English | 中文

手机二维码
 
【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 504次   下载 479 本文二维码信息
码上扫一扫!
HTTPS/TLS协议设计和实现中的安全缺陷综述
韦俊琳,段海新,万涛
分享到: 微信 更多
(清华大学, 网络科学与网络空间研究院 北京 中国 100084;华为公司渥太华研究中心 渥太华 加拿大)
摘要:
SSL/TLS协议是目前广泛使用的HTTPS的核心,实现端到端通信的认证、保密性和完整性保护,也被大量应用到非web应用的其他协议(如SMTP)。因为SSL/TLS如此重要,它的安全问题也引起了研究者们的兴趣,近几年对于SSL/TLS协议的研究非常火热。本文总结了近几年四大安全顶级学术会议(Oakland,CCS,USENIX Secuity和NDSS)发表的相关论文,分析该协议设计的设计问题、实现缺陷以及证书方面的相关研究,希望对SSL/TLS协议的改进和其他协议的安全性设计有参考价值。
关键词:  SSL  TLS  网络安全  证书
DOI:10.19363/j.cnki.cn10-1380/tn.2018.03.01
投稿时间:2018-02-19修订日期:2018-03-05
基金项目:本课题得到国家自然科学基金(No.61472215,No.61636204)资助。
A Survey of Security Deficiencies in Design and Implementation of HTTPS/TLS
WEI Junlin,DUAN Haixin,WAN Tao
Institute of Network Science and Cyberspace, Tsinghua University, Beijing 100084, China;Huwai Ottawa Research Center, 303 Terry Fox Drive, Ottawa, Ontario K2K 3J1, Canada
Abstract:
SSL/TLS is the fundamental component of HTTPS, which has been widely adopted in both web applications and other protocols like SMTP. Because the protocol is so critical to most of current web applications, the security issues of SSL/TLS attract so many attentions from scholars all over the world. In this paper, we surveyed related research papers published in the BIG4 top security conferences(Oakland, CCS, USENIX Security and NDSS), and systematically analyzed the security problems in the design and implement phases of SSL/TLS and certificate related concerns. We hope that this survey will increase the security of later version of SSL/TLS and design of other security protocols as well.
Key words:  SSL  TLS  network security  certificate