摘要
SSL(Secure Socket Layer)协议是Internet应用最为广泛的安全传输协议,在网络银行、电子商务等大型网络交易中用于保护用户的敏感数据。在SSL应用中已经出现了两种较有威胁的中间人(Man-in-the-Middle Attack,MITM)攻击。在介绍SSL协议原理的基础上,详细分析了两种威胁SSL应用安全的MITM攻击方法的实现原理和条件,提出了两类防范此类攻击方法的有效措施。
SSL protocol is widely applied in the electronic transactions,including e-banking and e-commerce for protecting secret data.There are two dangerous MITM attacks against SSL application.Based on description SSL protocol theory,the paper analyzes the implementationand condition of these two SSL MITM attacks,and proposes two kinds of effective measures in defense against the SSL MITM attack.
出处
《信息安全与通信保密》
2010年第3期85-87,90,共4页
Information Security and Communications Privacy
基金
现代通信国家重点实验室基金资助项目(编号:9140C1105040805)
