• Title/Summary/Keyword: OpenSSL

Search Result 32, Processing Time 0.028 seconds

Custom Cryptographic Protocol Implementation Method Based on OpenSSL (OpenSSL 기반 사용자 지정 암호 프로토콜 구현 방안)

  • Lam, JunHuy;Lee, Sang-Gon;Lee, Hoon-Jae;Andrianto, Vincentius Christian
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.3
    • /
    • pp.459-466
    • /
    • 2017
  • One of the most widely-used open source project; OpenSSL is a cryptography library that is used to secure most web sites, servers and clients. One can secure the communication with the Secure Socket Layer (SSL) or its successor, Transport Layer Security (TLS) protocols by using the OpenSSL library. Since cryptography protocols will be updated and enhanced in order to keep the system protected, the library was written in such a way that simplifies the integration of new cryptographic methods, especially for the symmetric cryptography protocols. However, it gets a lot more complicated in adding an asymmetric cryptography protocol and no guide can be found for the integration of the asymmetric cryptography protocol. In this paper, we explained the architecture of the OpenSSL library and provide a simple tutorial to modify the OpenSSL library in order to accommodate custom protocols of both symmetric and asymmetric cryptography.

Design and Implementation of a Secure Communication API Using OpenSSL (OpenSSL을 이용한 보안 통신 API의 설계 및 구현)

  • Jung In-sung;Shin Yong-tae
    • Journal of Internet Computing and Services
    • /
    • v.4 no.5
    • /
    • pp.87-96
    • /
    • 2003
  • The additional mechanism is required to set up a secure connection among the communication subjects in the internet environment. Each entity should transfer and receive the encrypted and hashed data to guarantee the data integrity. Also, the mutual authentication procedure should be processed using a secure communication protocol. Although the OpenSSL which implements the TLS is using by many developers and its stability and performance are proved, it has a difficulty in using because of its large size. So, this paper designs and implements the secure communication which the users can use easily by modification works of OpenSSL library API. We proved the real application results using the client/server case which supports a secure communication using the implemented API.

  • PDF

Design and Implementation of Lightweight Encryption Algorithm on OpenSSL (OpenSSL 상에서 LEA 설계 및 구현)

  • Park, Gi-Tae;Han, Hyo-Joon;Lee, Jae-Hwoon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.39B no.12
    • /
    • pp.822-830
    • /
    • 2014
  • Recently, A Security service in Internet environments has been more important and the use of SSL & TLS is increasing for the personel homepage as well as administrative institutions. Also, IETF suggests using DTLS, which can provide a security service to constrained devices with lower CPU power and limited memory space under IoT environments. In this paper, we implement LEA(Lightweight Encryption Algorithm) algorithm and apply it to OpenSSL. The implemented algorithm is compared with other symmetric encryption algorithms such as AES etc, and it shows the superior performance in calculation speed.

An implementation of the timing attack on OpenSSL-based RSAserver (OpenSSL 기반 RSA서버에 대한 Timing Attack 구현)

  • 홍정대;박근수
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2004.10a
    • /
    • pp.730-732
    • /
    • 2004
  • 1996년 P. Kocher에 의해 시차공격(Timing attack)이 제안된 후 일반적인 RSA구현 시 시간차를 줄이기 위해 중국인의 나머지 정리와 Montgomery 알고리즘과 같은 다양한 방법들이 적용되어왔다. 2003년 D. Brumley와 D. Boneh가 OpenSSL(2)에서 구현된 RSA 알고리즘을 분석하여 시차공격(3)이 가능함을 보였다. 본 논문은 이들의 방법을 OpenSSL을 기반으로 하는 서버를 대상으로 구현한 실험 결과를 보인다.

  • PDF

Attacking OpenSSL Shared Library Using Code Injection (코드 주입을 통한 OpenSSL 공유 라이브러리의 보안 취약점 공격)

  • Ahn, Woo-Hyun;Kim, Hyung-Su
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.37 no.4
    • /
    • pp.226-238
    • /
    • 2010
  • OpenSSL is an open-source library implementing SSL that is a secure communication protocol. However, the library has a severe vulnerability that its security information can be easily exposed to malicious software when the library is used in a form of shared library on Linux and UNIX operating systems. We propose a scheme to attack the vulnerability of the OpenSSL library. The scheme injects codes into a running client program to execute the following attacks on the vulnerability in a SSL handshake. First, when a client sends a server a list of cryptographic algorithms that the client is willing to support, our scheme replaces all algorithms in the list with a specific algorithm. Such a replacement causes the server to select the specific algorithm. Second, the scheme steals a key for data encryption and decryption when the key is generated. Then the key is sent to an outside attacker. After that, the outside attacker decrypts encrypted data that has been transmitted between the client and the server, using the specified algorithm and the key. To show that our scheme is realizable, we perform an experiment of collecting encrypted login data that an ftp client using the OpenSSL shared library sends its server and then decrypting the login data.

Design and Implementation of a Cryptograhic API considering a DRM Environment (DRM 환경을 고려한 보안 통신 API의 설계 및 구현)

  • Jung, In-Sung;Shin, Yong-Tae
    • The KIPS Transactions:PartC
    • /
    • v.11C no.2
    • /
    • pp.163-170
    • /
    • 2004
  • The additional mechanism Is required to set up a secure connection among the communication subjects in the internet environment. Each entity should transfer and receive the encrypted and hashed data to guarantee the data integrity. Also, the mutual authentication procedure should be processed using a secure communication protocol. The SSL/TLS is a protocol which creates the secure communication channel among the communication subjects and sends/receives a data. Although the OpenSSL which implements the TLS is using by many developers and its stability and performance are proved, it has a difficulty in using because of its large size. So, this Paper designs and implements the secure communication which the users can use easily by modification works of OpenSSL library API. We proved the real application results using the DRM client/server case which supports a secure communication using the implemented API.

Study on Selftest Requirements in Cryptographic Module Validation Program with FIPS-OpenSSL Source Code Analysis (FIPS-OpenSSL 코드 분석을 통한 암호모듈 자가시험 보안요구사항 분석)

  • Seo, Seog Chung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.5
    • /
    • pp.985-996
    • /
    • 2019
  • This paper analyzes the source code of FIPS-OpenSSL cryptographic module approved as FIPS cryptographic module in USA and shows how the selftest requirements are implemented as software cryptographic library with respect to pre-operational test and conditional tests. Even though FIPS-OpenSSL follows FIPS 140-2 standard, lots of security requirements are similar between FIPS 140-2 and Korean cryptographic module validation standards. Therefore, analysis from this paper contributes to help Korean cryptographic module vendors develop correct and secure selftest functions on their own cryptographic modules, which results in reducing the test period.

Design of IDS Unified System for Integrity Managements (무결성 관리를 위한 IDS 통합 시스템 설계)

  • 김남진;강진수;김창수
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2003.10a
    • /
    • pp.203-206
    • /
    • 2003
  • 네트워크 상에서 송수신되는 데이터를 외부의 침입으로부터 보호하는 것은 매우 중요하며, 그 중 데이터의 무결성을 검증하고 보장하기 위한 방법으로 SSL(Secure Socket Layer)을 사용한다. 본 논문에서는 클라이언트와 서버간에 송수신되는 데이터의 무결성이 위배되었을 경우 그 정보를 검증 및 관리할 수 있도록 OpenSSL을 이용한 무결성 위배 데이터 검증 및 관리 시스템을 구성하고, 검증된 데이터를 IDS(Intrusion Detection System)로 전송하여 침입 탐지 정보와 무결성 검증 정보를 통합적으로 관리할 수 있는 IDS 통합 시스템을 제안 및 설계하였다.

  • PDF

Design of CCTV Security System Based on SSL/VPN (SSL/VPN 기반 CCTV 보안시스템 설계)

  • Lee, Nam-Ki;Kim, Man-Sik;Jeon, Byong-Chan;Jeon, Jin-Oh;Ryu, Su-Bong;Kang, Min-Sup;Lim, Kwon-Mook
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2009.11a
    • /
    • pp.617-618
    • /
    • 2009
  • 본 논문에서는 SSL/VPN 터널링 기법을 이용하여 CCTV에서 영상정보를 보호하기 위한 SSL 통신 메카니즘을 제안하고, 제안한 방법을 기본으로한 보안 시스템의 설계 및 구축에 관하여 기술한다. 제안한 보안 시스템(VPN client와 Server) 은 Linux System O/S 인 Fedora 8 버전에서 개발하였으며 사용한 라이브러리는 OpenSSL과 PPTP와 PPP를 사용하였다.

Implementation of Management System for SSL Integrity Data with Intrusion Detection System (침입탐지시스템과 연계된 SSL 무결성 정보 관리 시스템 구현)

  • 김남진;강진수;김창수;김진천
    • Proceedings of the Korea Multimedia Society Conference
    • /
    • 2003.11a
    • /
    • pp.154-157
    • /
    • 2003
  • 네트워크 상에서 송수신되는 데이터를 외부의 침입으로부터 보호하는 것은 매우 중요하며, 그 중 데이터의 무결성을 검증하고 보장하기 위한 방법으로 SSL(Secure Socket Layer)을 사용한다. 본 논문에서는 웹 환경에서 클라이언트와 서버간에 송수신되는 데이터의 무결성이 위배되었을 경우, 그 정보를 검증 및 관리할 수 있는 무결성 위배 데이터 검증 및 관리 시스템을 OpenSSL을 이용하여 구성하고, 꾑 서버를 통해 기록된 무결성 위배 로그 데이터는 IDS(Intrusion Detection System)로 전송하여 침입 탐지 정보와 항께 데이터의 무결성 검증 정보를 통합적으로 관리할 수 있도록 IDS와 연계된 무결성 정보 통합관리 시스템을 제안 및 설계하고자 한다.

  • PDF