Abstract
TLS protocol provides a secure communication environment by guaranteeing the confidentiality and the integrity of transmitted data between two parties. However, there have been lots of vulnerabilities in TLS protocol and attacks exploiting them in aspects of protocol, implementation, and cryptographic tools. In spite of the lessons learned from the past experiences, various attacks on the network systems are being reported continuously due to the lack of care with regard to the proper TLS deployment and management. In this paper, we investigate TLS vulnerabilities in Korea’s top 100 websites selected from Alexa global top 500 sites and 291 Korea’s public enterprise websites. We compare the analysis results with those of Alexa global top 100 websites. Then, we discuss the lessons learned from this study. In order to analyze TLS vulnerabilities efficiently, we developed a TLS vulnerability scanner, called Network Vulnerabilities Scanner (NVS). We also analyze e-mail security of Korea’s top 3 e-mail service providers, which are supposed to be secured by TLS. Interestingly, we found that the e-mail service of them is not so secured by TLS as opposed to the analysis of Google’s transparency report.
Original language | English |
---|---|
Title of host publication | Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers |
Editors | Dooho Choi, Sylvain Guilley |
Publisher | Springer Verlag |
Pages | 112-123 |
Number of pages | 12 |
ISBN (Print) | 9783319565484 |
DOIs | |
Publication status | Published - 2017 |
Event | 17th International Workshop on Information Security Applications, WISA 2016 - Jeju Island, Korea, Republic of Duration: 2016 Aug 25 → 2016 Aug 25 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 10144 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Other
Other | 17th International Workshop on Information Security Applications, WISA 2016 |
---|---|
Country/Territory | Korea, Republic of |
City | Jeju Island |
Period | 16/8/25 → 16/8/25 |
Bibliographical note
Publisher Copyright:© Springer International Publishing AG 2017.
Keywords
- E-mail privacy
- TLS vulnerability
- Transport Layer Security
- Web security
ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science