[1]李玮 侯整风.SSL协议安全缺陷分析[J].计算机技术与发展,2006,(12):224-226.
 LI Wei,HOU Zheng-feng.Analysis of the Vulnerabilities of SSL Protocol[J].,2006,(12):224-226.
点击复制

SSL协议安全缺陷分析()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
期数:
2006年12期
页码:
224-226
栏目:
安全与防范
出版日期:
1900-01-01

文章信息/Info

Title:
Analysis of the Vulnerabilities of SSL Protocol
文章编号:
1673-629X(2006)12-0224-03
作者:
李玮 侯整风
合肥工业大学计算机与信息学院
Author(s):
LI Wei HOU Zheng-feng
Dept. of Computer, Hefei University of Technology
关键词:
安全套接字层安全缺陷
Keywords:
SSL security vulnerability
分类号:
TP393.08
文献标志码:
A
摘要:
近年来,随着对Internet上传输数据保密性的需要,安全套接字层(SSL)被广泛地使用。SSL协议基于公开密钥技术,提供了一种保护客户端/服务器通信安全的机制。但是,SSL协议仍存在一些安全缺陷,对使用SSL协议的通信带来安全隐患。文中简要介绍了SSL3.0协议的内容,重点讨论了SSL3.0协议的安全缺陷并针对缺陷提出了相应的改进方法,为协议的实现提供了参考
Abstract:
The use of secure sockets layer (SSL) on the Internet has grown significantly in recent years as more applications use the Internet to deliver data which require traffic to be confidential. The SSL protocol which is based on the public key technique is intended to provide a mechanism for Internet client/server communications security. However, SSL protocol still has some vulnerabilities, which bring some dangers to Internet communications. Introduce the content of the SSL 3.0 protocol and discuss chiefly several security vulnerabilities and attacks on the protocol. According to these vulnerabilities, also present some improvement suggestions, which give some references to the implementation of the protocol

相似文献/References:

[1]程思 程家兴[].VPN中的隧道技术研究[J].计算机技术与发展,2010,(02):156.
 CHENG Si,CHENG Jia-xing[].A Brief Discussion on Tunnel Technical of VPN[J].,2010,(12):156.
[2]黄世权.网络存储安全分析[J].计算机技术与发展,2009,(05):170.
 HUANG Shi-quan.Analysis of Network Storage's Safety[J].,2009,(12):170.
[3]张俊妍 陈启买.SOAP协议性能与安全的研究进展[J].计算机技术与发展,2009,(06):163.
 ZHANG Jun-yan,CHEN Qi-mai.Survey on Performance and Safety of SOAP[J].,2009,(12):163.
[4]支萌萌 王汝传.一种新的P2P安全积分机制[J].计算机技术与发展,2009,(08):137.
 ZHI Meng-meng,WANG Ru-chuan.A New Secure Incentive Mechanism in Peer- to- Peer System[J].,2009,(12):137.
[5]孙丽艳.基于激励机制的认知无线电自私行为研究[J].计算机技术与发展,2009,(10):170.
 SUN Li-yan.Study of Cognitive Radio' Selfish Behavior Based on Two- Stage Incentives Mechanism[J].,2009,(12):170.
[6]贺锋 王汝传.一种基于PKI的P2P身份认证技术[J].计算机技术与发展,2009,(10):181.
 HE Feng,WANG Ru-chuan.A Peer- to- Peer Identity Authentication Technology Based on PKI[J].,2009,(12):181.
[7]赵昌伦 武波.基于.Net的军队计算机网络信息安全对策[J].计算机技术与发展,2009,(01):150.
 ZHAO Chang-lun,WU Bo.Information Security Countermeasures of Army Computer Networks Based on . Net[J].,2009,(12):150.
[8]吕武玲 黎忠文.SIP中基于身份认证的安全机制研究[J].计算机技术与发展,2009,(02):158.
 LU Wu-ling,LI Zhong-wen.Research on Identity- Based Authentication in SIP[J].,2009,(12):158.
[9]蔡诗维 钟诚.基于兴趣社群的P2P网络节点自治管理方法[J].计算机技术与发展,2008,(03):161.
 CAI Shi-wei,ZHONG Cheng.A Self- Governing Management Approach in P2P Network Based on Interest Community[J].,2008,(12):161.
[10]黄科文 郑洪源 丁秋林.移动Agent系统JADE-S的研究与改进[J].计算机技术与发展,2008,(03):165.
 HUANG Ke-wen,ZHENG Hong-yuan,DING Qiu-lin.Research and Improvement on JADE - S of Mobile Agent[J].,2008,(12):165.

备注/Memo

备注/Memo:
李玮(1983-),男,安徽合肥人,硕士研究生,研究方向为网络安全;侯整风,教授,研究方向为计算机网络与信息安全
更新日期/Last Update: 1900-01-01