TY - GEN
T1 - A practical analysis of TLS vulnerabilities in Korea web environment
AU - Jeong, Jongmin
AU - Kwon, Hyunsoo
AU - Shin, Hyungjune
AU - Hur, Junbeom
N1 - Funding Information:
This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIP) (No. 2016R1A2A2A05005402). This work was also supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (No. R0190-15-2011, Development of Vulnerability Discovery Technologies for IoT Software Security).
PY - 2017
Y1 - 2017
N2 - TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.
AB - TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.
KW - E-mail privacy
KW - TLS vulnerability
KW - Transport Layer Security
KW - Web security
UR - http://www.scopus.com/inward/record.url?scp=85017626471&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85017626471&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-56549-1_10
DO - 10.1007/978-3-319-56549-1_10
M3 - Conference contribution
AN - SCOPUS:85017626471
SN - 9783319565484
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 112
EP - 123
BT - Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers
A2 - Choi, Dooho
A2 - Guilley , Sylvain
PB - Springer Verlag
T2 - 17th International Workshop on Information Security Applications, WISA 2016
Y2 - 25 August 2016 through 25 August 2016
ER -