DOI QR코드

DOI QR Code

CNG 암호 라이브러리에서의 SSL 통신과정 분석

Analysis of SSL Communication Process in CNG Crypto Library

  • Lee, Kyungroul (Soonchunhyang University R&BD Center for Security and Safety Industries (SSI)) ;
  • Oh, Insu (Soonchunhyang University Department of Information Security Engineering) ;
  • Lee, Sun-Young (Soonchunhyang University Department of Information Security Engineering) ;
  • Yim, Kangbin (Soonchunhyang University Department of Information Security Engineering)
  • 투고 : 2017.02.27
  • 심사 : 2017.05.04
  • 발행 : 2017.05.31

초록

CNG가 활용되는 환경이 증가함에 따라, CNG 암호 라이브러리에서의 보안 취약점 분석에 대한 연구가 요구되는 실정이다. 이에 본 논문에서는 CNG 암호 라이브러리에서의 SSL 통신과정을 분석함으로써 SSL 통신을 활용하는 응용에서 발생 가능한 보안 취약점을 도출하기 위한 자료 및 보안성을 향상시키는데 기여할 것으로 사료된다.

과제정보

연구 과제 주관 기관 : 한국연구재단, 순천향대학교

참고문헌

  1. Microsoft, Cryptography next generation, Retrieved Jan., 23, 2017, from http://technet.microsoftcom/en-us/library/cc730763(v=ws.10).aspx
  2. Microsoft, Microsoft Office 2010 and Microsoft SharePoint 2010 integration, Retrieved Jan., 23, 2017, from https://www.google.co.kr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=0ahUKEwjp_cbWpNjRAhXHgrwKHZdMBSkQFggeMAA&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2FF%2FA%2F9%2FFA934B21-600C-4BC2-95D2-DFC5DCE93BEA%2FBusiness%2520Productivity%2520at%2520Its%2520Best%2520-%2520Office%25202010%2520and%2520SharePoint%25202010%2520white%2520paper.docx&usg=AFQjCNHhAUvGhMADUKAb5JEwKCnXc5rO2Q&bvm=bv.144686652,d.dGc
  3. Microsoft, CNG DPAPI, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/ko-kr/library/windows/desktop/hh706794(v=vs.85).aspx
  4. H. J. Kwon and S. J. Kim, "RFID distance bounding protocol secure against mafia and terroist fraud," J. KICS, vol. 39, no. 11, pp. 660-674, Nov. 2014.
  5. B.-T. Kang and H. K. Kim, "A study on the vulnerability of OTP implementation by using MITM attack and reverse engineering," J. KIISC, vol. 21, no. 6, pp. 86-99, Dec. 2011.
  6. W. C. Hong, K. W. Lee, and S. J. Kim, "Vulnerabilities analysis of the OTP implemented on a PC," J. IPS, vol. 17-C, no. 4, pp. 361-370, Aug. 2010.
  7. W. H. Ahn and H. Kim, "Attacking OpenSSL shared library using code injection," J. KIISE, vol. 37, no. 4, pp. 226-238, Aug. 2010.
  8. J. Song and I. Hwang, "A study on neutralization malicious code using windows crypto API and an implementation of crypto API hooking tool," J. KIISC, vol. 21, no. 2, pp. 111-117, Apr. 2011.
  9. J. Lee, J. Nam, S. Kim, and D. Won, "Present and future of SSL/TLS, WTLS," R. KIISC, vol. 14, no. 4, pp. 27-36, Aug. 2004.
  10. K. Lee, Y. Lee, J. Park, I. You, and K. Yim, "Security issues on the CNG cryptography library(Cryptography API: Next Generation)," in Proc. IMIS, pp. 709-713, Jul. 2013.
  11. K. Lee, I. You, and K. Yim, "Vulnerability analysis on the CNG crypto library," in Proc. IMIS, pp. 221-224, Jul. 2015.
  12. Microsoft, SslEncryptPacket function, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/en-us/library/windows/desktop/ff468663(v=vs.85).aspx, 2013. 11.
  13. Microsoft, SslOpenProvider function, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/en-us/library/windows/desktop/ff468682(v=vs.85).aspx, 2013. 11.
  14. Microsoft, SslImportKey function, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/en-us/library/ff468676.ASPX, 2013. 11.
  15. Y.-H. Goo, S.-O. Choi, S.-K. Lee, S.-M. Kim, and M.-S. Kim, "Tracking the source of cascading cyber attack traffic using network traffic analysis," J. KICS, vol. 41, no. 12, pp. 1771-1779, Dec. 2016. https://doi.org/10.7840/kics.2016.41.12.1771