| With the development of network technology,information dissemination has already exceeded the limits of time and space,showing the characteristics of globalization and network.SSL protocol plays an irreplaceable role in communication security and it is inevitable that there will be defects and shortcomings.Therefore,it's significant to study SSL technology.In recent years,the security threats against SSL has increased,such as Heart Bleed,FREAK middle attack etc,coupled with the complex physical topology,which makes traditional firewall limited.Then the distributed firewall technology comes into being.In view of problems of SSL and traditional firewall,this paper systematically studies the SSL protocol and the firewall.The improved SSL protocol is applied to low interaction honey pot which is used to construct distributed firewall so as to meet the demand of network security protection.Firstly,the shortcomings of RSA algorithm is analyzed in this paper through research on SSL,the basic ideas of ECC algorithm is introduced,and then an improved SSL based on ECC is proposed,which makes the improved SSL have higher security than the previous one.That makes it possible to improve SSL protocol from the point view of security.Through ECC encryption algorithm in the point multiplication algorithm for binary protocol optimization,paper improves the computing power,speeds up the speed of public key output and ECC algorithm in encryption and decryption process.By improving the method of determining the square residue,saving the time required by the explicit map to the elliptic curve,the efficiency of encryption and decryption is improved.The improved ECC algorithm is applied to the SSL protocol so the time of the SSL protocol in handshake process is shortened and the slow link problem of SSL is solved in a certain degree.That makes it possible to improve SSL protocol from the point view of encryption and decryption speed.Secondly,the security vulnerabilities in SSL protocol are analyzed in this paper.And the distributed firewall policy based on SSL honey pot to help defend against threat of SSL is also proposed.The policy integrates IDS,firewall and honey pot which contains the series of SSL vulnerabilities.The firewall is deployed before SSL honey pot so all attacking behavior passes by the firewall,only those that firewall does not recognize will enter the SSL honey pot.Through the simulation experiment,SSL honey pot is fully exposed on the network to entice external hackers so as to protect the real host and service network.Finally,the security performance and processing speed of SSL algorithm is tested and actual experiments are simulated using low interactive honey pot which is used to capture data.The experiment results show that the ECC algorithm applied on the SSL protocol has higher security and faster connection speed than the RSA algorithm so verifies the feasibility of the improved SSL scheme;at the same time,honey pot test results that reflect the effect of simulated attacks objectively and accurately,can be used to verify the feasibility of the proposed model and help defend against series threat of SSL. |
PDF Full Text Request