Cipher suite setting problem of SSL protocol and it's solutions

Yunyoung Lee; Soonhaeng Hur; Dongho Won; Seungjoo Kim

doi:10.1109/WAINA.2009.76

Cipher suite setting problem of SSL protocol and it's solutions

Yunyoung Lee, Soonhaeng Hur, Dongho Won, Seungjoo Kim

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

As the use of Internet is being generalized, the security problems about data transfer are rearing up as the important issue. There are many security protocols to solve the problems and the SSL(Secure Socket layer) protocol is the most widely used one among them. While the SSL protocol is designed to defend the client from active attacks such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draws on a malfunction of the client system and modifies the software's cipher suite setting to the symmetric key algorithm which has short key length, he can eavesdrop and cryptanalyze the encrypted data. In this paper, we examine the web sites whether they generate the security session through the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.

Original language	English
Title of host publication	Proceedings - 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009
Pages	140-146
Number of pages	7
DOIs	https://doi.org/10.1109/WAINA.2009.76
Publication status	Published - 2009
Externally published	Yes
Event	2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009 - Bradford, United Kingdom Duration: 2009 May 26 → 2009 May 29

Publication series

Name	Proceedings - International Conference on Advanced Information Networking and Applications, AINA
ISSN (Print)	1550-445X

Other

Other	2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009
Country	United Kingdom
City	Bradford
Period	09/5/26 → 09/5/29

Keywords

Cipher suite
SSL
Secure socket layer
Security

ASJC Scopus subject areas

Engineering(all)

Access to Document

10.1109/WAINA.2009.76

Fingerprint Dive into the research topics of 'Cipher suite setting problem of SSL protocol and it's solutions'. Together they form a unique fingerprint.

Cite this

Lee, Y., Hur, S., Won, D., & Kim, S. (2009). Cipher suite setting problem of SSL protocol and it's solutions. In Proceedings - 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009 (pp. 140-146). [5136638] (Proceedings - International Conference on Advanced Information Networking and Applications, AINA). https://doi.org/10.1109/WAINA.2009.76

Cipher suite setting problem of SSL protocol and it's solutions. / Lee, Yunyoung; Hur, Soonhaeng; Won, Dongho; Kim, Seungjoo.

Proceedings - 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009. 2009. p. 140-146 5136638 (Proceedings - International Conference on Advanced Information Networking and Applications, AINA).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, Y, Hur, S, Won, D & Kim, S 2009, Cipher suite setting problem of SSL protocol and it's solutions. in Proceedings - 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009., 5136638, Proceedings - International Conference on Advanced Information Networking and Applications, AINA, pp. 140-146, 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009, Bradford, United Kingdom, 09/5/26. https://doi.org/10.1109/WAINA.2009.76

Lee Y, Hur S, Won D, Kim S. Cipher suite setting problem of SSL protocol and it's solutions. In Proceedings - 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009. 2009. p. 140-146. 5136638. (Proceedings - International Conference on Advanced Information Networking and Applications, AINA). https://doi.org/10.1109/WAINA.2009.76

@inproceedings{415635cada6c4be0b30138247c61de54,

title = "Cipher suite setting problem of SSL protocol and it's solutions",

abstract = "As the use of Internet is being generalized, the security problems about data transfer are rearing up as the important issue. There are many security protocols to solve the problems and the SSL(Secure Socket layer) protocol is the most widely used one among them. While the SSL protocol is designed to defend the client from active attacks such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draws on a malfunction of the client system and modifies the software's cipher suite setting to the symmetric key algorithm which has short key length, he can eavesdrop and cryptanalyze the encrypted data. In this paper, we examine the web sites whether they generate the security session through the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.",

keywords = "Cipher suite, SSL, Secure socket layer, Security",

author = "Yunyoung Lee and Soonhaeng Hur and Dongho Won and Seungjoo Kim",

year = "2009",

doi = "10.1109/WAINA.2009.76",

language = "English",

isbn = "9780769536392",

series = "Proceedings - International Conference on Advanced Information Networking and Applications, AINA",

pages = "140--146",

booktitle = "Proceedings - 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009",

note = "2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009 ; Conference date: 26-05-2009 Through 29-05-2009",

}

TY - GEN

T1 - Cipher suite setting problem of SSL protocol and it's solutions

AU - Lee, Yunyoung

AU - Hur, Soonhaeng

AU - Won, Dongho

AU - Kim, Seungjoo

PY - 2009

Y1 - 2009

N2 - As the use of Internet is being generalized, the security problems about data transfer are rearing up as the important issue. There are many security protocols to solve the problems and the SSL(Secure Socket layer) protocol is the most widely used one among them. While the SSL protocol is designed to defend the client from active attacks such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draws on a malfunction of the client system and modifies the software's cipher suite setting to the symmetric key algorithm which has short key length, he can eavesdrop and cryptanalyze the encrypted data. In this paper, we examine the web sites whether they generate the security session through the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.

AB - As the use of Internet is being generalized, the security problems about data transfer are rearing up as the important issue. There are many security protocols to solve the problems and the SSL(Secure Socket layer) protocol is the most widely used one among them. While the SSL protocol is designed to defend the client from active attacks such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draws on a malfunction of the client system and modifies the software's cipher suite setting to the symmetric key algorithm which has short key length, he can eavesdrop and cryptanalyze the encrypted data. In this paper, we examine the web sites whether they generate the security session through the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.

KW - Cipher suite

KW - SSL

KW - Secure socket layer

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=70350089230&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70350089230&partnerID=8YFLogxK

U2 - 10.1109/WAINA.2009.76

DO - 10.1109/WAINA.2009.76

M3 - Conference contribution

AN - SCOPUS:70350089230

SN - 9780769536392

T3 - Proceedings - International Conference on Advanced Information Networking and Applications, AINA

SP - 140

EP - 146

BT - Proceedings - 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009

T2 - 2009 International Conference on Advanced Information Networking and Applications Workshops, WAINA 2009

Y2 - 26 May 2009 through 29 May 2009

ER -