欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2005, Vol. 22 ›› Issue (4): 511-517.DOI: 10.7523/j.issn.2095-6134.2005.4.018

• 简报 • 上一篇    下一篇

SSL3.0基本握手协议的运行模式分析

莫燕1,2, 张玉清1, 李学干2   

  1. 1. 中国科学院研究生院国家计算机网络入侵防范中心, 北京100049;
    2. 西安电子科技大学计算机学院, 西安 710071
  • 收稿日期:2004-05-09 修回日期:2004-07-26 发布日期:2005-07-15
  • 通讯作者: 莫燕,E-mail:moy@nipc.org.cn
  • 基金资助:

    国家自然科学基金项目 (60102004,60273027,60025205)资助

The Running-Mode Analysis of SSL310 Basic Handshake Protocol

MO Yan1,2, ZHANG Yu-Qing1, LI Xue-Gan2   

  1. 1. National Computer Network Intrusion Protection Center, Graduate School of the Chinese Academy of Sciences, Beijing 100049, China;
    2. School of Computer Science and Engineering, Xidian University, Xi’an 710071, China
  • Received:2004-05-09 Revised:2004-07-26 Published:2005-07-15

摘要:

主要使用运行模式法对简化的SSL30基本握手协议进行了形式化分析.通过分析,找到了3种不同的攻击形式,并且对这3种攻击形式进行了深入研究,发现这3种攻击虽然从表面上看都是由于允许不同版本共存的漏洞引起的,但是经过仔细分析攻击的形式,发现这3种攻击是存在差异的.主要是角色欺骗不相同,而这又可能会造成潜在攻击.最后对这个协议进行了改进,从而有效避免了以上3种攻击,提高了协议的安全性

关键词: SSL协议, 形式化分析, 运行模式分析法

Abstract:

The simplified SSL310 basic handshake protocol is analyzed by using a formal analysis method called the approach of the running-mode analysis. By analyzing the protocol, we find three different types of attack. Through an in-depth research,we also find that although these three attacks seem to result from the leak of allowing different versions to coexist, they are different. The major difference is the different role imitation, which probably leads to potential attacks. Finally, some improvement is made to avoid these three attacks effectively, which improves the security of the protocol.

Key words: SSL protocol, formal analysis, running-mode analysis

中图分类号: