| With the development of Internet, business affairs over it become more and more frequently, and the security of important information during these affairs becomes a focus which is concerned by users. SSL technology is applied widely for supplying business affairs with secure network environment. Though SSL protocol can supply kinds of security service, such as encrypting and authentication, there are deficiencies in it. These deficiencies can make users suffer many serious network attacks. MITM (Man In The Middle) attack is a attack among them. How to prevent SSL from MITM attack and keep network business secure has become an urgent task.The paper firstly introduced work principle of SSL protocol, including its component, encrypting attributes and session process. And it analysed its security mechanism, and discussed possible attacks on it, researched three attacks among them. They are Communication Affair Flow Analyse Attack, Chosen-Plaintext Attack and Million Messages Attack.Then, it put emphases on MITM, analyzed the possibility of MITM, and described how to carry out MITM with ARP poisoning and Digital certificate substitute, showed the result after attack.How to prevent SSL protocol form MITM is another key research part. This paper gave two defending solutions against MITM. One used other communication ways beyond SSL protocol application, such as email, to transfer TAC (Temporary Authentication Code) in order to strengthen authentication. And it also advanced arithmetic which is used to generate master key with TAC. Another solution used the share secret between server and user, such as account and password, enhanced authentication. Mac which was generated with share secret and server's certification is used to verify server identity by client. Mac can make attacker can't complete server's certification authentication so that MITM attack failed. The solutions were both described on enhancing server authentication. And they can thwart MITM more effectively in contrast to SSL\TLS Session-Aware User Authentication which was suggested by Rolf Oppliger, Ralf Hauserand David Basin. |
PDF Full Text Request