| HTTPS/TLS协议设计和实现中的安全缺陷综述 |
| |
| 引用本文: | 韦俊琳,段海新,万涛. HTTPS/TLS协议设计和实现中的安全缺陷综述[J]. 信息安全学报, 2018, 3(2): 1-15 |
| |
| 作者姓名: | 韦俊琳 段海新 万涛 |
| |
| 作者单位: | 清华大学, 网络科学与网络空间研究院 北京 中国 100084,清华大学, 网络科学与网络空间研究院 北京 中国 100084,华为公司渥太华研究中心 渥太华 加拿大 |
| |
| 基金项目: | 本课题得到国家自然科学基金(No.61472215,No.61636204)资助。 |
| |
| 摘 要: | SSL/TLS协议是目前广泛使用的HTTPS的核心,实现端到端通信的认证、保密性和完整性保护,也被大量应用到非web应用的其他协议(如SMTP)。因为SSL/TLS如此重要,它的安全问题也引起了研究者们的兴趣,近几年对于SSL/TLS协议的研究非常火热。本文总结了近几年四大安全顶级学术会议(Oakland,CCS,USENIX Secuity和NDSS)发表的相关论文,分析该协议设计的设计问题、实现缺陷以及证书方面的相关研究,希望对SSL/TLS协议的改进和其他协议的安全性设计有参考价值。
|
| 关 键 词: | SSL TLS 网络安全 证书 |
| 收稿时间: | 2018-02-19 |
| 修稿时间: | 2018-03-05 |
A Survey of Security Deficiencies in Design and Implementation of HTTPS/TLS |
| |
| WEI Junlin,DUAN Haixin and WAN Tao. A Survey of Security Deficiencies in Design and Implementation of HTTPS/TLS[J]. Journal of Cyber Security, 2018, 3(2): 1-15 |
| |
| Authors: | WEI Junlin DUAN Haixin WAN Tao |
| |
| Affiliation: | Institute of Network Science and Cyberspace, Tsinghua University, Beijing 100084, China,Institute of Network Science and Cyberspace, Tsinghua University, Beijing 100084, China and Huwai Ottawa Research Center, 303 Terry Fox Drive, Ottawa, Ontario K2K 3J1, Canada |
| |
| Abstract: | SSL/TLS is the fundamental component of HTTPS, which has been widely adopted in both web applications and other protocols like SMTP. Because the protocol is so critical to most of current web applications, the security issues of SSL/TLS attract so many attentions from scholars all over the world. In this paper, we surveyed related research papers published in the BIG4 top security conferences(Oakland, CCS, USENIX Security and NDSS), and systematically analyzed the security problems in the design and implement phases of SSL/TLS and certificate related concerns. We hope that this survey will increase the security of later version of SSL/TLS and design of other security protocols as well. |
| |
| Keywords: | SSL TLS network security certificate |
|
| 点击此处可从《信息安全学报》浏览原始摘要信息 |
|
点击此处可从《信息安全学报》下载免费的PDF全文 |
|
