake Protocol[J].Journal of the Graduate School of the Chinese Academy of Sciences,2005,22(4):511-517. | |
| Authors: | Mo Yan ZHANG Yu-Qing LI Xue-gan |
| Institution: | MO Yan 1,2 ZHANG Yu-Qing 1 LI Xue-Gan 2 |
| Abstract: | The simplified SSL3 0 basic handshake protocol is analyzed by using a formal analysis method called the approach of the running-mode analysis. By analyzing the protocol, we find three different types of attack. Through an in-depth research,we also find that although these three attacks seem to result from the leak of allowing different versions to coexist, they are different. The major difference is the different role imitation, which probably leads to potential attacks. Finally, some improvement is made to avoid these three attacks effectively, which improves the security of the protocol. |
| Keywords: | SSL protocol formal analysis running-mode analysis |
| 本文献已被 CNKI 万方数据 等数据库收录! | |