基于OpenSSL的安全密钥漏洞及其攻击方法研究

发布时间：2018-11-09 21:32

【摘要】：近年来,随着互联网(Internet)越来越多的渗透到人们的生活当中,网络中承载传输的重要信息与资源与日俱增。特别是网上银行、网上购物等的迅猛发展,各种高科技犯罪如病毒入侵、黑客攻击、信息泄密等越来越多,危害也越来越大。为了保护网络中的数据在传输过程中的安全,为网上交易提供安全可靠环境,安全套接层协议SSL(Secure Socket Layer)被广泛应用。该协议位于TCP/IP协议与应用层协议之间,利用数据加密技术和公开密钥技术,来保证通信双方传输信息的安全性和保密性。OpenSSL是对SSL协议的实现,它包括主要的密码算法、密钥、证书管理功能和SSL协议,可以用于保证通信双方的数据完整性、保密性,并对通信双方进行身份验证。OpenSSL使用RSA算法或迪菲赫尔曼算法作为密钥加密算法,一旦安全密钥出现漏洞则会严重影响OpenSSL的安全性,本文将主要参照RSA密钥交换算法降级攻击Freak攻击,对Open SSL安全密钥漏洞进行研究。本文阐述了当前国内外通信加密的研究现状,对安全密钥漏洞攻击实现基础——中间人攻击的特征进行了研究,选择代理服务器攻击作为安全密钥漏洞攻击实现方法。对OpenSSL代码和数据包进行了深入分析,阐述了连接实现方式及安全密钥漏洞产生的原因。参照Freak设计实现了基于OpenSSL的安全密钥漏洞攻击,并进行了相应的测试,证明了攻击的有效性,提出Freak攻击的检测措施以及防御措施,并结合Freak攻击以及Log Jam攻击,给出了针对OpenSSL的安全密钥漏洞的防御方法,有效的增强了OpenSSL的安全性和健壮性。
[Abstract]:In recent years, with more and more Internet (Internet) infiltrating into people's lives, the important information and resources in the network are increasing day by day. Especially with the rapid development of online banking and online shopping, various high-tech crimes such as virus invasion, hacker attacks, information leaks, and so on, are becoming more and more harmful. In order to protect the security of data in the network and to provide a secure and reliable environment for network transactions, secure socket layer protocol (SSL (Secure Socket Layer) is widely used. The protocol is located between TCP/IP protocol and application layer protocol. It uses data encryption technology and public key technology to ensure the security and confidentiality of information transmitted by both sides of communication. OpenSSL is the implementation of SSL protocol, which includes the main cryptographic algorithms. The key, certificate management function and SSL protocol can be used to ensure the data integrity and confidentiality of both sides of the communication, and to authenticate the communication parties. OpenSSL uses the RSA algorithm or the Difehmann algorithm as the key encryption algorithm. Once the security key is compromised, the security of OpenSSL will be seriously affected. This paper will mainly refer to the RSA key exchange algorithm to degrade the Freak attack and study the Open SSL security key vulnerability. In this paper, the current research status of communication encryption at home and abroad is described, and the characteristics of the man-in-the-middle attack, which is the basis of the security key vulnerability attack, are studied, and the proxy server attack is chosen as the implementation method of the security key vulnerability attack. In this paper, the OpenSSL code and data packet are analyzed in depth, and the connection implementation mode and the reasons of the security key vulnerability are expounded. With reference to Freak, the security key vulnerability attack based on OpenSSL is designed and implemented, and the corresponding tests are carried out to prove the effectiveness of the attack. The detection and defense measures of Freak attack are put forward, and combined with Freak attack and Log Jam attack, the security key vulnerability attack based on OpenSSL is designed and implemented. The method of defending the security key vulnerability against OpenSSL is given, which effectively enhances the security and robustness of OpenSSL.
【学位授予单位】：华北电力大学(北京)
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TN918.4

【参考文献】