节点文献
一种改进的SSL握手协议及在VPN中的应用
An Improved SSL Handshake Protocol and Its Application in VPN
【作者】 舒之兵;
【导师】 欧阳星明;
【作者基本信息】 华中科技大学 , 计算机应用技术, 2006, 硕士
【摘要】 随着计算机网络技术的快速发展,网络安全的重要性日益突出,作为TCP/IP上的SSL安全协议应用越来越广泛。但SSL本身存在着安全缺陷,不能很好地满足网络应用日益提高的安全性要求。为了进一步提高SSL的安全性,深入分析SSL握手协议存在的安全漏洞,提出相应的改进策略,并结合扩展的Kerberos协议将改进的SSL协议应用于虚拟专用网中,具有很好的理论与实际意义。在深入了解SSL工作原理的基础上,通过对SSL握手协商流程的详细分析,发现握手协议过程存在着密钥交换方式、密钥交换算法、会话重用机制、认证消息语义独立性等安全漏洞,提出相应的改进策略和方法。通过对Kerberos协议原理和认证过程的进一步研究表明,使用可信赖第三方认证协议Kerberos可以提高SSL握手协议的安全性。相应的具体改进措施是:针对Kerberos认证方式在加密算法公开的情况下易受口令猜测攻击的缺陷,采用将用户口令与USB认证加密卡相结合的双因子Kerberos认证方法,并将其应用于SSL协议的用户端与服务器的双向认证中,可以解决中间人攻击、密码族反转、篡改会话参数等安全漏洞问题。根据所提出的方法,采用改进的双因子Kerberos认证协议对SSL VPN设计方案进行改良,设计出合理、高效的Kerberos认证模块,并成功应用于SSL VPN系统中。实践表明,在实际的项目备案应用系统中,采用改进的Kerberos认证方式的SSL协议有效地提高了应用系统的安全性。
【Abstract】 Along with the increasing requirement of security on Internet, the SSL is applied more widely. But the SSL has some security questions. Therefore, for increasing the security of SSL, the improvement strategy is put forward. The Kerberos is used to improve on the security of SSL handshake authentication protocol, which is applied in the virtual private network. It has good theoretical and actual meaning.By analyzing the SSL Handshake Protocol thoroughly, some security questions are discovered, such as the key commutation method, the key commutation calculate way, conversation repeat, etc. Through the further research on the Kerberos authentication protocol, the Kerberos authentication protocol can improve the security of the SSL Handshake Protocol. The corresponding improvement measure—the two-factor Kerberos method which combines customer password with USB encrypt card. Besides the improved Kerberos protocol is applied in the SSL protocol, which can resolve the agent attack, overturn of the password clan, distorting in session parameters, etc.Through introducing above proposed approach, the two-factor Kerberos authentication protocol is adopted to amend the design of SSL VPN, and then a reasonable and effective authentication module is achieved, which can be applied to SSL VPN successfully. In the application, the SSL protocol which uses the improved Kerberos authentication enhances the security of applications successfully and effectively.
【Key words】 Secure socket layer; Encryption algorithm; Kerberos authentication protocol; Virtual private network;
- 【网络出版投稿人】 华中科技大学 【网络出版年期】2008年 03期
- 【分类号】TP393.1
- 【被引频次】4
- 【下载频次】296