Yanjiao Chen,Jian Wang,Ruming Yin,Bo Liang

DOI: https://doi.org/10.1109/ICACTE.2010.5579435

2010-01-01

Abstract:In this paper, we have implemented a secure communication platform based on a new stream cipher called Gemstone which stems from coupled map lattices (CML), a nonlinear system of coupled chaotic maps. On the platform, we have realized duplex text, image and voice transmission. We have also analyzed the randomness of the keystream generated by the platform based on the statistical tests suggested by the National Institute of Standards and Technology (NIST). The test results are compared with other four stream ciphers'. Moreover, a series of experiments of duplex text, image and voice transmissions were made through university local network. Both the statistical test and the transmission experiments have shown that the platform is highly secure with fast encryption speed, which confirms that the Gemstone platform is promising for cryptographic applications.

金康双,王泽兵,冯雁,陈海燕

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.08.034

2004-01-01

Abstract:Session Initiation Protocol(SIP) is the Internet Engineering Task Force (IETF) standard for IP telephony,and it has a promising applied prospect.In this work,the security authentication mechanism used by SIP is described.Moreover an experimental performance analysis of the SIP security mechanisms is provided,which based on the open source Java implementation of a SIP proxy server.

SHAO Bing,LU Dong-ming

2000-01-01

Abstract:Data encryption is one of the key techniques for information security. In the beginning of this paper, the present encryption methods are analyzed. Next, we design one practical system which can transmits data in the Internet and has the capacity of digital signature and authentication. Finally, some technical issues encountered in the system implementation are discussed

邓锦红,陈德人,苏斐琦

DOI: https://doi.org/10.3785/j.issn.1008-973X.2003.02.005

2003-01-01

Abstract:Security is an important element in the design of e-business sites. However, performance is the price to be paid for it. To learn how the mechanisms and protocols used to support security may impact system performance, an analysis of the security mechanisms such as TLS and SET protocol is provided. After identifying the dominant factor, i.e. bottleneck, Some auxiliary methods can be used to improve the performance of it. Dynamic load balancing, proxy servers and caches can be used for security at the network level; a combination of firewall and the single Sign-on technology can also be used at this level. For security at the server level, the use of cryptographic accelerator cards, more and faster processors, and the use of faster cryptographic algorithms can substantially reduce the time spent in the most expensive cryptographic operations so that performance is increased. In addition, an improved model based on Distributed Calculating environment and DES Cipher algorithm can effectively reduce the impact of security mechanisms on system performance.

Si-hua AN,Ping YI,Xin-chun WANG,Chao-feng LI

DOI: https://doi.org/10.3969/j.issn.1002-0802.2014.07.018

2014-01-01

Abstract:OpenSSL is an open source code library of secure sockets layer. It is accomplished with C. It a-chieves the basic function of transport layer data encryption. OpenSSL is widely used in major online bank-ing, online payment, electricity supplier sites, portal website, email, and other fields. So OpenSSL's safety and reliability are very import. Since OpenSSL's vulnerabilities may lead to a large network disaster, it is necessary to study its vulnerability. The article introduces the newly discovered loophole named OpenSSL Heartbleed, analyzes the attack principle and introduces some methods to defense this attack. First it proposes the concept of OpenSSL, then analyzes the attack principle of Heartbleed, at last intro-duces some methods to prevention this attack.

Zhang Qiuwen,Wang Jingcheng,Long Xiao,Zhao Guanglei,Hu Ting,Zhang Zhenwei,He Jun,Yu Changjian

DOI: https://doi.org/10.3969/j.issn.1007-757X.2012.04.002

2012-01-01

Abstract:This paper briefly represent suitable cryptosystem for the Internet of Things,and carry on an introduction to Elliptic Curve Digital Signature Algorithm(ECDSA) and Elliptic Curve Diffie-Hellman(ECDH).After that,this paper expounds a network simula-tion framework named OMNeT++(Objective Modular Network Testbed in C++) and some function interfaces related to ECDSA and ECDH in OpenSSL.Finally,this article takes some experiments in OMNeT++ to test the time consuming of ECDSA and ECDH.The analysis result indicates that ECDSA and ECDH are completely suitable for main current mobile terminal in time consuming.

Tian Huan

DOI: https://doi.org/10.1007/978-3-642-31656-2_104

2013-01-01

Abstract:Since nineties of last century , the world have feaced the Internet storm.From then on,network application have began to go into every aspect of our lives gradually. But the traditional Internet Protocol ( TCP / IP ) does not provide information transmission security mechanism.From the technical level, how to solve the problems of network information thefting, tampering, hacking attack have become a pressing matter of the moment of our science and technology workers. This paper is precisely based on this perspective. Through this views,we analyse and discuss the computer network communication protocol deeply. From the theoretical level, the SSL protocol is applied to the TCP protocol. From doing so,the problem of information transmission security that cannont be solved by traditional TCP/IP protocol will be solved successfully. At the last, an example of online bank specific will be discussed, the reaserch of this paper will be uesd in this example.

Boyuan He,Vaibhav Rastogi,Yinzhi Cao,Yan Chen,V. N. Venkatakrishnan,Chunlin Xiong,Runqing Yang,Zhenrui Zhang

2016-01-01

Abstract:Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols have become the security backbone of the Web and Internet today. Many systems including mobile and desktop applications are protected by SSL/TLS protocols against network attacks. However, many vulnerabilities caused by incorrect use of SSL/TLS APIs have been uncovered in recent years. Such vulnerabilities, many of which are caused due to poor API design and inexperience of application developers, often lead to confidential data leakage or man-in-the-middle attacks. In this paper, to guarantee code quality and logic correctness of SSL/TLS applications, we design and implement SSLINT, a scalable, automated, static analysis system for detecting incorrect use of SSL/TLS APIs. SSLINT is capable of performing automatic logic verification with high efficiency and good accuracy. To demonstrate it, we apply SSLINT to one of the most popular Linux distributions – Ubuntu. We find 29 previously unknown SSL/TLS vulnerabilities in Ubuntu applications, most of which are also distributed with other Linux distributions.

Wu Liu,Ping Ren,Yong Zhang,Hai-xin Duan

DOI: https://doi.org/10.1109/CTC.2010.15

2010-01-01

Abstract:With more and more security threat events happened aiming at financial web services, there is an increasing amount of transactions performed over the Internet. As a de-facto standard the security protocol SSL (Secure Sockets Layer) or TLS (Transport Layer Security) is used to create a secure connection to web services. This paper analyze the weakness of the SSL and TLS protocols, based on which, we designed and implemented a root-kit for network based SSL and TLS traffic decrypt ion , which is called SSL-DP. With the experiment of SSL-DP we can see that SSL/TLS protocol is not secure enough to protect the important network information such as E-commerce etc.

Xin Mao,Yang Liu,Song Feng Lu,You Li

DOI: https://doi.org/10.4028/www.scientific.net/aef.6-7.932

2012-01-01

Advanced Engineering Forum

Abstract:Data privacy and integrity will be the crucial and significant factors in recent times for network applications. To deal with these security problems related to symmetric and asymmetric key types have been framed. In this paper, we suggest a new secure communications solution for a secure channel that combines the digital envelopes and digital signatures and implements with symmetric key algorithm of AES and the asymmetric key algorithm of ECC. The experiment result shows it’s a more perfect choice.

WEI QUN,LIU YUFANG,LIU BAOXIANG

2008-01-01

Abstract:The article mainly introduces how to use OpenSSL based on SSL to acommpolish numeric certificate and safe CA authentication and assure the security and reliance among applications in electronic business affairs .

Zuxing Gu,Jiecheng Wu,Chi Li,Min Zhou,Ming Gu

DOI: https://doi.org/10.18293/seke2019-006

2019-01-01

Abstract:Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols provide a reliable communication channel between applications over the Internet.Implementations of these protocols (e.g., OpenSSL and GnuTLS) publish wellformat documentation and examples online to guide the usage of SSL/TLS APIs.However, incorrect usages have caused many severe vulnerabilities (e.g., privilege escalation, denial of service, man-in-the-middle attack, etc.) in recent years.In this paper, we introduce SSLDoc to diagnose incorrect SSL API usages in real-world C programs automatically.The key insight behind SSLDoc is a constraint-directed static analysis technique powered by domain-specific usage patterns that we learn from real-world vulnerabilities and bug-fix-related patches.We have instantiated SSLDoc for OpenSSL APIs and applied it to large-scale opensource programs.SSLDoc found 45 previously unknown securitysensitive bugs in OpenSSL implementation and applications in Ubuntu.We created and submitted issues for all of them.Up to now, 35 have been confirmed by the corresponding development communities and 27 have been fixed in master branch.

Xuhong Li,Guan Wang,Wenwen Pan

DOI: https://doi.org/10.1504/ijaacs.2021.114289

2021-01-01

International Journal of Autonomous and Adaptive Communications Systems

Abstract:Aiming at the security problems of data monitoring, and forgery and tampering in the process of wireless communication network, this paper proposes a lightweight data encryption algorithm based on dynamic key, in which an authentication scheme combining with the characteristics of communication system is constructed. Firstly, the communication network structure is constructed based on encryption algorithm by using C/S security agent model. Furthermore, the data symmetric encryption and decryption are completed by using exclusive OR algorithm. In addition, adopting hash algorithm which can complete data integrity authentication, and reduce resource consumption in keys and message. The libmodbus open source libraries are employed to simulate the master/slave device communication, and simulation results show that the improved scheme ensures the synchronisation and accurate key updating, realises the self-organisation and management of the key. At the same time, the proposed algorithm has great advantages in resource consumption, compared with other algorithms.

Wang Jian,Liu Xu,Ji Xiaoyong

DOI: https://doi.org/10.1109/ICEE.2010.898

2010-01-01

Abstract:Information security is a necessary safeguard for mobile e-commerce and a secure communication system to obtain high quality secure communication in wireless environment is introduced, which is integrating three kinds of encryption algorithms including AES, RSA and CPRS chaos encryption. Secure communication framework based on three-layer encryption model is proposed: (1) AES layer of system code decrypt, system boot and the system self-destruct; (2) RSA layer of authentication, key negotiation and key management functions; (3) CPRS layer of communication data stream encryption and decryption. The implementation and optimization of the above-mentioned three kinds of algorithms are discussed. The experiments show the three kinds of encryption algorithms are safe and reliable to achieve a high degree of secure communication.

Shaohua Tang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.02.006

2001-01-01

Abstract:The communication security techniques of TCP/IP-based computer networks are introduced in this paper,which include the adoption of cryptographic techniques in the network layer,the transport layer and the application layer of TCP/IP network to ensure the data confidentiality,integrity and authenticity.Some typical security protocols,such as IPSEC,Secure TCP and SSL,are also analyzed in this paper.

Justice Adeenze-Kangah,Yuting Chen

DOI: https://doi.org/10.1088/1742-6596/1176/2/022045

2019-01-01

Journal of Physics Conference Series

Abstract:The importance of secure communication over the Internet cannot be overstated because of the implications it has for ensuring privacy and safety for users. Much research has been done in this field of study, leading to the creation of the Secure Socket Layer (SSL) protocol and its successor—the Transport Layer Security (TLS) protocol. These protocols serve as a guide for implementing secure connections across the web and as such many libraries have been written to provide Application Programming Interface (API) for their implementation. However, many security risks have arisen due to improper usage of these libraries mainly due to the wrong sequence of API calls. It is also worth noting that the sequence of API calls might differ in certain situations, therefore adding to the level of complexity and increasing the chances of wrongful usage. In this paper, we present a method to detect proper API usage by defining them as usage patterns and testing them against proper implementation models.

Hong-song CHEN,Yi-fang LU,Dong-yan ZHANG,Zhong-chuan FU

DOI: https://doi.org/10.3969/j.issn.1671-1122.2012.07.005

2012-01-01

Abstract:The purpose of Extended Validation SSL certificate is to solve the rapidly arisen online fraud problem.The number of EV SSL certificate in adoption grow rapidly.In current,most secure Web browser version of at the global level to occupy a leading position in the market,EV SSL adoption rate will rise further.The development background,security enhancement,Visualization and its application are introduced in the paper.A novel initial method in Kailar logic is proposed to analyze EV SSL certificate security.The electronic commerce credit risk evaluation is researched in the paper.A new method to evaluate the personal credit based on social network is proposed.

NING Xiao-jun,HUANG Liu-sheng,ZHOU Zhi

2005-01-01

Abstract:Cryptographic protocol is one of the important ways of constructing safe internet environment and protecting the safety of information systems.However,it is very difficult to analyze its limitation and unclose the intrusion.In this article,an automatic cryptographic protocol analysis was put forward,based on object submission and information model inspection by synthesizing the cryptographic protocol analysis based on logic and model matching,and further analysis on public-key protocol of Need-Schroeder(NS) was made.

Suresh Prasad Kannojia,Jitendra Kurmi

DOI: https://doi.org/10.37398/jsr.2022.660212

2022-01-01

Journal of Scientific Research

Abstract:. Security in Computer Network Communication is of great importance because unauthorized users attempt to steal, modify, misuse, interrupt, and try to un-stabilize, smartly our network systems. Therefore up to some extent, the secure communication provided by Transport Layer Protocol, implementation of the TLS function, and distinct libraries were designed by researchers, of which each library has the broad support of the encryption algorithms. But security can be compromised and seen in an offensive maneuver of the digital world as the main challenge in communication. In this paper, performance analysis of the most authentic six libraries: OpenSSL, AWS s2n, GnuTLS, NSS, BoringSSL, and Cryptlib performed to find appropriate TLS libraries for uncompromised communication based on throughput, CPU usage in the different virtual operating environments.

Huiwei Yang

DOI: https://doi.org/10.1155/2022/7794209

IF: 1.968

2022-05-31

Security and Communication Networks

Abstract:In order to effectively solve the increasingly prominent network security problems, cryptographic algorithm is the key factor affecting the effectiveness of IPSec VPN encryption. Therefore, this paper mainly studies cryptographic algorithms and puts forward the following solutions: briefly analyze the concept and function of IPSec VPN, as well as the basic theoretical knowledge of IPSec Security Protocol and cryptography, and analyze the traditional cryptography, modern cryptography, symmetric cryptographic algorithms and asymmetric algorithms, and their security. At the same time, the executable and security performances of AES and DES algorithms are compared and analyzed. This paper studies the elliptic curve encryption algorithm ECC, expounds the mathematical basis of realizing the algorithm, and compares and analyzes the security performance and execution efficiency of ECC. Based on the above two algorithms, a hybrid encryption algorithm is proposed, and the realization mechanism of the hybrid encryption algorithm is studied and discussed. The hybrid encryption algorithm combines the advantages of ECC and AES. The algorithm selects 128-bit AES and 256-bit ECC. In order to better cover up plaintext C, AES is used to encrypt information. While enhancing security, speed is also considered. The improved encryption, decryption, and signature authentication algorithms are relatively safe and fast schemes. ECC algorithm is improved, and on this basis, ECC algorithm and AES algorithm are combined. Moreover, HMAC message authentication algorithm is added, and the performance of the improved algorithm is significantly improved.

computer science, information systems,telecommunications