Security of certificate-based protocols: focus on server authentication

Download
2015
Baran, Selim
Today, secure communication channels are mostly set up via certificate-based protocols, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Although they have been used for years and in so many areas, from e-commerce and internet banking to secure channel needs in military, there have been several attacks on their security model, which forced researchers to make studies on them. In this thesis, we will explain their security model, the vulnerabilities discovered so far, the precautions for these vulnerabilities and at the end, we will focus on SSL authentication piece and the popular solutions for improving SSL server authentication, such as Certificate Pinning, Convergence and Certificate Transparency which are all in the active research area to define the future of SSL and TLS protocols.

Suggestions

Analysis of recent attacks on SSL/TLS protocols
Özden, Duygu; Cenk, Murat; Department of Cryptography (2016)
Transport Layer Security(TLS) and its predecessor Secure Socket Layer(SSL) are two important cryptographic, certificate based protocols that satisfy secure communication in a network channel. They are widely used in many areas such as online banking systems, online shopping, e-mailing, military systems or governmental systems. Being at the center of secure communication makes SSL and TLS become the target of attackers and an important field of study for researchers. So many vulnerabilities and attacks towar...
Privacy preserving database external layer construction algorithm via secure decomposition for attribute-based security policies
Turan, Uğur; Toroslu, İsmail Hakkı; Kantarcıoğlu, Murat; Department of Computer Engineering (2018)
Relational DBMS’scontinue to dominate th emarket an dinference problem on external schema has preserved its importance in terms of data privacy. Especially for the last 10 years, external schema construction for application-specific database usage has increased its independency from the conceptual schema, as the definitions and implementations of views and procedures have been optimized. After defining all mathematical background, this work offers an optimized decomposition strategy for the external schema, wh...
Three layer mathematical modelling of an elastic artery without and with aneurysm to predict the behavior
Jodati, Hossein; Aşık, Mehmet Zülfü; Geyik, Serdar; Department of Biomedical Engineering (2015)
Today, secure communication channels are mostly set up via certificate-based protocols, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Although they have been used for years and in so many areas, from e-commerce and internet banking to secure channel needs in military, there have been several attacks on their security model, which forced researchers to make studies on them. In this thesis, we will explain their security model, the vulnerabilities discovered so far, the precautions fo...
Virtual penetration testing with phase based vulnerability analysis
Çalışkan, Emre; Baykal, Nazife; Department of Information Systems (2015)
Vulnerability scanning, penetration testing, and manual auditing are ways of finding vulnerabilities in organizations. However, they have some limitations like time, accuracy, testers’ ability, etc. Virtual penetration testing aims to alleviate these limitations. By virtual penetration testing, it is intended to assess security controls corresponding to the vulnerabilities found by vulnerability scanning, and correlating assessment result with vulnerabilities. Consequently, correlation will enable to find e...
Software implementations of QoS scheduling algorithms for high speed networks /
Pehlivanlı, Aydın; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2015)
The end to end Quality of Service (QoS) support for the dominating multimedia traffic in the contemporary computer networks is achieved by implementing schedulers in the routers and deploying traffic shapers. To this end, realistic modeling and simulation of these components is essential for network performance evaluation. The first contribution of this thesis is the design and implementation of a C++ simulator QueST (Quality of Service simulaTor) for this task. QueST is a modular cycle accurate simulator w...
Citation Formats
S. Baran, “Security of certificate-based protocols: focus on server authentication,” M.S. - Master of Science, Middle East Technical University, 2015.