DOI QR코드

DOI QR Code

Analysis of SSL Communication Process in CNG Crypto Library

CNG 암호 라이브러리에서의 SSL 통신과정 분석

  • Lee, Kyungroul (Soonchunhyang University R&BD Center for Security and Safety Industries (SSI)) ;
  • Oh, Insu (Soonchunhyang University Department of Information Security Engineering) ;
  • Lee, Sun-Young (Soonchunhyang University Department of Information Security Engineering) ;
  • Yim, Kangbin (Soonchunhyang University Department of Information Security Engineering)
  • Received : 2017.02.27
  • Accepted : 2017.05.04
  • Published : 2017.05.31

Abstract

By a spread of utilizing environment of the CNG library, it is required to analyze its vulnerability. For this reason, in this paper, we analyzed SSL communication process in CNG library. This study is expected to draw vulnerabilities and security threats and improve security criteria for various applications to fully take advantage of the CNG library.

Acknowledgement

Supported by : 한국연구재단, 순천향대학교

References

  1. Microsoft, Cryptography next generation, Retrieved Jan., 23, 2017, from http://technet.microsoftcom/en-us/library/cc730763(v=ws.10).aspx
  2. Microsoft, Microsoft Office 2010 and Microsoft SharePoint 2010 integration, Retrieved Jan., 23, 2017, from https://www.google.co.kr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=0ahUKEwjp_cbWpNjRAhXHgrwKHZdMBSkQFggeMAA&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2FF%2FA%2F9%2FFA934B21-600C-4BC2-95D2-DFC5DCE93BEA%2FBusiness%2520Productivity%2520at%2520Its%2520Best%2520-%2520Office%25202010%2520and%2520SharePoint%25202010%2520white%2520paper.docx&usg=AFQjCNHhAUvGhMADUKAb5JEwKCnXc5rO2Q&bvm=bv.144686652,d.dGc
  3. Microsoft, CNG DPAPI, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/ko-kr/library/windows/desktop/hh706794(v=vs.85).aspx
  4. H. J. Kwon and S. J. Kim, "RFID distance bounding protocol secure against mafia and terroist fraud," J. KICS, vol. 39, no. 11, pp. 660-674, Nov. 2014.
  5. B.-T. Kang and H. K. Kim, "A study on the vulnerability of OTP implementation by using MITM attack and reverse engineering," J. KIISC, vol. 21, no. 6, pp. 86-99, Dec. 2011.
  6. W. C. Hong, K. W. Lee, and S. J. Kim, "Vulnerabilities analysis of the OTP implemented on a PC," J. IPS, vol. 17-C, no. 4, pp. 361-370, Aug. 2010.
  7. W. H. Ahn and H. Kim, "Attacking OpenSSL shared library using code injection," J. KIISE, vol. 37, no. 4, pp. 226-238, Aug. 2010.
  8. J. Song and I. Hwang, "A study on neutralization malicious code using windows crypto API and an implementation of crypto API hooking tool," J. KIISC, vol. 21, no. 2, pp. 111-117, Apr. 2011.
  9. J. Lee, J. Nam, S. Kim, and D. Won, "Present and future of SSL/TLS, WTLS," R. KIISC, vol. 14, no. 4, pp. 27-36, Aug. 2004.
  10. K. Lee, Y. Lee, J. Park, I. You, and K. Yim, "Security issues on the CNG cryptography library(Cryptography API: Next Generation)," in Proc. IMIS, pp. 709-713, Jul. 2013.
  11. K. Lee, I. You, and K. Yim, "Vulnerability analysis on the CNG crypto library," in Proc. IMIS, pp. 221-224, Jul. 2015.
  12. Microsoft, SslEncryptPacket function, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/en-us/library/windows/desktop/ff468663(v=vs.85).aspx, 2013. 11.
  13. Microsoft, SslOpenProvider function, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/en-us/library/windows/desktop/ff468682(v=vs.85).aspx, 2013. 11.
  14. Microsoft, SslImportKey function, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/en-us/library/ff468676.ASPX, 2013. 11.
  15. Y.-H. Goo, S.-O. Choi, S.-K. Lee, S.-M. Kim, and M.-S. Kim, "Tracking the source of cascading cyber attack traffic using network traffic analysis," J. KICS, vol. 41, no. 12, pp. 1771-1779, Dec. 2016. https://doi.org/10.7840/kics.2016.41.12.1771