SSL中間人攻擊檢測系統(tǒng)的設計與實現(xiàn)
發(fā)布時間:2019-03-01 17:27
【摘要】:隨著電子商務的發(fā)展,交易安全問題已經(jīng)成為用戶關注的焦點。SSL可提供安全可靠的網(wǎng)絡環(huán)境,因此它被廣泛運用于網(wǎng)絡在線交易的場景。盡管SSL協(xié)議提供了數(shù)據(jù)加密、身份驗證等安全服務,但仍存在安全隱患,目前已出現(xiàn)多種針對SSL協(xié)議漏洞的攻擊方式,其中SSL中間人攻擊(Man In The Middle, MITM)是威脅較大的一種方式。針對SSL中間入攻擊檢測問題,本文進行了一系列的研究和拓展,主要包括以下內容:針對主流瀏覽器(IE、Chrome、Firefox)對SSL攻擊防范方案的優(yōu)勢與不足,設計了一種基于域名與證書信息綁定的SSL中間人攻擊檢測系統(tǒng),該系統(tǒng)能夠在本地計算機根證書列表被修改的情況下仍可檢測到攻擊行為。此系統(tǒng)采用C/S結構,對客戶端與服務端分別進行設計與開發(fā),其中客戶端包括瀏覽器插件、客戶端服務進程;服務器包含了Web服務器與數(shù)據(jù)收集模塊。針對各地區(qū)域名與證書的存在差異性的問題,本文開發(fā)了域名爬蟲模塊,首先實時抓取網(wǎng)站的子域名,再根據(jù)域名獲取其對應的根證書,最后將子域名與根證書信息存儲到數(shù)據(jù)庫,供SSL中間人攻擊檢測系統(tǒng)使用。實驗表明,當惡意證書被安裝在系統(tǒng)后,基于域名與證書信息綁定的檢測系統(tǒng)可以有效的檢測出SSL證書的中間人攻擊行為,該系統(tǒng)的異步檢測方式也不會對用戶使用瀏覽器訪問網(wǎng)絡產(chǎn)生影響。
[Abstract]:With the development of E-commerce, transaction security has become the focus of users' attention. SSL can provide a secure and reliable network environment, so it is widely used in the scene of online transactions. Although SSL protocol provides security services such as data encryption, authentication and so on, there are still potential security risks. At present, there are many attacks against SSL protocol vulnerability, in which SSL man-in-the-middle attacks (Man In The Middle,. MITM) is a serious threat. In view of the problem of SSL intermediate attack detection, this paper has carried on a series of research and expansion, mainly including the following contents: aiming at the advantages and disadvantages of the mainstream browser (IE,Chrome,Firefox) to the SSL attack prevention scheme, A SSL man-in-the-middle attack detection system based on the binding of domain name and certificate information is designed. The system can detect attack behavior even if the root certificate list of local computer is modified. The system adopts C / S structure to design and develop the client and server respectively. The client includes browser plug-in and client service process. The server contains Web server and data collection module. Aiming at the difference between domain name and certificate in different regions, this paper develops a domain name crawler module, which first grabs the subdomain name of the website in real time, and then obtains the corresponding root certificate according to the domain name. Finally, the sub-domain name and root certificate information are stored in the database for SSL man-in-the-middle attack detection system. The experiment shows that when the malicious certificate is installed in the system, the detection system based on the binding of domain name and certificate information can effectively detect the man-in-the-middle attack behavior of SSL certificate. The asynchronous detection mode of the system will not affect the users' access to the network using the browser.
【學位授予單位】:東南大學
【學位級別】:碩士
【學位授予年份】:2016
【分類號】:TP393.08
[Abstract]:With the development of E-commerce, transaction security has become the focus of users' attention. SSL can provide a secure and reliable network environment, so it is widely used in the scene of online transactions. Although SSL protocol provides security services such as data encryption, authentication and so on, there are still potential security risks. At present, there are many attacks against SSL protocol vulnerability, in which SSL man-in-the-middle attacks (Man In The Middle,. MITM) is a serious threat. In view of the problem of SSL intermediate attack detection, this paper has carried on a series of research and expansion, mainly including the following contents: aiming at the advantages and disadvantages of the mainstream browser (IE,Chrome,Firefox) to the SSL attack prevention scheme, A SSL man-in-the-middle attack detection system based on the binding of domain name and certificate information is designed. The system can detect attack behavior even if the root certificate list of local computer is modified. The system adopts C / S structure to design and develop the client and server respectively. The client includes browser plug-in and client service process. The server contains Web server and data collection module. Aiming at the difference between domain name and certificate in different regions, this paper develops a domain name crawler module, which first grabs the subdomain name of the website in real time, and then obtains the corresponding root certificate according to the domain name. Finally, the sub-domain name and root certificate information are stored in the database for SSL man-in-the-middle attack detection system. The experiment shows that when the malicious certificate is installed in the system, the detection system based on the binding of domain name and certificate information can effectively detect the man-in-the-middle attack behavior of SSL certificate. The asynchronous detection mode of the system will not affect the users' access to the network using the browser.
【學位授予單位】:東南大學
【學位級別】:碩士
【學位授予年份】:2016
【分類號】:TP393.08
【參考文獻】
相關期刊論文 前6條
1 錢程;陽小蘭;;一種支持Ajax框架的網(wǎng)絡爬蟲的設計與實現(xiàn)[J];計算機與數(shù)字工程;2012年04期
2 汪定;馬春光;翁臣;賈春福;;強健安全網(wǎng)絡中的中間人攻擊研究[J];計算機應用;2012年01期
3 康榮保;張玲;蘭昆;;SSL中間人攻擊分析與防范[J];信息安全與通信保密;2010年03期
4 賈靜;薛質;;SSL中間人攻擊原理與防范[J];信息安全與通信保密;2007年04期
5 王奇;;以太網(wǎng)中ARP欺騙原理與解決辦法[J];網(wǎng)絡安全技術與應用;2007年02期
6 閆伯儒;方濱興;李斌;王W,
本文編號:2432647
本文鏈接:http://sikaile.net/jingjilunwen/dianzishangwulunwen/2432647.html
最近更新
教材專著
