發(fā)布時間：2018-11-09 21:32

【摘要】：近年來,隨著互聯(lián)網(wǎng)(Internet)越來越多的滲透到人們的生活當(dāng)中,網(wǎng)絡(luò)中承載傳輸?shù)闹匾�信息與資源與日俱增。特別是網(wǎng)上銀行、網(wǎng)上購物等的迅猛發(fā)展,各種高科技犯罪如病毒入侵、黑客攻擊、信息泄密等越來越多,危害也越來越大。為了保護網(wǎng)絡(luò)中的數(shù)據(jù)在傳輸過程中的安全,為網(wǎng)上交易提供安全可靠環(huán)境,安全套接層協(xié)議SSL(Secure Socket Layer)被廣泛應(yīng)用。該協(xié)議位于TCP/IP協(xié)議與應(yīng)用層協(xié)議之間,利用數(shù)據(jù)加密技術(shù)和公開密鑰技術(shù),來保證通信雙方傳輸信息的安全性和保密性。OpenSSL是對SSL協(xié)議的實現(xiàn),它包括主要的密碼算法、密鑰、證書管理功能和SSL協(xié)議,可以用于保證通信雙方的數(shù)據(jù)完整性、保密性,并對通信雙方進行身份驗證。OpenSSL使用RSA算法或迪菲赫爾曼算法作為密鑰加密算法,一旦安全密鑰出現(xiàn)漏洞則會嚴(yán)重影響OpenSSL的安全性,本文將主要參照RSA密鑰交換算法降級攻擊Freak攻擊,對Open SSL安全密鑰漏洞進行研究。本文闡述了當(dāng)前國內(nèi)外通信加密的研究現(xiàn)狀,對安全密鑰漏洞攻擊實現(xiàn)基礎(chǔ)——中間人攻擊的特征進行了研究,選擇代理服務(wù)器攻擊作為安全密鑰漏洞攻擊實現(xiàn)方法。對OpenSSL代碼和數(shù)據(jù)包進行了深入分析,闡述了連接實現(xiàn)方式及安全密鑰漏洞產(chǎn)生的原因。參照Freak設(shè)計實現(xiàn)了基于OpenSSL的安全密鑰漏洞攻擊,并進行了相應(yīng)的測試,證明了攻擊的有效性,提出Freak攻擊的檢測措施以及防御措施,并結(jié)合Freak攻擊以及Log Jam攻擊,給出了針對OpenSSL的安全密鑰漏洞的防御方法,有效的增強了OpenSSL的安全性和健壯性。
[Abstract]:In recent years, with more and more Internet (Internet) infiltrating into people's lives, the important information and resources in the network are increasing day by day. Especially with the rapid development of online banking and online shopping, various high-tech crimes such as virus invasion, hacker attacks, information leaks, and so on, are becoming more and more harmful. In order to protect the security of data in the network and to provide a secure and reliable environment for network transactions, secure socket layer protocol (SSL (Secure Socket Layer) is widely used. The protocol is located between TCP/IP protocol and application layer protocol. It uses data encryption technology and public key technology to ensure the security and confidentiality of information transmitted by both sides of communication. OpenSSL is the implementation of SSL protocol, which includes the main cryptographic algorithms. The key, certificate management function and SSL protocol can be used to ensure the data integrity and confidentiality of both sides of the communication, and to authenticate the communication parties. OpenSSL uses the RSA algorithm or the Difehmann algorithm as the key encryption algorithm. Once the security key is compromised, the security of OpenSSL will be seriously affected. This paper will mainly refer to the RSA key exchange algorithm to degrade the Freak attack and study the Open SSL security key vulnerability. In this paper, the current research status of communication encryption at home and abroad is described, and the characteristics of the man-in-the-middle attack, which is the basis of the security key vulnerability attack, are studied, and the proxy server attack is chosen as the implementation method of the security key vulnerability attack. In this paper, the OpenSSL code and data packet are analyzed in depth, and the connection implementation mode and the reasons of the security key vulnerability are expounded. With reference to Freak, the security key vulnerability attack based on OpenSSL is designed and implemented, and the corresponding tests are carried out to prove the effectiveness of the attack. The detection and defense measures of Freak attack are put forward, and combined with Freak attack and Log Jam attack, the security key vulnerability attack based on OpenSSL is designed and implemented. The method of defending the security key vulnerability against OpenSSL is given, which effectively enhances the security and robustness of OpenSSL.
【學(xué)位授予單位】：華北電力大學(xué)(北京)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TN918.4

【參考文獻】

相關(guān)期刊論文 前10條

1 李晨;熊伯安;;基于“心跳滴血”原理的網(wǎng)絡(luò)安全危害及對策研究[J];信息安全與技術(shù);2015年11期

2 張春;;淺談校園網(wǎng)ARP欺騙攻擊及其防范的研究[J];電腦知識與技術(shù);2015年02期

3 彭琳;;2014年國際網(wǎng)絡(luò)安全十大事件[J];中國信息安全;2015年01期

4 李丹林;范丹丹;;英國網(wǎng)絡(luò)安全立法及重要舉措[J];中國信息安全;2014年09期

5 張淑權(quán);;黑客攻擊電腦的幾種常見手法以及防御技巧[J];計算機與網(wǎng)絡(luò);2014年17期

6 劉元博;楊世清;;淺議現(xiàn)代網(wǎng)絡(luò)信息安全的重要性[J];網(wǎng)友世界;2014年09期

7 王瑛男;;計算機網(wǎng)絡(luò)安全與防范[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2013年11期

8 楊建平;;SSL中間人攻擊對策研究[J];電腦知識與技術(shù);2012年33期

9 呂翠萍;王磊;王師琪;;基于OpenSSL的安全協(xié)議SSL的應(yīng)用[J];現(xiàn)代計算機(專業(yè)版);2012年04期

10 袁希群;;常見的網(wǎng)絡(luò)攻擊方法分析[J];福建電腦;2011年11期

相關(guān)碩士學(xué)位論文 前7條

1 張會潔;可信執(zhí)行環(huán)境下緩沖區(qū)溢出攻擊防范的研究[D];北京交通大學(xué);2013年

2 王立彥;HTTPS協(xié)議中間人攻擊的實現(xiàn)與防御[D];東北大學(xué);2011年

3 周s舠，

本文編號：2321610