發(fā)布時(shí)間：2018-11-09 21:32

【摘要】：近年來(lái),隨著互聯(lián)網(wǎng)(Internet)越來(lái)越多的滲透到人們的生活當(dāng)中,網(wǎng)絡(luò)中承載傳輸?shù)闹匾畔⑴c資源與日俱增。特別是網(wǎng)上銀行、網(wǎng)上購(gòu)物等的迅猛發(fā)展,各種高科技犯罪如病毒入侵、黑客攻擊、信息泄密等越來(lái)越多,危害也越來(lái)越大。為了保護(hù)網(wǎng)絡(luò)中的數(shù)據(jù)在傳輸過(guò)程中的安全,為網(wǎng)上交易提供安全可靠環(huán)境,安全套接層協(xié)議SSL(Secure Socket Layer)被廣泛應(yīng)用。該協(xié)議位于TCP/IP協(xié)議與應(yīng)用層協(xié)議之間,利用數(shù)據(jù)加密技術(shù)和公開(kāi)密鑰技術(shù),來(lái)保證通信雙方傳輸信息的安全性和保密性。OpenSSL是對(duì)SSL協(xié)議的實(shí)現(xiàn),它包括主要的密碼算法、密鑰、證書(shū)管理功能和SSL協(xié)議,可以用于保證通信雙方的數(shù)據(jù)完整性、保密性,并對(duì)通信雙方進(jìn)行身份驗(yàn)證。OpenSSL使用RSA算法或迪菲赫爾曼算法作為密鑰加密算法,一旦安全密鑰出現(xiàn)漏洞則會(huì)嚴(yán)重影響OpenSSL的安全性,本文將主要參照RSA密鑰交換算法降級(jí)攻擊Freak攻擊,對(duì)Open SSL安全密鑰漏洞進(jìn)行研究。本文闡述了當(dāng)前國(guó)內(nèi)外通信加密的研究現(xiàn)狀,對(duì)安全密鑰漏洞攻擊實(shí)現(xiàn)基礎(chǔ)——中間人攻擊的特征進(jìn)行了研究,選擇代理服務(wù)器攻擊作為安全密鑰漏洞攻擊實(shí)現(xiàn)方法。對(duì)OpenSSL代碼和數(shù)據(jù)包進(jìn)行了深入分析,闡述了連接實(shí)現(xiàn)方式及安全密鑰漏洞產(chǎn)生的原因。參照Freak設(shè)計(jì)實(shí)現(xiàn)了基于OpenSSL的安全密鑰漏洞攻擊,并進(jìn)行了相應(yīng)的測(cè)試,證明了攻擊的有效性,提出Freak攻擊的檢測(cè)措施以及防御措施,并結(jié)合Freak攻擊以及Log Jam攻擊,給出了針對(duì)OpenSSL的安全密鑰漏洞的防御方法,有效的增強(qiáng)了OpenSSL的安全性和健壯性。
[Abstract]:In recent years, with more and more Internet (Internet) infiltrating into people's lives, the important information and resources in the network are increasing day by day. Especially with the rapid development of online banking and online shopping, various high-tech crimes such as virus invasion, hacker attacks, information leaks, and so on, are becoming more and more harmful. In order to protect the security of data in the network and to provide a secure and reliable environment for network transactions, secure socket layer protocol (SSL (Secure Socket Layer) is widely used. The protocol is located between TCP/IP protocol and application layer protocol. It uses data encryption technology and public key technology to ensure the security and confidentiality of information transmitted by both sides of communication. OpenSSL is the implementation of SSL protocol, which includes the main cryptographic algorithms. The key, certificate management function and SSL protocol can be used to ensure the data integrity and confidentiality of both sides of the communication, and to authenticate the communication parties. OpenSSL uses the RSA algorithm or the Difehmann algorithm as the key encryption algorithm. Once the security key is compromised, the security of OpenSSL will be seriously affected. This paper will mainly refer to the RSA key exchange algorithm to degrade the Freak attack and study the Open SSL security key vulnerability. In this paper, the current research status of communication encryption at home and abroad is described, and the characteristics of the man-in-the-middle attack, which is the basis of the security key vulnerability attack, are studied, and the proxy server attack is chosen as the implementation method of the security key vulnerability attack. In this paper, the OpenSSL code and data packet are analyzed in depth, and the connection implementation mode and the reasons of the security key vulnerability are expounded. With reference to Freak, the security key vulnerability attack based on OpenSSL is designed and implemented, and the corresponding tests are carried out to prove the effectiveness of the attack. The detection and defense measures of Freak attack are put forward, and combined with Freak attack and Log Jam attack, the security key vulnerability attack based on OpenSSL is designed and implemented. The method of defending the security key vulnerability against OpenSSL is given, which effectively enhances the security and robustness of OpenSSL.
【學(xué)位授予單位】：華北電力大學(xué)(北京)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TN918.4

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 李晨;熊伯安;;基于“心跳滴血”原理的網(wǎng)絡(luò)安全危害及對(duì)策研究[J];信息安全與技術(shù);2015年11期

2 張春;;淺談校園網(wǎng)ARP欺騙攻擊及其防范的研究[J];電腦知識(shí)與技術(shù);2015年02期

3 彭琳;;2014年國(guó)際網(wǎng)絡(luò)安全十大事件[J];中國(guó)信息安全;2015年01期

4 李丹林;范丹丹;;英國(guó)網(wǎng)絡(luò)安全立法及重要舉措[J];中國(guó)信息安全;2014年09期

5 張淑權(quán);;黑客攻擊電腦的幾種常見(jiàn)手法以及防御技巧[J];計(jì)算機(jī)與網(wǎng)絡(luò);2014年17期

6 劉元博;楊世清;;淺議現(xiàn)代網(wǎng)絡(luò)信息安全的重要性[J];網(wǎng)友世界;2014年09期

7 王瑛男;;計(jì)算機(jī)網(wǎng)絡(luò)安全與防范[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2013年11期

8 楊建平;;SSL中間人攻擊對(duì)策研究[J];電腦知識(shí)與技術(shù);2012年33期

9 呂翠萍;王磊;王師琪;;基于OpenSSL的安全協(xié)議SSL的應(yīng)用[J];現(xiàn)代計(jì)算機(jī)(專(zhuān)業(yè)版);2012年04期

10 袁希群;;常見(jiàn)的網(wǎng)絡(luò)攻擊方法分析[J];福建電腦;2011年11期

相關(guān)碩士學(xué)位論文 前7條

1 張會(huì)潔;可信執(zhí)行環(huán)境下緩沖區(qū)溢出攻擊防范的研究[D];北京交通大學(xué);2013年

2 王立彥;HTTPS協(xié)議中間人攻擊的實(shí)現(xiàn)與防御[D];東北大學(xué);2011年

3 周s舠，

本文編號(hào)：2321610