一种防范TLS协议降级攻击的浏览器安全模型  被引量:2

A Browser Security Model for Preventing TLS Protocol Downgrade Attacks

在线阅读下载全文

作  者:张兴隆 李钰汀 程庆丰[1,2] 郭路路 ZHANG Xinglong;LI Yuting;CHENG Qingfeng;GUO Lulu(PLA Strategic Support,Force Information Engineering University,Zhengzhou 450002,China;State Key Laboratory of Mathematics Engineering and Advanced Computing,Zhengzhou 450002,China)

机构地区:[1]战略支援部队信息工程大学,郑州450002 [2]数学工程与先进计算国家重点实验室,郑州450002

出  处:《信息网络安全》2020年第3期65-74,共10页Netinfo Security

基  金:国家自然科学基金[61872449]。

摘  要:在TLS握手期间,攻击者可以利用一个或两个通信方对旧版本或弱密码套件的支持发起一系列的攻击,这种攻击被称为降级攻击。近年来与TLS相关的降级攻击被广泛研究,可以发现这些攻击并非完全相同,现有文献缺乏一种有效的分类法对它们进行分类和比较,从而在全局视角下研究降级攻击。基于此,文章提出了一种降级攻击的分类方法,并按照该方法对15种已经公开发布的针对TLS协议的降级攻击方法进行了分类。进一步,文章提出了一种轻量级机制,用于Web浏览器中的细粒度TLS安全配置。该机制允许浏览器为进入敏感域的连接强制实施最佳TLS安全配置,同时保持其余连接实施默认配置,从而检测并防止降级攻击和服务器错误配置。During a TLS handshake,an attacker who uses one or two parties to support an old version or a weak cipher suite for a series of attacks is called a downgrade attack.In recent years,TLS-related downgrade attacks have been extensively studied.In-depth study of these attacks reveals that they are not identical.The existing literature lacks a taxonomy to classify and compare them,which helps to study downgrade attacks from a global perspective.Based on this,the article proposes a classification method for downgrade attacks,focusing on fifteen kinds of downgraded attacks against the TLS protocol that have been publicly released.In addition,the article proposes a lightweight mechanism for fine-grained TLS security configuration in Web browsers.This mechanism allows the browser to enforce optimal TLS security configuration for connections entering sensitive domains while maintaining the default configuration of the remaining connections.This article mechanism can detect and prevent downgrade attacks and server misconfiguration.

关 键 词:TLS 降级攻击 WEB浏览器 细粒度TLS安全配置 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象