论文信息 - Setting up a secure Web server and clients on an intranet

Setting up a secure Web server and clients on an intranet

The paper discusses the practical issues that arise when securing the access to the World Wide Web (WWW). A brief overview of the different protocols that are proposed to secure the WWW is given and the current status of the U.S. export regulations is reviewed. An attack on SSL 2.0 is detailed which exploits some of the weaknesses in this protocol. The setup of a secure server with access control is explained. At the client side, existing solutions to provide export browsers with strong cryptography are evaluated, and the authors also introduce some improvements. Finally, the performance of the secure system is evaluated and compared to that of the regular HTTP connection.

Joos Vandewalle | Bart Preneel | Joris Claessens | Mark Vandenwauver

[1] Eric Rescorla,et al. The Secure HyperText Transfer Protocol , 1999, RFC.

[2] Dan S. Wallach,et al. Web Spoofing: An Internet Con Game , 1997 .

[3] Christopher Allen,et al. The TLS Protocol Version 1.0 , 1999, RFC.

[4] Hugo Krawczyk,et al. Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[5] Bruce Schneier,et al. Analysis of the SSL 3.0 protocol , 1996 .

[6] Roy T. Fielding,et al. Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[7] Joos Vandewalle,et al. How role based access control is implemented in SESAME , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[8] Ian Goldberg,et al. Randomness and the Netscape browser , 1996 .

[9] Scott Oaks,et al. Java Security , 1998 .

[10] Bruce Schneier,et al. Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .

[11] Roy T. Fielding,et al. Hypertext Transfer Protocol - HTTP/1.0 , 1996, RFC.