Server notarıes: a complementary approach to the web PKI TRUST model

Download
2016
Yüce, Emre
SSL/TLS is the de facto protocol for providing secure communication over the Internet. It relies on the Web PKI model for authentication and secure key exchange. Despite its relatively successful past, the number of Web PKI incidents observed have increased recently. These incidents revealed the risks of forged certificates issued by certificateauthoritieswithouttheconsentofthedomainowners. Severalsolutionshave beenproposedtosolvethisproblem,butnosolutionhasyetreceivedwidespreadadaption due to complexity and deployability issues. In this work, we propose a practical mechanism that enables servers to get their certificate views across the Internet, making detection of a certificate substitution attack possible. The origin of the certificate substitution attack can also be located by this mechanism. We have conducted simulation experiments and evaluated our proposal using publicly available, real-world BGP data. We have obtained promising results on the AS-level Internet topology.

Suggestions

Security of certificate-based protocols: focus on server authentication
Baran, Selim; Özbudak, Ferruh; Selçuk, Ali Aydın; Department of Cryptography (2015)
Today, secure communication channels are mostly set up via certificate-based protocols, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Although they have been used for years and in so many areas, from e-commerce and internet banking to secure channel needs in military, there have been several attacks on their security model, which forced researchers to make studies on them. In this thesis, we will explain their security model, the vulnerabilities discovered so far, the precautions fo...
Analysis of recent attacks on SSL/TLS protocols
Özden, Duygu; Cenk, Murat; Department of Cryptography (2016)
Transport Layer Security(TLS) and its predecessor Secure Socket Layer(SSL) are two important cryptographic, certificate based protocols that satisfy secure communication in a network channel. They are widely used in many areas such as online banking systems, online shopping, e-mailing, military systems or governmental systems. Being at the center of secure communication makes SSL and TLS become the target of attackers and an important field of study for researchers. So many vulnerabilities and attacks towar...
LYNXTUN
Okan, Galip Oral; Baykal, Nazife; Tezcan, Cihangir; Department of Cyber Security (2018)
Lynxtun is a VPN solution that allows the creation of a secure tunnel between two hosts over an insecure network. The Lynxtun Protocol transmits fully encrypted datagrams with a fixed size and at a fixed interval using UDP/IP. Our custom authenticated encryption scheme uses the AES-256 block cipher and modified version of GCM mode in order to decrypt and authenticate datagrams efficiently. It ensures traffic flow confidentiality by maintaining a constant bitrate that does not depend on underlying communicat...
Security and quality of service for wireless sensor networks
Tomur, Emrah; Bilgen, Semih; Department of Information Systems (2008)
Security and quality of service (QoS) issues in cluster-based wireless sensor networks are investigated. The QoS perspective is mostly at application level consisting of four attributes, which are spatial resolution, coverage, system lifetime and packet loss due to collisions. The addressed security aspects are message integrity and authentication. Under this scope, the interactions between security and service quality are analyzed with particular emphasis on the tradeoff between security and spatial resolu...
Frame-counter scheduler: A novel QoS scheduler for real-time traffic
Schmidt, Şenan Ece (Elsevier BV, 2006-08-04)
Real-time traffic communication has Quality of Service (QoS) requirements such as end-to-end bandwidth and delay guarantees.
Citation Formats
E. Yüce, “Server notarıes: a complementary approach to the web PKI TRUST model,” Ph.D. - Doctoral Program, Middle East Technical University, 2016.