Netinfo Security ›› 2020, Vol. 20 ›› Issue (3): 65-74.doi: 10.3969/j.issn.1671-1122.2020.03.009

Previous Articles     Next Articles

A Browser Security Model for Preventing TLS Protocol Downgrade Attacks

ZHANG Xinglong1,2, LI Yuting1,2, CHENG Qingfeng1,2(), GUO Lulu1,2   

  1. 1. PLA Strategic Support, Force Information Engineering University, Zhengzhou 450002, China
    2. State Key Laboratory of Mathematics Engineering and Advanced Computing, Zhengzhou 450002, China
  • Received:2019-05-15 Online:2020-03-10 Published:2020-05-11

Abstract:

During a TLS handshake, an attacker who uses one or two parties to support an old version or a weak cipher suite for a series of attacks is called a downgrade attack. In recent years, TLS-related downgrade attacks have been extensively studied. In-depth study of these attacks reveals that they are not identical. The existing literature lacks a taxonomy to classify and compare them, which helps to study downgrade attacks from a global perspective. Based on this, the article proposes a classification method for downgrade attacks, focusing on fifteen kinds of downgraded attacks against the TLS protocol that have been publicly released. In addition, the article proposes a lightweight mechanism for fine-grained TLS security configuration in Web browsers. This mechanism allows the browser to enforce optimal TLS security configuration for connections entering sensitive domains while maintaining the default configuration of the remaining connections. This article mechanism can detect and prevent downgrade attacks and server misconfiguration.

Key words: TLS, downgrade attack, Web browser, fine-grained TLS security configuration

CLC Number: