A practical analysis of TLS vulnerabilities in Korea web environment

Jongmin Jeong; Hyunsoo Kwon; Hyungjune Shin; Junbeom Hur

doi:10.1007/978-3-319-56549-1_10

A practical analysis of TLS vulnerabilities in Korea web environment

Jongmin Jeong, Hyunsoo Kwon, Hyungjune Shin, Junbeom Hur

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.

Original language	English
Title of host publication	Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers
Editors	Dooho Choi, Sylvain Guilley
Publisher	Springer Verlag
Pages	112-123
Number of pages	12
ISBN (Print)	9783319565484
DOIs	https://doi.org/10.1007/978-3-319-56549-1_10
Publication status	Published - 2017 Jan 1
Event	17th International Workshop on Information Security Applications, WISA 2016 - Jeju Island, Korea, Republic of Duration: 2016 Aug 25 → 2016 Aug 25

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10144 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	17th International Workshop on Information Security Applications, WISA 2016
Country	Korea, Republic of
City	Jeju Island
Period	16/8/25 → 16/8/25

Fingerprint

Vulnerability

Websites

Network protocols

Electronic Mail

Scanner

Transparency

Attack

Secure Communication

Confidentiality

Integrity

Industry

Keywords

E-mail privacy
TLS vulnerability
Transport Layer Security
Web security

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Cite this

Jeong, J., Kwon, H., Shin, H., & Hur, J. (2017). A practical analysis of TLS vulnerabilities in Korea web environment. In D. Choi, & S. Guilley (Eds.), Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers (pp. 112-123). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10144 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-56549-1_10

A practical analysis of TLS vulnerabilities in Korea web environment. / Jeong, Jongmin; Kwon, Hyunsoo; Shin, Hyungjune; Hur, Junbeom.

Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. ed. / Dooho Choi; Sylvain Guilley . Springer Verlag, 2017. p. 112-123 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10144 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Jeong, J, Kwon, H, Shin, H & Hur, J 2017, A practical analysis of TLS vulnerabilities in Korea web environment. in D Choi & S Guilley (eds), Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10144 LNCS, Springer Verlag, pp. 112-123, 17th International Workshop on Information Security Applications, WISA 2016, Jeju Island, Korea, Republic of, 16/8/25. https://doi.org/10.1007/978-3-319-56549-1_10

Jeong J, Kwon H, Shin H, Hur J. A practical analysis of TLS vulnerabilities in Korea web environment. In Choi D, Guilley S, editors, Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. Springer Verlag. 2017. p. 112-123. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-56549-1_10

Jeong, Jongmin ; Kwon, Hyunsoo ; Shin, Hyungjune ; Hur, Junbeom. / A practical analysis of TLS vulnerabilities in Korea web environment. Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. editor / Dooho Choi ; Sylvain Guilley . Springer Verlag, 2017. pp. 112-123 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5e26826815884002ae7e965f042aef30,

title = "A practical analysis of TLS vulnerabilities in Korea web environment",

abstract = "TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.",

keywords = "E-mail privacy, TLS vulnerability, Transport Layer Security, Web security",

author = "Jongmin Jeong and Hyunsoo Kwon and Hyungjune Shin and Junbeom Hur",

year = "2017",

month = "1",

day = "1",

doi = "10.1007/978-3-319-56549-1_10",

language = "English",

isbn = "9783319565484",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "112--123",

editor = "Dooho Choi and {Guilley }, Sylvain",

booktitle = "Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers",

}

TY - GEN

T1 - A practical analysis of TLS vulnerabilities in Korea web environment

AU - Jeong, Jongmin

AU - Kwon, Hyunsoo

AU - Shin, Hyungjune

AU - Hur, Junbeom

PY - 2017/1/1

Y1 - 2017/1/1

N2 - TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.

AB - TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.

KW - E-mail privacy

KW - TLS vulnerability

KW - Transport Layer Security

KW - Web security

UR - http://www.scopus.com/inward/record.url?scp=85017626471&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85017626471&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-56549-1_10

DO - 10.1007/978-3-319-56549-1_10

M3 - Conference contribution

AN - SCOPUS:85017626471

SN - 9783319565484

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 112

EP - 123

BT - Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers

A2 - Choi, Dooho

A2 - Guilley , Sylvain

PB - Springer Verlag

ER -

Access to Document

10.1007/978-3-319-56549-1_10