2009 International Conference on Advanced Information Networking and Applications Workshops (2009)
Bradford, United Kingdom
May 26, 2009 to May 29, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/WAINA.2009.76
As the use of Internet is being generalized, the security problems about data transfer are rearing up as the important issue. There are many security protocols to solve the problems and the SSL (Secure Socket layer) protocol is the most widely used one among them. While the SSL protocol is designed to defend the client from active attacks such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draws on a malfunction of the client system and modifies the software's cipher suite setting to the symmetric key algorithm which has short key length, he can eavesdrop and cryptanalyze the encrypted data. In this paper, we examine the web sites whether they generate the security session through the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.
SSL, Secure Socket Layer, Cipher Suite, Security
S. Kim, S. Hur, D. Won and Y. Lee, "Cipher Suite Setting Problem of SSL Protocol and it's Solutions," 2009 IEEE 23rd International Conference on Advanced Information Networking and Applications Workshops (WAINA), Bradford, 2009, pp. 140-146.