Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Server notarıes: a complementary approach to the web PKI TRUST model
Download
index.pdf
Date
2016
Author
Yüce, Emre
Metadata
Show full item record
Item Usage Stats
136
views
106
downloads
Cite This
SSL/TLS is the de facto protocol for providing secure communication over the Internet. It relies on the Web PKI model for authentication and secure key exchange. Despite its relatively successful past, the number of Web PKI incidents observed have increased recently. These incidents revealed the risks of forged certificates issued by certificateauthoritieswithouttheconsentofthedomainowners. Severalsolutionshave beenproposedtosolvethisproblem,butnosolutionhasyetreceivedwidespreadadaption due to complexity and deployability issues. In this work, we propose a practical mechanism that enables servers to get their certificate views across the Internet, making detection of a certificate substitution attack possible. The origin of the certificate substitution attack can also be located by this mechanism. We have conducted simulation experiments and evaluated our proposal using publicly available, real-world BGP data. We have obtained promising results on the AS-level Internet topology.
Subject Keywords
Computer networks
,
Public key infrastructure (Computer security).
URI
http://etd.lib.metu.edu.tr/upload/12619711/index.pdf
https://hdl.handle.net/11511/25418
Collections
Graduate School of Applied Mathematics, Thesis
Suggestions
OpenMETU
Core
Security of certificate-based protocols: focus on server authentication
Baran, Selim; Özbudak, Ferruh; Selçuk, Ali Aydın; Department of Cryptography (2015)
Today, secure communication channels are mostly set up via certificate-based protocols, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Although they have been used for years and in so many areas, from e-commerce and internet banking to secure channel needs in military, there have been several attacks on their security model, which forced researchers to make studies on them. In this thesis, we will explain their security model, the vulnerabilities discovered so far, the precautions fo...
Analysis of recent attacks on SSL/TLS protocols
Özden, Duygu; Cenk, Murat; Department of Cryptography (2016)
Transport Layer Security(TLS) and its predecessor Secure Socket Layer(SSL) are two important cryptographic, certificate based protocols that satisfy secure communication in a network channel. They are widely used in many areas such as online banking systems, online shopping, e-mailing, military systems or governmental systems. Being at the center of secure communication makes SSL and TLS become the target of attackers and an important field of study for researchers. So many vulnerabilities and attacks towar...
LYNXTUN
Okan, Galip Oral; Baykal, Nazife; Tezcan, Cihangir; Department of Cyber Security (2018)
Lynxtun is a VPN solution that allows the creation of a secure tunnel between two hosts over an insecure network. The Lynxtun Protocol transmits fully encrypted datagrams with a fixed size and at a fixed interval using UDP/IP. Our custom authenticated encryption scheme uses the AES-256 block cipher and modified version of GCM mode in order to decrypt and authenticate datagrams efficiently. It ensures traffic flow confidentiality by maintaining a constant bitrate that does not depend on underlying communicat...
Security and quality of service for wireless sensor networks
Tomur, Emrah; Bilgen, Semih; Department of Information Systems (2008)
Security and quality of service (QoS) issues in cluster-based wireless sensor networks are investigated. The QoS perspective is mostly at application level consisting of four attributes, which are spatial resolution, coverage, system lifetime and packet loss due to collisions. The addressed security aspects are message integrity and authentication. Under this scope, the interactions between security and service quality are analyzed with particular emphasis on the tradeoff between security and spatial resolu...
Frame-counter scheduler: A novel QoS scheduler for real-time traffic
Schmidt, Şenan Ece (Elsevier BV, 2006-08-04)
Real-time traffic communication has Quality of Service (QoS) requirements such as end-to-end bandwidth and delay guarantees.
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
E. Yüce, “Server notarıes: a complementary approach to the web PKI TRUST model,” Ph.D. - Doctoral Program, Middle East Technical University, 2016.