A practical analysis of TLS vulnerabilities in Korea web environment

Jongmin Jeong, Hyunsoo Kwon, Hyungjune Shin, Junbeom Hur

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.

Original languageEnglish
Title of host publicationInformation Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers
EditorsDooho Choi, Sylvain Guilley
PublisherSpringer Verlag
Pages112-123
Number of pages12
ISBN (Print)9783319565484
DOIs
Publication statusPublished - 2017 Jan 1
Event17th International Workshop on Information Security Applications, WISA 2016 - Jeju Island, Korea, Republic of
Duration: 2016 Aug 252016 Aug 25

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10144 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other17th International Workshop on Information Security Applications, WISA 2016
CountryKorea, Republic of
City Jeju Island
Period16/8/2516/8/25

Keywords

  • E-mail privacy
  • TLS vulnerability
  • Transport Layer Security
  • Web security

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'A practical analysis of TLS vulnerabilities in Korea web environment'. Together they form a unique fingerprint.

Cite this