中文摘要：

分析安全套接层/安全传输层（SSL/TLS）协议在客户端的具体实现,利用浏览器处理SSL/TLS协议会话主密钥和协议握手过程中传递安全参数存在的漏洞与缺陷,结合Netfilter机制进行会话劫持,提出一种针对SSL/TLS协议的安全威胁方案（SKAS）并对其进行安全研究,给出随机数单向加密、双向加密及保护会话主密钥安全的3种防御方法。经过实验验证了SKAS威胁的有效性,其攻击成功率达到90%以上且攻击范围广、威胁程度高,提出的3种防御方法均能抵御SKAS威胁,保证了客户端和服务器间SSL/TLS协议的数据通信安全。

英文摘要：

Through analyzing the specific implementation of the Security Socket Layer/Transport Layer Security（ SSL/ TLS） protocol in the client, this paper takes advantage of the vulnerabilities and flaws of SSL/TLS protocol session master key which is handled by browser and the secure parameters which are delivered in the process of protocol handshake. Combined with the Netfilter mechanism to hijack the session, it proposes a new security threat scheme for SSL/TLS protocol（SKAS）. What＇ s more, it gives three defense methods of random number one-way encryption, bidirectional encryption and protection session master key security based on the security research of SKAS scheme. After the actual experiments,it is verified the feasibility of SKAS threat scheme. The success rate of attacks can reach more than 90% and this scheme also can achieve a wide attack and a deep threat. The three kinds of defense method can resist the SKAS threat and guarantee communication data security of SSL/TLS protocol between the client and server.