Research on Security of the Extended SSL/TLS Protocol Based on Trusted Platform Module

It is universally acknowledged that SSL/TLS has been a priority of secure communication protocol on the Internet in virtue of its broad combining ability, easy achievement and high data security, and a myriad of researches have been made on it so far. Our discussion in this paper is about basic principles and security issues of the current SSL/TLS protocol. The focus is on security vulnerabilities of the extended SSL/TLS protocol based on the Trusted Platform Module (TPM). In order to test and verify the security of the extended SSL/TLS protocol, experiments are made on two attacking methods that are surf jacking attack and SSL/TLS Renegotiating Attack; the result reveals that they can successfully damage the security of SSL/TLS protocol. Finally, according to the application environment of SSL/TLS protocol and by taking full account of the application layer protocol, browser features, the combination processes among protocols and other comprehensive factors, some specific solutions are presented by us to solve the security issues.