北京电子科技学院学报
北京電子科技學院學報
북경전자과기학원학보
JOURNAL OF BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
2012年
4期
64-70
,共7页
吴志刚%李世岗%颜晗%池亚平
吳誌剛%李世崗%顏晗%池亞平
오지강%리세강%안함%지아평
中间人攻击%可信密码模块%安全套接层协议%虚拟专用网
中間人攻擊%可信密碼模塊%安全套接層協議%虛擬專用網
중간인공격%가신밀마모괴%안전투접층협의%허의전용망
Man-in-the-middle Attacks%Trusted Cryptography Module%Secure Sockets Layer Protocol%Virtual Private Network
在分析SSLVPN协议的中间人攻击原理和已有解决方案的基础上,针对目前解决方案中未考虑平台环境因素的问题,本文提出了一种基于TCM的SSI。VPN改进协议。通过改进协议数据结构,定义新的消息类型,在SSL握手协议流程中加入可信平台完整性信息和可信证书,实现了基于底层可信防止中间人攻击。
在分析SSLVPN協議的中間人攻擊原理和已有解決方案的基礎上,針對目前解決方案中未攷慮平檯環境因素的問題,本文提齣瞭一種基于TCM的SSI。VPN改進協議。通過改進協議數據結構,定義新的消息類型,在SSL握手協議流程中加入可信平檯完整性信息和可信證書,實現瞭基于底層可信防止中間人攻擊。
재분석SSLVPN협의적중간인공격원리화이유해결방안적기출상,침대목전해결방안중미고필평태배경인소적문제,본문제출료일충기우TCM적SSI。VPN개진협의。통과개진협의수거결구,정의신적소식류형,재SSL악수협의류정중가입가신평태완정성신식화가신증서,실현료기우저층가신방지중간인공격。
By analyzing the principles of man-in-the-middle attack for the SSL VPN protocol and its solutions, and aiming at the problem that the existing solutions have not considered the factor of platform environment, a SSL VPN improvement protocol based on TCM is proposed in the paper. By improving the data structure of the protocol data unit, defining new message types, and adding the trusted platform integrity information and trusted certificate in the handshake protocol, it can prevent the man-in-the-middle attacks based on the underlying credibility.
