-
-
[分享]Design of an enhancement for SSL/TLS protocols
-
发表于: 2009-5-18 19:12
-
Design of an enhancement for SSL/TLS protocols
Ashraf Elgohary**, Tarek S. Sobh**, M. Zaki,*
Information System Department, Egyptian Armed Forces, Cairo, Egypt
*Computer and System Engineering Department, Faculty of Engineering, Al-Azhar University, Nasr City, Cairo, Egypt
a b s t r a c t
When studying the Transport Layer Security (TLS) Protocol, it is noticed that the most timeconsuming phase is the handshaking process between the client and the server, since many messages should be sent until successful negotiation is done and a secure session is created. The goal of this work is to design a security management system (SMS) to improve the handshaking process by making use of TLS client-side session caching, and allowing trusted users to share sessions with others, as well as giving the client an option to create his own private session with the server even when there is no trusted digital certificate from a certificate authority (CA) to link them. According to our experimental setup, the use of the proposed design has improved the performance by 3.5 times relative to the handshaking of traditional TLS.
Keywords: Security protocols, SSL/TLS, Session management, Session sharing, Client-side caching
先來看圖說故事吧~
Fig. 1 – TLS architecture (Rescorla, 2000).
Fig. 2 – The TLS handshake messages (Rescorla, 2000).
Fig. 3 – The proposed model.
Fig. 4 – The Security Manager operations.
Fig. 5 – Secure socket communications overview (Wetmore,2000).
Fig. 6 – The registered users on the server.
Fig. 7 – Trusted client interface.
其它的在 paper 中。
Ashraf Elgohary**, Tarek S. Sobh**, M. Zaki,*
Information System Department, Egyptian Armed Forces, Cairo, Egypt
*Computer and System Engineering Department, Faculty of Engineering, Al-Azhar University, Nasr City, Cairo, Egypt
a b s t r a c t
When studying the Transport Layer Security (TLS) Protocol, it is noticed that the most timeconsuming phase is the handshaking process between the client and the server, since many messages should be sent until successful negotiation is done and a secure session is created. The goal of this work is to design a security management system (SMS) to improve the handshaking process by making use of TLS client-side session caching, and allowing trusted users to share sessions with others, as well as giving the client an option to create his own private session with the server even when there is no trusted digital certificate from a certificate authority (CA) to link them. According to our experimental setup, the use of the proposed design has improved the performance by 3.5 times relative to the handshaking of traditional TLS.
Keywords: Security protocols, SSL/TLS, Session management, Session sharing, Client-side caching
先來看圖說故事吧~
Fig. 1 – TLS architecture (Rescorla, 2000).
Fig. 2 – The TLS handshake messages (Rescorla, 2000).
Fig. 3 – The proposed model.
Fig. 4 – The Security Manager operations.
Fig. 5 – Secure socket communications overview (Wetmore,2000).
Fig. 6 – The registered users on the server.
Fig. 7 – Trusted client interface.
其它的在 paper 中。
|
|
|---|---|
|
|
支持一下。最近正在搞这个东西。
目前很多邮件服务器都提供了加密功能,通过和客户端协商后可以对收发的邮件进行加密。避免被截获分析。 当然如果有了服务器的私钥(文件),通过抓包,转换,解密是可以解出邮件的。 
|
|
|
這篇「New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures」,已經完成破解 Open SSL 的成果
 ,加百力版主,您的觀點正確,SSL 不是破不了的。
|
