한국통신학회논문지 (The Journal of Korean Institute of Communications and Information Sciences)

  • 제42권5호
  • /
  • Pages.1027-1037
  • /
  • 2017
  • /
  • 1226-4717(pISSN)
  • /
  • 2287-3880(eISSN)
한국통신학회 (The Korean Institute of Commucations and Information Sciences)
권호 표지
DOI QR코드

DOI QR Code

CNG 암호 라이브러리에서의 SSL 통신과정 분석

Analysis of SSL Communication Process in CNG Crypto Library

  • Lee, Kyungroul (Soonchunhyang University R&BD Center for Security and Safety Industries (SSI)) ;
  • Oh, Insu (Soonchunhyang University Department of Information Security Engineering) ;
  • Lee, Sun-Young (Soonchunhyang University Department of Information Security Engineering) ;
  • Yim, Kangbin (Soonchunhyang University Department of Information Security Engineering)
  • 투고 : 2017.02.27
  • 심사 : 2017.05.04
  • 발행 : 2017.05.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

CNG가 활용되는 환경이 증가함에 따라, CNG 암호 라이브러리에서의 보안 취약점 분석에 대한 연구가 요구되는 실정이다. 이에 본 논문에서는 CNG 암호 라이브러리에서의 SSL 통신과정을 분석함으로써 SSL 통신을 활용하는 응용에서 발생 가능한 보안 취약점을 도출하기 위한 자료 및 보안성을 향상시키는데 기여할 것으로 사료된다.

By a spread of utilizing environment of the CNG library, it is required to analyze its vulnerability. For this reason, in this paper, we analyzed SSL communication process in CNG library. This study is expected to draw vulnerabilities and security threats and improve security criteria for various applications to fully take advantage of the CNG library.

키워드

참고문헌

  1. Microsoft, Cryptography next generation, Retrieved Jan., 23, 2017, from http://technet.microsoftcom/en-us/library/cc730763(v=ws.10).aspx
  2. Microsoft, Microsoft Office 2010 and Microsoft SharePoint 2010 integration, Retrieved Jan., 23, 2017, from https://www.google.co.kr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=0ahUKEwjp_cbWpNjRAhXHgrwKHZdMBSkQFggeMAA&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2FF%2FA%2F9%2FFA934B21-600C-4BC2-95D2-DFC5DCE93BEA%2FBusiness%2520Productivity%2520at%2520Its%2520Best%2520-%2520Office%25202010%2520and%2520SharePoint%25202010%2520white%2520paper.docx&usg=AFQjCNHhAUvGhMADUKAb5JEwKCnXc5rO2Q&bvm=bv.144686652,d.dGc
  3. Microsoft, CNG DPAPI, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/ko-kr/library/windows/desktop/hh706794(v=vs.85).aspx
  4. H. J. Kwon and S. J. Kim, "RFID distance bounding protocol secure against mafia and terroist fraud," J. KICS, vol. 39, no. 11, pp. 660-674, Nov. 2014.
  5. B.-T. Kang and H. K. Kim, "A study on the vulnerability of OTP implementation by using MITM attack and reverse engineering," J. KIISC, vol. 21, no. 6, pp. 86-99, Dec. 2011.
  6. W. C. Hong, K. W. Lee, and S. J. Kim, "Vulnerabilities analysis of the OTP implemented on a PC," J. IPS, vol. 17-C, no. 4, pp. 361-370, Aug. 2010.
  7. W. H. Ahn and H. Kim, "Attacking OpenSSL shared library using code injection," J. KIISE, vol. 37, no. 4, pp. 226-238, Aug. 2010.
  8. J. Song and I. Hwang, "A study on neutralization malicious code using windows crypto API and an implementation of crypto API hooking tool," J. KIISC, vol. 21, no. 2, pp. 111-117, Apr. 2011.
  9. J. Lee, J. Nam, S. Kim, and D. Won, "Present and future of SSL/TLS, WTLS," R. KIISC, vol. 14, no. 4, pp. 27-36, Aug. 2004.
  10. K. Lee, Y. Lee, J. Park, I. You, and K. Yim, "Security issues on the CNG cryptography library(Cryptography API: Next Generation)," in Proc. IMIS, pp. 709-713, Jul. 2013.
  11. K. Lee, I. You, and K. Yim, "Vulnerability analysis on the CNG crypto library," in Proc. IMIS, pp. 221-224, Jul. 2015.
  12. Microsoft, SslEncryptPacket function, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/en-us/library/windows/desktop/ff468663(v=vs.85).aspx, 2013. 11.
  13. Microsoft, SslOpenProvider function, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/en-us/library/windows/desktop/ff468682(v=vs.85).aspx, 2013. 11.
  14. Microsoft, SslImportKey function, Retrieved Jan., 23, 2017, from http://msdn.microsoft.com/en-us/library/ff468676.ASPX, 2013. 11.
  15. Y.-H. Goo, S.-O. Choi, S.-K. Lee, S.-M. Kim, and M.-S. Kim, "Tracking the source of cascading cyber attack traffic using network traffic analysis," J. KICS, vol. 41, no. 12, pp. 1771-1779, Dec. 2016. https://doi.org/10.7840/kics.2016.41.12.1771