{"title":"TLS认证的安全性分析","authors":"A. Ranjan, Vijay Kumar, M. Hussain","doi":"10.1109/IC3I.2014.7019737","DOIUrl":null,"url":null,"abstract":"TLS is the cryptographic protocol used in the internet. It consists of set of protocols which are used for negotiation of cryptographic parameters, encryption-decryption and reporting errors during the process. Security Analysis of any cryptographic protocol is very much needed to discover vulnerability and to evaluate its security properties. First we theoretically analysed the protocol using automated tool scyther and draw important conclusion. After that we have performed one real time experiment to identify the loopholes with TLS authentication. We gathered the data and prepared the record of it then we have analysed the reasons behind it and suggested some generic countermeasures to handle them. In this paper we intend to find out the loopholes of TLS and found that certificate forging could be considered as a loophole of TLS security mechanism and discovered its cause and proposed the countermeasures.","PeriodicalId":430848,"journal":{"name":"2014 International Conference on Contemporary Computing and Informatics (IC3I)","volume":"144 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":"{\"title\":\"Security analysis of TLS authentication\",\"authors\":\"A. Ranjan, Vijay Kumar, M. Hussain\",\"doi\":\"10.1109/IC3I.2014.7019737\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"TLS is the cryptographic protocol used in the internet. It consists of set of protocols which are used for negotiation of cryptographic parameters, encryption-decryption and reporting errors during the process. Security Analysis of any cryptographic protocol is very much needed to discover vulnerability and to evaluate its security properties. First we theoretically analysed the protocol using automated tool scyther and draw important conclusion. After that we have performed one real time experiment to identify the loopholes with TLS authentication. We gathered the data and prepared the record of it then we have analysed the reasons behind it and suggested some generic countermeasures to handle them. In this paper we intend to find out the loopholes of TLS and found that certificate forging could be considered as a loophole of TLS security mechanism and discovered its cause and proposed the countermeasures.\",\"PeriodicalId\":430848,\"journal\":{\"name\":\"2014 International Conference on Contemporary Computing and Informatics (IC3I)\",\"volume\":\"144 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"18\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 International Conference on Contemporary Computing and Informatics (IC3I)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IC3I.2014.7019737\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Conference on Contemporary Computing and Informatics (IC3I)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IC3I.2014.7019737","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
TLS is the cryptographic protocol used in the internet. It consists of set of protocols which are used for negotiation of cryptographic parameters, encryption-decryption and reporting errors during the process. Security Analysis of any cryptographic protocol is very much needed to discover vulnerability and to evaluate its security properties. First we theoretically analysed the protocol using automated tool scyther and draw important conclusion. After that we have performed one real time experiment to identify the loopholes with TLS authentication. We gathered the data and prepared the record of it then we have analysed the reasons behind it and suggested some generic countermeasures to handle them. In this paper we intend to find out the loopholes of TLS and found that certificate forging could be considered as a loophole of TLS security mechanism and discovered its cause and proposed the countermeasures.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
