TY - GEN
T1 - Cipher suite setting problem of SSL protocol and it's solutions
AU - Lee, Yunyoung
AU - Hur, Soonhaeng
AU - Won, Dongho
AU - Kim, Seungjoo
PY - 2009
Y1 - 2009
N2 - As the use of Internet is being generalized, the security problems about data transfer are rearing up as the important issue. There are many security protocols to solve the problems and the SSL(Secure Socket layer) protocol is the most widely used one among them. While the SSL protocol is designed to defend the client from active attacks such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draws on a malfunction of the client system and modifies the software's cipher suite setting to the symmetric key algorithm which has short key length, he can eavesdrop and cryptanalyze the encrypted data. In this paper, we examine the web sites whether they generate the security session through the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.
AB - As the use of Internet is being generalized, the security problems about data transfer are rearing up as the important issue. There are many security protocols to solve the problems and the SSL(Secure Socket layer) protocol is the most widely used one among them. While the SSL protocol is designed to defend the client from active attacks such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draws on a malfunction of the client system and modifies the software's cipher suite setting to the symmetric key algorithm which has short key length, he can eavesdrop and cryptanalyze the encrypted data. In this paper, we examine the web sites whether they generate the security session through the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.
KW - Cipher suite
KW - SSL
KW - Secure socket layer
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=70350089230&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70350089230&partnerID=8YFLogxK
U2 - 10.1109/WAINA.2009.76
DO - 10.1109/WAINA.2009.76
M3 - Conference contribution
AN - SCOPUS:70350089230
SN - 9780769536392
T3 - Proceedings - International Conference on Advanced Information Networking and Applications, AINA
SP - 140
EP - 146
BT - Proceedings - 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009
T2 - 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009
Y2 - 26 May 2009 through 29 May 2009
ER -