| With the rapid development of computer science and technology, more andmore social activities are transplanted to the Internet. So the problem of computersecurity has become prominent. The SSL protocol is a kind of protocol that is toensure the security of network and information. It is initiated by the client, and thenexchange the pre-master key with the server and then compute the session key thatis used to complete secure transmission. However, all kinds of attacks emerged asmore and more sensitive data is transmitted over the network.The main work of this paper is as follows:(1) There are more and more attacks aimed against the application of SSLprotocol and the means are novel. The study found that there are some limitationsof the solutions proposed in previous studies. This paper proposes new solutions tothe three kinds of attack respectively and compares them with the traditionalsolutions.(2) Analyzes the attack principle of SSL Sniffing and finds out the flaws in theapplication. Then introduces a trusted third party as a solution of the vulnerability.By introducing the third party, correlated parameters between client and server canbe synchronized, and then synchronization on both communication sides can bemaintained all the time.(3) For the SSL Stripping attack, this paper introduces the digital signaturetechnology and reducing redirection address method. The server carries on digitalsignature for302redirection address. The client verifies the signature of responsemessage and decides whether there is a need to restore the redirection addressaccording to the results of the validation.(4) For the OCSP attack, this paper introduces the digital signature technologyand message retransmission mechanism. OCSP server signs on the responsemessage. The client decides whether it is necessary to adopt the messageretransmission mechanism according to the results of the validation, and sets thethreshold on the number of retransmission. |
PDF Full Text Request