簡易檢索 / 詳目顯示

回結果列表
研究生: 蘇民豪
Ming-hao Su
論文名稱: 安全電子商務網站遭受阻斷服務攻擊影響之研究
A Study of the Impacts of DDoS Attacks on Secure Commercial Websites
指導教授: 阮聖彰
Shanq-Jang Ruan
口試委員: 許孟超
Mon-Chau Shie
陳維美
Wei-Mei Chen
吳晉賢
Chin-Hsien Wu
學位類別: 碩士
Master
系所名稱: 電資學院 - 電子工程系
Department of Electronic and Computer Engineering
論文出版年: 2011
畢業學年度: 100
語文別: 中文
論文頁數: 61
中文關鍵詞: 電子商務安全SSL 安全
外文關鍵詞: e-commerce security, SSL security, Https
相關次數: 點閱:150下載:2
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 由於幾乎所有的電子商務網站都是使用SSL/TLS協定來保護資料傳輸過程的安全,本論文主要是探討在已安裝並執行SSL/TLS安全協定的伺服器在面對阻斷服務攻擊(Denial-of-Service,DoS)攻擊時,可能發生的狀況,例如服務延遲、當機或甚至於有破壞安全協定的情形。為了能使攻擊行為可以完全針對已安裝SSL/TLS安全機制的伺服器,並能有更精緻深入的討論,實驗上捨棄網路上現成的DoS/DDoS攻擊軟體來做實驗,而是自行設計一個SSL Client端連線程式來進行攻擊實驗,如此可以在SSL協商(SSL negotiation)過程中的每個不同階段發動不同型態的DoS攻擊,以徹底檢驗並瞭解SSL伺服器的防禦能力。

    Because almost all e-commerce sites use SSL / TLS protocol to secure the data transmission process, this thesis is to study, test and further understand what will happen to an installed SSL server (for example, service delay, crash, or some other conditions which may occur) when it is attacked by DoS (Denial-of-Service).

    In order to make the attack completely focus on SSL server, and to have more refined and in-depth study, we abandoned the available DoS attack software, but to design a SSL client-side program to launch the attacks in different stages of SSL negotiation process for a more thorough test and better understand SSL server’s defense ability.

    This study focuses on the own designed client-side program, in-depth analyzing SSL server fault tolerance ability when it is attacked by DoS.

    中文摘要 Ⅰ 英文摘要 Ⅱ 目 錄 IV 圖表索引 VI 第一章 緒論 1 1.1 研究動機 1 1.2 研究目標 3 1.3 論文架構 4 第二章 背景知識 5 2.1 SSL/TLS安全協定簡介 5 2.2 SSL安全性問題 9 2.2.1 安全漏洞相關事件 9 2.2.2 SSL已公佈之弱點紀錄 10 2.2.3 憑證認證機構漏洞 11 2.3 相關文獻 11 第三章 SSL/TLS協定之金鑰產生 14 3.1 SSL訊息功能介紹 15 3.2 SSL各訊息細節說明 16 3.2.1 ClientHello訊息 16 3.2.2 ServerHello訊息 19 3.2.3 Certificate訊息 20 3.2.4 ServerKeyExchange訊息 22 3.2.5 ServerHelloDone訊息 22 3.2.6 ClientKeyExchange訊息 22 3.2.7 ChangeCipherSpec訊息 23 3.2.8 Finished 訊息 27 3.3 SSL金鑰之產生與應用 28 3.3.1 用Pre-master key產生Master key 28 3.3.2 用Master key產生6把鑰匙 30 3.4 SSL對資料封包之處理 32 第四章 系統實驗與結果 34 4.1 實驗環境 34 4.2 正常連線下封包切割對SSL連線的影響 38 4.3 建立大量ClientHello連線對SSL連線之影響 43 4.4 建立大量ClientHello (含session ID情況下)連線 對SSL連線之影響 47 4.5 建立大量SSL連線並傳送第一和第三封包對SSL 連線之影響 51 第五章 結論 55 參考文獻 56 作者簡介 61

    [1] Larry D.Bisel, “The Role of SSL in Cybersecurity”, IT Professional, Vol. 9, Issue 2, pp. 22-25, 2007.
    [2] Zhang Yun, Yang Kuihe, Wang Yanhua, and Zhou Zhifeng, “Research on Protecting the Safety in Web System With SSL”, the Eighth International Conference on Electronic Measurement and Instruments (ICEMI), 2007.
    [3] Wesley Chou, “Inside SSL: The Secure Sockets Layer Protocol”, IT Professional, Vol. 4, Issue 4, pp. 47-52, 2007.
    [4] P. Chandra, M. Messier, and J. Viega,”Network Security with OpenSSL-Cryptography for Secure Communications,” O'Reilly Press, June 2002.
    [5] Stephen Wilson, “The Importance of PKI Today”, China Communications, pp. 15-21, December 2005.
    [6] The Internet Engineering Task Force (IETF). http://www.ietf.org/.
    [7] B. Ramsdell and S. Turner, “Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2”, RFC 5751, January 2010. http://tools.ietf.org/html/rfc5751.
    [8] J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer, “OpenPGP Message Format”, RFC 4880, November 2007. http://tools.ietf.org/html/rfc4880.
    [9] S. Kent and K. Seo, “Security Architecture for the Internet Protocol”, RFC 4301, December 2005. http://tools.ietf.org/html/rfc4301,
    [10] R. Housley, ”Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)”, RFC 4309, December 2005.
    [11] Zhihua Hu, ”The Study of E-Commerce Security Protocol”, in the IEEE International Conference on Intelligence Science and Information Engineering, pp. 349-352, 2011.
    [12] C. Neuman, T. Yu, S. Hartman, and K. Raeburn, “The Kerberos Network Authentication Service (V5)”, RFC 4120, July 2005.
    [13] T. Dierks and E. Rescorla,“The Transport Layer Security (TLS) Protocol Version 1.2“, August 2008. http://www.ietf.org/rfc/rfc5246.txt.
    [14] Xiaoyun Wang and Hongbo Yu, “How to Break MD5 and Other Hash Functions”, in the Proceedings of EUROCRYPT, LNCS3494, pp. 19-35, 2005.
    [15] Bert den Boer and AntoonBosselaers, “Collisions for the Compression Function of MD5”, in the Proceedings of EUROCRYPT, pp. 293-304, 1993.
    [16] Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, “FindingCollisions in the Full SHA-l”, in the Proceedings of Crypto’05, pp. 17-36, 2005.
    [17] Hash, CRC, and HMAC Calculator, SlavaSoft HashCalc, http://www.slavasoft.com/hashcalc/.
    [18] OpenSSL: The Open Source toolkit for SSL/TLS, http://www.openssl.org/.
    [19] Debian Corp., “Openssl  predictable random number generator”, http://www.debian.org/security/2008/dsa-1571.
    [20] Takeshi NisHhimura and Hiroyuki Sato,” Analysis of a Security Incident
    of Open Source Middleware– Case Analysis of 2008 Debian Incident of
    OpenSSL –“, IEEE Ninth Annual International Symposium on
    Applications and the Internet, 2009
    [21] PhoneFactor Inc., “SSL/TLS Authentication Gap (SSL Gap)”, http://www.phonefactor.com/sslgap.
    [22] PhoneFactor Inc., “SSL/TLS Authentication Gap – Status of Patches”,
    http://www.phonefactor.com/sslgap/ssl-tls-authentication-patches.
    [23] Richard Ford and Michael Howard, “Man-in-the-Middle Attack to the HTTPS Protocol”, IEEE Security & Privacy, Vol. 7, Issue 1, pp. 78-81, 2009.
    [24] Kefei Cheng, Tingqiang Jia and Meng Gao, ”Research and Implementation of Three HTTPS Attacks”, Journal of Networks, Vol. 6, No. 5, pp. 757-764, May 2011.
    [25] Kefei Cheng, Meng Gao and Ruijie Guo, “Analysis and Research on HTTPS Hijacking Attacks”, in the IEEE Proceedings of the Second International Conference on Networks Security, Wireless Communications and Trusted Computing, pp. 223-226, April 2010.
    [26] The Court of Haarlem declared bankrupt DigiNotar in Beverwijk, September 20, 2011. http://www.diginotar.nl/.
    [27] Juliano Rizzo, “BEAST: Surprising crypto attack against HTTPS”, ekoparty Security Conference, http://www.ekoparty.org/2011/juliano-rizzo.php.
    [28] R. Housley, W. Ford, W. Polk, and D. Solo, “X.509 Public Key Infrastructure Certificate and CRL Profile”, RFC 2459, 1999. http://www.ietf.org/rfc/rfc2459.txt
    [29] Wang Zhenzhong and Wang Yao, ”An Improvement SSL Protocol Application Research”, IEEE International Conference on Electronic & Mechanical Engineering and Information Technology, pp. 4010-4013, 2011.
    [30] Zhao Huawei and Liu Ruixia, “A Scheme to Improve Security of SSL”, IEEE Pacific-Asia Conference on Circuits, Communications and System, pp. 401-404, 2009.
    [31] Liu Niansheng, Yang Guohao, Wang Yu, and Guo Donghui, “Security Analysis and Configuration of SSL Protocol”, the International Conference on Anti-counterfeiting, Security and Identification, pp. 216-219, 2008.
    [32] Yunyoung Lee, Soonhaeng Hur, Dongho Won, and Seungjoo Kim, ” Cipher Suite Setting Problem of SSL Protocol and It’s Solutions”, IEEE International Conference on Advanced Information Networking and Applications Workshops, pp. 26-29, 2009.
    [33] Youngsang Shin, Minaxi Gupta, and Steven Myers, “A Study of the Performance of SSL on PDAs”, in the Proceedings of the 28th IEEE international conference on Computer Communications Workshops (INFOCOM), 2009.
    [34] Zhikao Ren, Minghua Liu, Chen Ye, and Chuansheng Wang, ”A Scheme of E-Commerce Security based on ECC & SSL Protocol”, IEEE International Symposium on Computer Network and Multimedia Technology, 2009.
    [35] Xiandi Zhang, Feng Yang, Zhongqiang Liu, Zhenzhi Wang, and Kaiyi Wang, ”Research and Application of Data Security for Mobile Devices”, IFIP Advances in Information and Communication Technology, Vol. 346/2011, pp. 46-56, 2011.
    [36] The Apache interface to OpenSSL. http://www.modssl.org/.
    [37] PeerSec Networks MatrixSSL-Open Source Embedded SSL.
    http://www.matrixssl.org/
    [38] AxTLS embedded SSL. http://axtls.sourceforge.net/
    [39] Daesung Lee, Hyun Sook Jang and Ki Chang Kim, ”A Lightweight Protocol Based on the SSL Protocol for Handheld Devices”, IEEE International Conference on Information Science and Applications, 2011.
    [40] AbdelNasir Alshamsi and Takamichi Saito, ”A Technical Comparison of IPSec and SSL”, IEEE International Conference on Advanced Information Networking and Applications, pp. 395-398, 2005.
    [41] Kefei Cheng, Meng Gao, and Ruijie Guo, ”Analysis and Research on HTTPS Hijacking Attacks”, IEEE International Conference on Networks Security, Wireless Communications and Trusted Computing, pp. 223-226, 2010.
    [42] Zhe Chen, Shize Guo, Rong Duan and Sheng Wang, ”Security Analysis on Mutual Authentication against Man-in-the-Middle Attack”, the IEEE International Conference on Information Science and Engineering (ICISE2009), pp. 1855-1858, 2009.
    [43] Fang Qi, Zhe Tang and Guojun Wang, “Attacks vs. Countermeasures of SSL Protected Trust Model”, the IEEE International Conference for Young Computer Scientists, pp. 1986-1991, 2008.
    [44] Liu Wu, Ren Ping, Zhang Yong and Duan Hai-Xin, “SSL-DP: A Rootkit of Network Based SSL and TLS Traffic Decryptor”, the IEEE Second Cybercrime and Trustworthy Computing Workshop, pp. 29-33, 2010.
    [45] Yu Yue, Sun Hao and Kong Yanan, ”Expand the SSL/TLS Protocol on Trusted Platform Module”, the IEEE International Conference on Computer Application and System Modeling , 2010.
    [46] Ethereal, http://www.ethereal.com/
    [47] WinPcap, http://www.winpcap.org/.
    [48] SSL與TLS實務應用–架構全球網路的安全機制, 許建隆譯,碁峯書局,2004.
    [49] Eric Rescorla, “SSL and TLS – Designing and Building Secure Systems” http://www.amazon.com/SSL-TLS-Designing-Building-Systems/dp/0201615983.
    [50] Stephen Thomas, “SSL and TLS Essentials”, Published by John Wiley & Sons Inc, 2000
    [51] Wiliiam Stallings,“Network Security Essentials – Applications and
    Standards (4th edition)”, Published by Prentice Hall, 2011

    無法下載圖示 全文公開日期 2016/12/07 (校內網路)
    全文公開日期 本全文未授權公開 (校外網路)
    全文公開日期 本全文未授權公開 (國家圖書館:臺灣博碩士論文系統)
    QR CODE