A practical analysis of TLS vulnerabilities in Korea web environment

Jongmin Jeong, Hyunsoo Kwon, Hyungjune Shin, Junbeom Hur

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.

Original languageEnglish
Title of host publicationInformation Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers
EditorsDooho Choi, Sylvain Guilley
PublisherSpringer Verlag
Pages112-123
Number of pages12
ISBN (Print)9783319565484
DOIs
Publication statusPublished - 2017 Jan 1
Event17th International Workshop on Information Security Applications, WISA 2016 - Jeju Island, Korea, Republic of
Duration: 2016 Aug 252016 Aug 25

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10144 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other17th International Workshop on Information Security Applications, WISA 2016
CountryKorea, Republic of
City Jeju Island
Period16/8/2516/8/25

Fingerprint

Vulnerability
Websites
Network protocols
Electronic Mail
Scanner
Transparency
Attack
Secure Communication
Confidentiality
Integrity
Industry

Keywords

  • E-mail privacy
  • TLS vulnerability
  • Transport Layer Security
  • Web security

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Jeong, J., Kwon, H., Shin, H., & Hur, J. (2017). A practical analysis of TLS vulnerabilities in Korea web environment. In D. Choi, & S. Guilley (Eds.), Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers (pp. 112-123). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10144 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-56549-1_10

A practical analysis of TLS vulnerabilities in Korea web environment. / Jeong, Jongmin; Kwon, Hyunsoo; Shin, Hyungjune; Hur, Junbeom.

Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. ed. / Dooho Choi; Sylvain Guilley . Springer Verlag, 2017. p. 112-123 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10144 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Jeong, J, Kwon, H, Shin, H & Hur, J 2017, A practical analysis of TLS vulnerabilities in Korea web environment. in D Choi & S Guilley (eds), Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10144 LNCS, Springer Verlag, pp. 112-123, 17th International Workshop on Information Security Applications, WISA 2016, Jeju Island, Korea, Republic of, 16/8/25. https://doi.org/10.1007/978-3-319-56549-1_10
Jeong J, Kwon H, Shin H, Hur J. A practical analysis of TLS vulnerabilities in Korea web environment. In Choi D, Guilley S, editors, Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. Springer Verlag. 2017. p. 112-123. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-56549-1_10
Jeong, Jongmin ; Kwon, Hyunsoo ; Shin, Hyungjune ; Hur, Junbeom. / A practical analysis of TLS vulnerabilities in Korea web environment. Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. editor / Dooho Choi ; Sylvain Guilley . Springer Verlag, 2017. pp. 112-123 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{5e26826815884002ae7e965f042aef30,
title = "A practical analysis of TLS vulnerabilities in Korea web environment",
abstract = "TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.",
keywords = "E-mail privacy, TLS vulnerability, Transport Layer Security, Web security",
author = "Jongmin Jeong and Hyunsoo Kwon and Hyungjune Shin and Junbeom Hur",
year = "2017",
month = "1",
day = "1",
doi = "10.1007/978-3-319-56549-1_10",
language = "English",
isbn = "9783319565484",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "112--123",
editor = "Dooho Choi and {Guilley }, Sylvain",
booktitle = "Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers",

}

TY - GEN

T1 - A practical analysis of TLS vulnerabilities in Korea web environment

AU - Jeong, Jongmin

AU - Kwon, Hyunsoo

AU - Shin, Hyungjune

AU - Hur, Junbeom

PY - 2017/1/1

Y1 - 2017/1/1

N2 - TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.

AB - TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.

KW - E-mail privacy

KW - TLS vulnerability

KW - Transport Layer Security

KW - Web security

UR - http://www.scopus.com/inward/record.url?scp=85017626471&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85017626471&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-56549-1_10

DO - 10.1007/978-3-319-56549-1_10

M3 - Conference contribution

AN - SCOPUS:85017626471

SN - 9783319565484

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 112

EP - 123

BT - Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers

A2 - Choi, Dooho

A2 - Guilley , Sylvain

PB - Springer Verlag

ER -