| As Internet has been developing fast, network technology goes deep into almost every side of society and economy. However, security becomes the main obstacle of network application because of the inherent property of Internet for opening and anonymity.The research of the protocols' security mechanism is based on thorough analysis of realization mechanism of every sub protocol of SSL. Security policy based on SSL handshake protocol was discussed. This paper analyzed the potential security problem may exist in realization of protocol such as those exist in certificate release, update process in canceling certificate lists and online certificate status protocol. Aiming at the newly appearing "man in-the-middle attack", the attacking process and requirement for successful attack was analyzed. Analyzing result show that if the client can't provide identification and can't get the verification of the server certification, then attacker is able to use man-in-the-middle attack to eavesdrop the entire conversation. Two kind of defending strategy, which can be used to prevent man-in-the-middle attack effectively were discussed. By adopting this two strategies, certain information in conversation can be protected. At last, this paper analyzed and compared these two methods in term of performance and security. In analyzing the two methods, the message list of SSL handshake protocol was described, different attack process and message list of corresponding security policy using denotation defined by us.Experiment show that, these two methods can both prevents man-in-the-middle attack effectively.
|
PDF Full Text Request