SSL中间人攻击检测系统的设计与实现
发布时间:2019-03-01 17:27
【摘要】:随着电子商务的发展,交易安全问题已经成为用户关注的焦点。SSL可提供安全可靠的网络环境,因此它被广泛运用于网络在线交易的场景。尽管SSL协议提供了数据加密、身份验证等安全服务,但仍存在安全隐患,目前已出现多种针对SSL协议漏洞的攻击方式,其中SSL中间人攻击(Man In The Middle, MITM)是威胁较大的一种方式。针对SSL中间入攻击检测问题,本文进行了一系列的研究和拓展,主要包括以下内容:针对主流浏览器(IE、Chrome、Firefox)对SSL攻击防范方案的优势与不足,设计了一种基于域名与证书信息绑定的SSL中间人攻击检测系统,该系统能够在本地计算机根证书列表被修改的情况下仍可检测到攻击行为。此系统采用C/S结构,对客户端与服务端分别进行设计与开发,其中客户端包括浏览器插件、客户端服务进程;服务器包含了Web服务器与数据收集模块。针对各地区域名与证书的存在差异性的问题,本文开发了域名爬虫模块,首先实时抓取网站的子域名,再根据域名获取其对应的根证书,最后将子域名与根证书信息存储到数据库,供SSL中间人攻击检测系统使用。实验表明,当恶意证书被安装在系统后,基于域名与证书信息绑定的检测系统可以有效的检测出SSL证书的中间人攻击行为,该系统的异步检测方式也不会对用户使用浏览器访问网络产生影响。
[Abstract]:With the development of E-commerce, transaction security has become the focus of users' attention. SSL can provide a secure and reliable network environment, so it is widely used in the scene of online transactions. Although SSL protocol provides security services such as data encryption, authentication and so on, there are still potential security risks. At present, there are many attacks against SSL protocol vulnerability, in which SSL man-in-the-middle attacks (Man In The Middle,. MITM) is a serious threat. In view of the problem of SSL intermediate attack detection, this paper has carried on a series of research and expansion, mainly including the following contents: aiming at the advantages and disadvantages of the mainstream browser (IE,Chrome,Firefox) to the SSL attack prevention scheme, A SSL man-in-the-middle attack detection system based on the binding of domain name and certificate information is designed. The system can detect attack behavior even if the root certificate list of local computer is modified. The system adopts C / S structure to design and develop the client and server respectively. The client includes browser plug-in and client service process. The server contains Web server and data collection module. Aiming at the difference between domain name and certificate in different regions, this paper develops a domain name crawler module, which first grabs the subdomain name of the website in real time, and then obtains the corresponding root certificate according to the domain name. Finally, the sub-domain name and root certificate information are stored in the database for SSL man-in-the-middle attack detection system. The experiment shows that when the malicious certificate is installed in the system, the detection system based on the binding of domain name and certificate information can effectively detect the man-in-the-middle attack behavior of SSL certificate. The asynchronous detection mode of the system will not affect the users' access to the network using the browser.
【学位授予单位】:东南大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP393.08
[Abstract]:With the development of E-commerce, transaction security has become the focus of users' attention. SSL can provide a secure and reliable network environment, so it is widely used in the scene of online transactions. Although SSL protocol provides security services such as data encryption, authentication and so on, there are still potential security risks. At present, there are many attacks against SSL protocol vulnerability, in which SSL man-in-the-middle attacks (Man In The Middle,. MITM) is a serious threat. In view of the problem of SSL intermediate attack detection, this paper has carried on a series of research and expansion, mainly including the following contents: aiming at the advantages and disadvantages of the mainstream browser (IE,Chrome,Firefox) to the SSL attack prevention scheme, A SSL man-in-the-middle attack detection system based on the binding of domain name and certificate information is designed. The system can detect attack behavior even if the root certificate list of local computer is modified. The system adopts C / S structure to design and develop the client and server respectively. The client includes browser plug-in and client service process. The server contains Web server and data collection module. Aiming at the difference between domain name and certificate in different regions, this paper develops a domain name crawler module, which first grabs the subdomain name of the website in real time, and then obtains the corresponding root certificate according to the domain name. Finally, the sub-domain name and root certificate information are stored in the database for SSL man-in-the-middle attack detection system. The experiment shows that when the malicious certificate is installed in the system, the detection system based on the binding of domain name and certificate information can effectively detect the man-in-the-middle attack behavior of SSL certificate. The asynchronous detection mode of the system will not affect the users' access to the network using the browser.
【学位授予单位】:东南大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP393.08
【参考文献】
相关期刊论文 前6条
1 钱程;阳小兰;;一种支持Ajax框架的网络爬虫的设计与实现[J];计算机与数字工程;2012年04期
2 汪定;马春光;翁臣;贾春福;;强健安全网络中的中间人攻击研究[J];计算机应用;2012年01期
3 康荣保;张玲;兰昆;;SSL中间人攻击分析与防范[J];信息安全与通信保密;2010年03期
4 贾静;薛质;;SSL中间人攻击原理与防范[J];信息安全与通信保密;2007年04期
5 王奇;;以太网中ARP欺骗原理与解决办法[J];网络安全技术与应用;2007年02期
6 闫伯儒;方滨兴;李斌;王W,
本文编号:2432647
本文链接:https://www.wllwen.com/jingjilunwen/dianzishangwulunwen/2432647.html
