To see the other types of publications on this topic, follow the link: Certificats SSL.
Dissertations / Theses on the topic 'Certificats SSL'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 25 dissertations / theses for your research on the topic 'Certificats SSL.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Traore, Mohamed. "Analyse des biais de RNG pour les mécanismes cryptographiques et applications industrielles." Thesis, Université Grenoble Alpes, 2022. http://www.theses.fr/2022GRALM013.
Full textAbstract:
Dans ce travail, nous analysons des certificats SSL/TLS X.509 (utilisant le chiffrement RSA et provenant de centaines de millions de matériels connectés) à la recherche d'anomalies et étendons notamment les travaux de Hastings, Fried et Heninger (2016). Notre étude a été réalisée sur trois bases de données provenant de l'EFF (2010-2011), de l'ANSSI (2011-2017) et de Rapid7 (2017-2021). Plusieurs vulnérabilités affectant des matériels de fabricants connus furent détectées : modules de petites tailles (strictement inférieures à 1024 bits), modules redondants (utilisés par plusieurs entités), certificats invalides mais toujours en usage, modules vulnérables à l'attaque ROCA ainsi que des modules dits «PGCD-vulnérables» (c'est-à-dire des modules ayant des facteurs communs). Pour la base de données de Rapid7, dénombrant près de 600 millions de certificats (et incluant ceux des matériels récents), nous avons identifié 1,550,382 certificats dont les modules sont PGCD-vulnérables, soit 0.27% du nombre total. Cela a permis de factoriser 14,765 modules de 2048 bits ce qui, à notre connaissance, n'a jamais été fait.En analysant certains modules PGCD-vulnérables, on a pu rétro-concevoir de façon partielle le générateur de modules (de 512 bits) utilisé par certaines familles de pare-feux, ce qui a permis la factorisation instantanée de 42 modules de 512 bits, correspondant aux certificats provenant de 8,817 adresses IPv4.Après avoir constaté que la plupart des modules factorisés avaient été générés par la bibliothèque OpenSSL, on a analysé les codes sources et les méthodes en charge du processus de génération de clefs RSA de plusieurs versions de cette bibliothèque (couvrant la période 2005 à 2021). À travers des expérimentations sur des plateformes à base de processeurs ARM, où l'on s'est mis quasiment dans les mêmes conditions que les matériels vulnérables identifiés, on a réussi à remonter aux causes de la PGCD-vulnérabilitéIn this work, we analyze X.509 SSL/TLS certificates (using RSA encryption and from hundreds of millions of connected devices) looking for anomalies and notably extend the work of Hastings, Fried and Heninger (2016). Our study was carried out on three databases from EFF (2010-2011), ANSSI (2011-2017) and Rapid7 (2017-2021). Several vulnerabilities affecting devices from well-known manufacturers were detected: small moduli (strictly less than 1024 bits), redundant moduli (used by several entities), invalid certificates but still in use, moduli vulnerable to the ROCA attack as well as so-called “GCD-vulnerable” moduli (i.e. moduli having common factors). For the Rapid7 database, counting nearly 600 million certificates (and including those for recent devices), we have identified 1,550,382 certificates whose moduli are GCD-vulnerable, that is 0.27% of the total number. This made it possible to factor 14,765 moduli of 2048 bits which, to our knowledge, has never been done.By analyzing certain GCD-vulnerable moduli, we were able to partially reverse-engineer the modulus generator (of 512 bits) used by certain families of firewalls, which allowed the instantaneous factorization of 42 moduli of 512 bits, corresponding certificates from 8,817 IPv4 addresses.After noting that most of the factored moduli had been generated by the OpenSSL library, we analyzed the source codes and the methods in charge of the RSA key generation process of several versions of this library (covering the period 2005 to 2021). Through experiments on platforms based on ARM processors, where we put ourselves in almost the same conditions as the vulnerable devices identified, we managed to trace the causes of the PGCD-vulnerability
2
Bruhner, Carl Magnus, and Oscar Linnarsson. "Relay Racing with X.509 Mayflies : An Analysis of Certificate Replacements and Validity Periods in HTTPS Certificate Logs." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-167063.
Full textAbstract:
Certificates are the foundation of secure communication over the internet as of today. While certificates can be issued with long validity periods, there is always a risk of having them compromised during their lifetime. A good practice is therefore to use shorter validity periods. However, this limits the certificate lifetime and gives less flexibility in the timing of certificate replacements. In this thesis, we use publicly available network logs from Rapid7's Project Sonar to provide an overview of the current state of certificate usage behavior. Specifically, we look at the Let's Encrypt mass revocation event in March 2020, where millions of certificates were revoked with just five days notice. In general, we show how this kind of datasets can be used, and as a deeper exploration we analyze certificate validity, lifetime and use of certificates with overlapping validity periods, as well as discuss how our findings relate to industry standard and current security trends. Specifically, we isolate automated certificate services such as Let's Encrypt and cPanel to see how their certificates differ in characteristics from other certificates in general. Based on our findings, we propose a set of rules to help improve the trust in certificate usage and strengthen security online, introducing an Always secure policy aligning certificate validity with revocation time limits in order to replace revocation requirements and overcoming the fact that mobile devices today ignore this very important security feature. To round things off, we provide some ideas for further research based on our findings and what we see possible with datasets such as the one researched in this thesis.
3
Boinapally, Kashyap. "Security Certificate Renewal Management." Thesis, Blekinge Tekniska Högskola, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-18453.
Full textAbstract:
Context. An SSL encrypted client-server communication is necessary to maintain the security and privacy of the communication. For an SSL encryption to work, there should be a security certificate which has a certain expiry period. Periodic renewal of the certificate after its expiry is a waste of time and an effort on part of the company. Objectives. In this study, a new system has been developed and implemented, which sends a certificate during prior communication and does not wait for the certificate to expire. Automating the process to a certain extent was done to not compromise the security of the system and to speed up the process and reduce the downtime. Methods. Experiments have been conducted to test the new system and compare it to the old system. The experiments were conducted to analyze the packets and the downtime occurring from certificate renewal. Results. The results of the experiments show that there is a significant reduction in downtime. This was achieved due to the implementation of the new system and semi-automation Conclusions. The system has been implemented, and it greatly reduces the downtime occurring due to the expiry of the security certificates. Semi-Automation has been done to not hamper the security and make the system robust.
4
Klasson, Sebastian, and Nina Lindström. "Longitudinal analysis of the certificate chains of big tech company domains." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-178396.
Full textAbstract:
The internet is one of the most widely used mediums for communication in modern society and it has become an everyday necessity for many. It is therefore of utmost importance that it remains as secure as possible. SSL and TLS are the backbones of internet security and an integral part of these technologies are the certificates used. Certificate authorities (CAs) can issue certificates that validate that domains are who they claim to be. If a user trusts a CA they can in turn also trust domains that have been validated by them. CAs can in turn trust other CAs and this, in turn, creates a chain of trust called a certificate chain. In this thesis, the structure of these certificate chains is analysed and a longitudinal dataset is created. The analysis looks at how the certificate chains have changed over time and puts extra focus on the domains of big tech companies. The dataset created can also be used for further analysis in the future and will be a useful tool in the examination of historical certificate chains. Our findings show that the certificate chains of the domains studied do change over time; both their structure and the lengths of them vary noticeably. Most of the observed domains show a decrease in average chain length between the years of 2013 and 2020 and the structure of the chains vary significantly over the years.
5
Gustafsson, Josef. "Certificate Transparency in Theory and Practice." Thesis, Linköpings universitet, Databas och informationsteknik, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-125855.
Full textAbstract:
Certificate Transparency provides auditability to the widely used X.509 Public Key Infrastructure (PKIX) authentication in Transport Layer Security (TLS) protocol. Transparency logs issue signed promises of inclusions to be used together with certificates for authentication of TLS servers. Google Chrome enforces the use of Certificate Transparency for validation of Extended Validation (EV) certificates. This thesis proposes a methodology for asserting correct operation and presents a survey of active Logs. An experimental Monitor has been implemented as part of the thesis. Varying Log usage patterns and metadata about Log operation are presented, and Logs are categorized based on characteristics and usage. A case of mis-issuance by Symantec is presented to show the effectiveness of Certificate Transparency.
6
Khanna, Isha. "Phishing on Open WLANs: Threat and Preventive Measure." Thesis, Virginia Tech, 2009. http://hdl.handle.net/10919/36170.
Full textAbstract:
Phishing is an internet security issue whose shape is still changing and size is still increasing.
This thesis shows the possibility of a phishing attack on open, private Wireless LANs. Private
WLANs which use a login page to authenticate users in hotels, airports and academic campuses
are all vulnerable to this attack. Virginia Tech's WLAN is used as an example to show that the
attack is possible. The attack combines two very well known attacks: one is to deceptively guide
a user into logging into a fake website, which shows similar log-in page to the page of the
website the user intends to go to, and the second attack is to show users a valid certificate, which
does not show a warning. The rogue server takes the user to a log-in page which is similar to
Virginia Tech's log-in page and shows him a valid security certificate.
We present a solution to the proposed problem. Software is implemented that runs on Windows
Vista. The software warns the user if there are servers with more than one type of security
certificates, claiming to be from the same network. We contrast our method to already existing
methods, and show in what respects our solution is better. The biggest advantage of this method
is that it involves no change on the server side. It is not necessary for the users to have any prior
knowledge of the network, which is very helpful when the users access WLAN at airports and
hotels. Also, when using this method, the user does not need to connect to any network, and is
still able to get a warning. It however, requires the user to be able to differentiate between the
real and fake networks after the user has been warned.Master of Science
7
Meihong, Li, Zhang Qishan, and Wang Jun. "RESEARCH AND IMPLEMENTATION OF MOBILE BANK BASED ON SSL." International Foundation for Telemetering, 2003. http://hdl.handle.net/10150/605837.
Full textAbstract:
International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, NevadaSSL protocol is one industrial standard to protect data transferred securely on Internet. Firstly SSL is analyzed, according to its characteristics, one solution plan on mobile bank based on SSL is proposed and presented, in which GPRS technology is adopted and elliptic curve algorithm is used for the session key, finally several functional modules of mobile bank are designed in details and its security is analyzed.
8
Collett, Torstein Calvin. "Simple SSH Management." BYU ScholarsArchive, 2021. https://scholarsarchive.byu.edu/etd/9130.
Full textAbstract:
SSH certificates are used by administrators so connections to the server can be verified. This ensures that only authorized administrators can access the server and that the server being accessed is the intended machine. Current solutions for managing SSH certificates are focused on commercial use, which makes them cumbersome for small groups and individuals to use. These solutions require running multiple services that companies already use but add significant overhead for smaller groups. We developed a new standalone system that makes it easy to manage SSH certificates for small amounts of servers and users, without requiring additional servers to be deployed. We evaluated our system with a user study to demonstrate its ease of use. We hope that this implementation can help guide future research toward a more simplified certificate authentication system for SSH.
9
Dotzky, Jesper, and Jon Wiklund. "Extern Web-service-lösning vid SSAB Tunnplåt i Borlänge- för kommunikation med sina distributions lager." Thesis, Högskolan Dalarna, Informatik, 2004. http://urn.kb.se/resolve?urn=urn:nbn:se:du-401.
Full textAbstract:
Detta examensarbete har utförts på SSAB- Tunnplåt i Borlänge under vårterminen 2004 och omfattar 10 veckors arbete.SSAB sköter idag sin kommunikation med distributionslagren via fax, telefon eller e-post. Eftersom detta är ett ganska tidskrävande kommunikationssätt, vill SSAB ha en smidigare och snabbare kommunikationslösning. Den lösning som SSAB vill ha är en extern Web-service-lösning för att upprätta en säker kommunikation med sina distributionslager.Parallellt med byggandet av Web-service-lösningen arbetades en förvaltningsmodell fram. Den beskriver hur förvaltningsorganisationen med dess rutiner kan se ut vid implementering av lösningen.För att skapa en säker förbindelse med Web-servicen skall en webbklient användas som i sin tur anropar en COM+ komponent. Detta för att kunna skicka med certifikatet ifrån webbklienten till webbservern där Web-servicen ligger. COM+ komponenten måste få tillgång till en användarprofil när den kommunicerar med Web-servicen. Detta för att kunna upprätta en SSL-förbindelse i det inledande skedet. SSL-förbindelsen skall läggas i den VPN-tunnel som mVPN tillhandahåller via WSSAL.
10
Petersson, Jakob. "Analysis of Methods for Chained Connections with Mutual Authentication Using TLS." Thesis, Linköpings universitet, Informationskodning, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-119455.
Full textAbstract:
TLS is a vital protocol used to secure communication over networks and it provides an end- to-end encrypted channel between two directly communicating parties. In certain situations it is not possible, or desirable, to establish direct connections from a client to a server, as for example when connecting to a server located on a secure network behind a gateway. In these cases chained connections are required. Mutual authentication and end-to-end encryption are important capabilities in a high assur- ance environment. These are provided by TLS, but there are no known solutions for chained connections. This thesis explores multiple methods that provides the functionality for chained connec- tions using TLS in a high assurance environment with trusted servers and a public key in- frastructure. A number of methods are formally described and analysed according to multi- ple criteria reflecting both functionality and security requirements. Furthermore, the most promising method is implemented and tested in order to verify that the method is viable in a real-life environment. The proposed solution modifies the TLS protocol through the use of an extension which allows for the distinction between direct and chained connections. The extension which also allows for specifying the structure of chained connections is used in the implementation of a method that creates chained connections by layering TLS connections inside each other. Testing demonstrates that the overhead of the method is negligible and that the method is a viable solution for creating chained connections with mutual authentication using TLS.
11
Klepáčková, Karolína. "Aplikace pro Android na bezpečnostní monitorování komunikace." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2019. http://www.nusl.cz/ntk/nusl-399203.
Full textAbstract:
This diploma thesis is focused on implementation of application for security monitoring of network communication of other applications in mobile device with Android platform. Provides users information about security risks that may harm his/her privacy or device. It uses a local VPN to tunnel all data sent to the wireless network. These can be linked to an application that has sent them because the Android kernel is derived from the Linux kernel and can be used to retrieve information about established network connections and the application identifier associated with the connection. This mapping allows to get more information about an app that is potentially dangerous for your mobile device.
12
O'Neill, Mark Thomas. "The Security Layer." BYU ScholarsArchive, 2019. https://scholarsarchive.byu.edu/etd/7761.
Full textAbstract:
Transport Layer Security (TLS) is a vital component to the security ecosystem and the most popular security protocol used on the Internet today. Despite the strengths of the protocol, numerous vulnerabilities result from its improper use in practice. Some of these vulnerabilities arise from weaknesses in authentication, from the rigidity of the trusted authority system to the complexities of client certificates. Others result from the misuse of TLS by developers, who misuse complicated TLS libraries, improperly validate server certificates, employ outdated cipher suites, or deploy other features insecurely. To make matters worse, system administrators and users are powerless to fix these issues, and lack the ability to properly control how their own machines communicate securely online.
In this dissertation we argue that the problems described are the result of an improper placement of security responsibilities. We show that by placing TLS services in the operating system, both new and existing applications can be automatically secured, developers can easily use TLS without intimate knowledge of security, and security settings can be controlled by administrators. This is demonstrated through three explorations that provide TLS features through the operating system. First, we describe and assess TrustBase, a service that repairs and strengthens certificate-based authentication for TLS connections. TrustBase uses traffic interception and a policy engine to provide administrators fine-tuned control over the trust decisions made by all applications on their systems. Second, we introduce and evaluate the Secure Socket API (SSA), which provides TLS as an operating system service through the native POSIX socket API. The SSA enables developers to use modern TLS securely, with as little as one line of code, and also allows custom tailoring of security settings by administrators. Finally, we further explore a modern approach to TLS client authentication, leveraging the operating system to provide a generic platform for strong authentication that supports easy deployment of client authentication features and protects user privacy. We conclude with a discussion of the reasons for the success of our efforts, and note avenues for future work that leverage the principles exhibited in this work, both in and beyond TLS.
13
Rennét, Jiří. "Bezpečnost elektronického bankovnictví pro firmu." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2010. http://www.nusl.cz/ntk/nusl-222646.
Full textAbstract:
Master’s thesis analyzes in detail the security of electronic banking within the chosen banks in Czech republic. On the base of these knowledge it defines and recommendes the most secure electronic banking for Profes Project s.r.o. company. In the folowing it investigates a current electronic banking in the company and it carries out basic theoretical findings.
14
Slavík, Petr. "Laboratorní úloha infrastruktury veřejných klíčů." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2009. http://www.nusl.cz/ntk/nusl-217981.
Full textAbstract:
The aim of this thesis is to study and describe the theme of Public Key Infrastructure (PKI). Within the scope of minute PKI characterization there is a gradual depiction of particular structural elements, which are above all represented by cryptographic operations (asymetric and symetric cryptography, hash function and digital signature); then, there are also individual PKI subjects that are dealt with, like eg. certification authority, certificates, security protocols, secure heap etc. Last but not least there are a few complete Public Key Infrastructure implementation solutions described (OpenSSL, Microsft CA). The practical part of the thesis, a lab exercise, gives potential students the knowledge of installing OpenSSL system based certification authority. The next task educate students how to secure web server with certificate signed with own CA and also how to secure web server users‘ access control through certificates signed by the previously installed CA.
15
Rapp, Axel. "Web site security maturity of the European Union and its member states : A survey study on the compliance with best practices of DNSSEC, HSTS, HTTPS, TLS-version, and certificate validation types." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-20127.
Full textAbstract:
With e-governance steadily growing, citizen-to-state communication via Web sites is as well, placing enormous trust in the protocols designed to handle this communication in a secure manner. Since breaching any of the protocols enabling Web site communication could yield benefits to a malicious attacker and bring harm to end-users, the battle between hackers and information security professionals is ongoing and never-ending. This phenomenon is the main reason why it is of importance to adhere to the latest best practices established by specialized independent organizations. Best practice compliance is important for any organization, but maybe most of all for our governing authorities, which we should hold to the highest standard possible due to the nature of their societal responsibility to protect the public. This report aims to, by conducting a quantitative survey, study the Web sites of the governments and government agencies of the member states of the European Union, as well as Web sites controlled by the European Union to assess to what degree their domains comply with the current best practices of DNSSEC, HSTS, HTTPS, SSL/TLS, and certificate validation types. The findings presented in this paper show that there are significant differences in compliance level between the different parameters measured, where HTTPS best practice deployment was the highest (96%) and HSTS best practice deployment was the lowest (3%). Further, when comparing the average best practice compliance by country, Denmark and the Netherlands performed the best, while Cyprus had the lowest average.
16
Cakir, Ece. "Single Sign-On : Risks and Opportunities of Using SSO (Single Sign-On) in a Complex System Environment with Focus on Overall Security Aspects." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-24377.
Full textAbstract:
Main concern of this thesis is to help design a secure and reliable network system which keeps growing in complexity due to the interfaces with multiple logging sub-systems and to ensure the safety of the network environment for everyone involved. The parties somewhat involved in network systems are always in need of developing new solutions to security problems and striving to have a secure access into a network so as to fulfil their job in safe computing environments. Implementation and use of SSO (Single Sign-On) offering secure and reliable network in complex systems has been specifically defined for the overall security aspects of enterprises. The information to be used within and out of organization was structured layer by layer according to the organizational needs to define the sub-systems. The users in the enterprise were defined according to their role based profiles. Structuring the information layer by layer was shown to improve the level of security by providing multiple authentication mechanisms. Before implementing SSO system necessary requirements are identified. Thereafter, user identity management and different authentication mechanisms were defined together with the network protocols and standards to insure a safe exchange of information within and outside the organization. A marketing research was conducted in line of the SSO solutions. Threat and risk analysis was conducted according to ISO/IEC 27003:2010 standard. The degree of threat and risk were evaluated by considering their consequences and possibilities. These evaluations were processed by risk treatments. MoDAF (Ministry of Defence Architecture Framework) used to show what kind of resources, applications and the other system related information are needed and exchanged in the network. In essence some suggestions were made concerning the ideas of implementing SSO solutions presented in the discussion and analysis chapter.
17
Castillo, Gallo Jessenia, and Segovia Roberto Vicencio. "Propuesta de mejora del sistema de medición de indicadores de gestión de la calidad de la empresa BYLL SRL contratistas generales certificada bajo la norma ISO 9001 – 2008." Master's thesis, Universidad Peruana de Ciencias Aplicadas (UPC), 2016. http://hdl.handle.net/10757/620923.
Full textAbstract:
Propone lograr la mejora del sistema de medición de indicadores de gestión de la calidad de la empresa constructora ByLL SRL Contratistas Generales, certificada bajo la norma ISO 9001 – 2008 desde el año 2011, esto con la finalidad de promover la mejora continua a través del logro de los objetivos de la calidad y de la eficacia de los procesos del sistema de gestión, logrando que estos indicadores proporcionen a la alta dirección, información relevante para la toma de decisiones en tiempo oportuno.
Tomando en cuenta que ByLL se encuentra certificada desde el año 2011 y con la finalidad de saber el estado del mantenimiento del Sistema de Gestión de la Calidad, se ha realizado un diagnóstico de acuerdo a ciertos criterios para cada apartado de la norma (4, 5, 6, 7 y 8), llegándose a la conclusión de que el apartado 8 Medición, Análisis y Mejora se encuentra con la valoración más baja, 2.98 de 5, este valor promedio está directamente relacionado a la medición deficiente o nula de los objetivos de calidad y procesos del sistema.
Al revisarse los 04 objetivos de la calidad de la empresa se ha encontrado que 02 de éstos son sólo de cumplimiento y mantenimiento, poco retadores y no procuran la mejora continua, por lo que se ha replanteado la planilla de seguimiento de objetivo para el período 2016 – 2017, donde los objetivos están directamente relacionados con la satisfacción del cliente y los colaboradores de la empresa. Se ha decidido, conjuntamente con la alta dirección, que todos los esfuerzos sean enfocados al logro de estas metas: 85% de satisfacción del cliente y 75% de satisfacción de los colaboradores, tendiendo a incrementarse para años posteriores según se vaya alcanzando las metas trazadas como ha sucedido en el 2015, los otros dos objetivos se considerarán en adelante como objetivos de proceso.
Finalmente, como parte de la implementación y dado que no se han podido obtener las mediciones del 100% de los indicadores en el 2015, se aplicó la Ley de Pareto para encontrar 6 indicadores críticos donde “con el 20% del esfuerzo aplicado en la medición obtengamos el 80% de los resultados que están relacionados con el costo, el tiempo, la utilidad, así como también la satisfacción del cliente y de los colaboradores”. Se han tabulado estos indicadores críticos y se ha planificado las acciones a seguir en el período 2016 – 2017 estableciendo las responsabilidades.
18
Hořejš, Jan. "Anonymní pohyb v síti internet." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2014. http://www.nusl.cz/ntk/nusl-220609.
Full textAbstract:
The objective of this master’s thesis was to describe current capabilities of anonymous browsing over the Internet. The theoretical part focuses on three main methods of anonymization with main focus on Tor network. The master‘s thesis describes advantages and disadvantages of different solutions and possible attacks on them. In the next part is demonstrated Tor network, implementation of Hidden service and secured access to the server for clients and possible attacks against this proposal. The work also includes the results of measurements of all three anonymizers and the effects on their speed.
19
Doležel, Radek. "Návrh bezpečnostní infrastruktury elektronického archivu." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2009. http://www.nusl.cz/ntk/nusl-218135.
Full textAbstract:
This master's thesis deals with design of security infrastructure for electronic archive. In theoretical part is disscus about technical resources which are based on security services and protocols and methods which are used for protection. On basics of theoretical part is designed model of security infrastructure and it is built in laboratory. Model of security infrastructure is based on Open Source Software and as safety storages for private user authentication data are used cryptographic USB tokens. This master's thesis includes design and construction of real infrastructure of secured electronic archive. In each part of master's thesis is put main emphases on security and clear explanation from the beginning of desing of model of security infrastructure for electronic archive to finish of construction.
20
Leroux, Bertrand. "La planification spatiale aux prises avec le droit : le travail d'élaboration des schémas de cohérence territoriale." Thesis, Paris Est, 2010. http://www.theses.fr/2010PEST1115.
Full textAbstract:
En 2000, la loi Solidarité et Renouvellement Urbains entend relancer la planification supracommunale. Un nouveau dispositif -le schéma de cohérence territoriale- est créé, son objectif : mieux coordonner les initiatives publiques dans le champ de l'aménagement du territoire. Dès 2001 de nombreux groupements de communes s'en saisir. Le parti pris ici est de regarder cette réforme à travers l'activité des chefs de projets de SCOT qui organisent l'écriture de ces documents. De 2002 à 2006, des entretiens documentés ont été conduits auprès de plusieurs responsables administratifs. Cette analyse retrace leur mobilisation lors des grandes étapes de ces schémas : la mise en place des périmètres, la conception des cartes, la rédaction du corps de texte.Il en ressort que leur travail s'apparente à un travail de médiation pour gérer des différends qui amène les parties prenantes de cette procédure à consentir à se fixer des règles négociées. Cette approche met en évidence la forme singulière de cette activité qui pour faire avancer la démarche s'appuie très largement sur la convocation par anticipation des effets du droit. Loin de simplement dire le droit ou de le décliner, cette activité de production d'une norme intermédiaire entre la loi et plusieurs documents et actes administratifs vient convoquer le droit pour accompagner des transactions qui trouvent parfois leur prolongement hors de tout cadre juridique. La place importante accordée au droit en situation est mise en perspective par un bref retour historique sur quarante années de production législative et de schémas supracommunaux, une analyse du double mouvement de judiciarisation et de judicisation de la planification, et dans la période actuelle sur la manière dont cette mobilisation du droit dépasse le cadre de chaque dispositif localisé pour constituer un sujet de structuration de ce milieu professionnel. L'analyse du contenu des formations proposées aux chefs de projet SCOT, de leurs échanges en différents lieux, des initiatives conduites pour faire évoluer leur cadre légale d'intervention complètent et confortent les observations situées du travailIn 2000, the law Solidarity and Urban Renewal aims at refurbishing strategic spatial planning. Local authorities are pushed to group in order to lead the writing of new master plan (schéma de cohérence territoriale). In the following years, 400 SCOT are being studied. This implementation is analyzed through a focus on urban planner works. From 2002 to 2006, interviews with these planners enlighten the master plan creation main phases : create the perimeter, drawing the maps, writing the guidelines.This PHD shows how planners play negotiation and mediation roles through this normative production, how they succeed in raising an agreement on collective rules. This analysis shows that normative planning is not an end but a beginning : Law argument on possible effects of a to-be rule -such as litigation through courts, or master plan cancellation- is a way to organize public decisions and begin negotiation. An historic analysis on law production and master plan elaboration during the last 40 years, today's interests and involvement of the profession on legislative production and law arguments complete the situated-work observation
21
Marček, Ján. "Odposlech moderních šifrovaných protokolů." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2012. http://www.nusl.cz/ntk/nusl-236427.
Full textAbstract:
This thesis deals with the introduction to the security mechanism.The procedure explains the basic concepts, principles of cryptography and security of modern protocols and basic principles that are used for information transmission network. The work also describes the most common types of attacks targeting the eavesdropping of communication. The result is a design of the eavesdropping and the implementation of an attack on the secure communication of the SSL protocol..The attacker uses a false certificate and attacks based on poisoning the ARP and DNS tables for this purpose. The thesis discusses the principles of the SSL protocol and methodology of attacks on the ARP and DNS tables.
22
von, Wenckstern Michael. "Web applications using the Google Web Toolkit." Master's thesis, Technische Universitaet Bergakademie Freiberg Universitaetsbibliothek "Georgius Agricola", 2013. http://nbn-resolving.de/urn:nbn:de:bsz:105-qucosa-115009.
Full textAbstract:
This diploma thesis describes how to create or convert traditional Java programs to desktop-like rich internet applications with the Google Web Toolkit. The Google Web Toolkit is an open source development environment, which translates Java code to browser and device independent HTML and JavaScript. Most of the GWT framework parts, including the Java to JavaScript compiler as well as important security issues of websites will be introduced. The famous Agricola board game will be implemented in the Model-View-Presenter pattern to show that complex user interfaces can be created with the Google Web Toolkit. The Google Web Toolkit framework will be compared with the JavaServer Faces one to find out which toolkit is the right one for the next web projectDiese Diplomarbeit beschreibt die Erzeugung desktopähnlicher Anwendungen mit dem Google Web Toolkit und die Umwandlung klassischer Java-Programme in diese. Das Google Web Toolkit ist eine Open-Source-Entwicklungsumgebung, die Java-Code in browserunabhängiges als auch in geräteübergreifendes HTML und JavaScript übersetzt. Vorgestellt wird der Großteil des GWT Frameworks inklusive des Java zu JavaScript-Compilers sowie wichtige Sicherheitsaspekte von Internetseiten. Um zu zeigen, dass auch komplizierte graphische Oberflächen mit dem Google Web Toolkit erzeugt werden können, wird das bekannte Brettspiel Agricola mittels Model-View-Presenter Designmuster implementiert. Zur Ermittlung der richtigen Technologie für das nächste Webprojekt findet ein Vergleich zwischen dem Google Web Toolkit und JavaServer Faces statt
23
Dias, Paulo de Mendonça. "CERTIFICATE POLYGAMY A MATTER OF TRUST." Master's thesis, 2011. http://hdl.handle.net/10451/13952.
Full textAbstract:
O acesso a serviços disponíveis na Internet expõe os utilizadores a diversos ataques, tal como o Man-in-the-Middle (MitM). As defesas para estes ataques, tais como autenticação mútua através de uma Public Key Infrastructure (PKI), baseiam-se em infra-estruturas complexas que os utilizadores não estão disponíveis para utilizar e suportar. A enorme aceitação de métodos de autenticação designados por “acto de fé” (leap-of-faith) ou “confiar na primeira utilização” (TOFU, trust-on-first-use), utilizado em implementações comuns de SSH e TLS/SSL, dão sinais claros da pré-disposição dos utilizadores em sacrificar a segurança em prol de uma melhor usabilidade. Aliás, este é um comportamento comum na vida quotidiana das pessoas. Se alguém se apresentar apenas com um cartão de visita, teremos tendência a confiar no seu conteúdo. Apenas desconfiaremos se, mais tarde, outra identificação for apresentada. Por outras palavras, confiamos nas primeiras credenciais apresentadas.
Esta temática foi abordada por soluções como o Perspectives, que fornecem autenticação tipo SSH com sondagens através de múltiplos caminhos/acessos, descrito em [1]. Através da observação e recolha das chaves públicas observadas ao longo do tempo por servidores espalhados geograficamente, designados por Notários, o Perspectives impede muitos dos ataques possíveis num cenário de TOFU. Um utilizador pode solicitar o historial de chaves de um determinado serviço, comparando-o à chave oferecida na utilização corrente, e com esse historial tomar uma decisão mais informada quanto ao aceitar uma chave que não exista em cache.
No entanto, o Perspectives assume um certificado por sítio, o que não é um pressuposto válido em muitos casos. Nesse caso, como pode o utilizador distinguir entre um certificado adicional introduzido pelo serviço a que está a aceder, e uma situação de ataque, em que o certificado está a ser fornecido pelo atacante? A presente tese endereça esta temática de poligamia de certificados, aumentando a visão dos Notários por forma a fornecer uma visão consolidada de diversos certificados. Adicionalmente, sugerimos alterações a alguns módulos do Perspectives, nomeadamente o módulo de sondagem (probing) for forma a lidar com questões tais como existência de mecanismos de caching acoplados aos serviços, pela utilização de, por exemplo, proxies.
24
Smolík, Jiří. "Důvěryhodná proxy v SSL/TLS spojení." Master's thesis, 2017. http://www.nusl.cz/ntk/nusl-264815.
Full textAbstract:
The problem of SSL/TLS interception ("trusted proxy in SSL/TLS connection") has been known for years and many implementations exist. However, all of them share a single technical solution which is based solely on the PKI authentication mechanism and suffers from multiple serious disadvantages. Most importantly, it is not compatible with several aspects or future trends of SSL/TLS and PKI, there's almost no space for improvement and its real use may spawn legal issues. After we analyze technical background and the current solution, we will propose another one, based not only on PKI but SSL/TLS too. Both solutions will be compared and general superiority of the new one will be shown. Basic implementation and analysis will follow, along with deployment requirements and ideas for future development. Powered by TCPDF (www.tcpdf.org)
25
Fernandes, Nuno Filipe Trovisco. "Cryptographic library support for a certified compiler." Master's thesis, 2014. http://hdl.handle.net/1822/37511.
Full textAbstract:
Dissertação de mestrado em Engenharia InformáticaAn essential component regarding the development of information systems is the compiler: a tool responsible for translating high-level language code, like C or Java, into machine code. The issue is, compilers are themselves big and complex programs, making them also vulnerable to failures that may be propagated to the compiled programs. To overcome those risks research on “certified compilers” has been made, and recently some proposals have appeared. That sort of compilers guarantees that the compilation process runs as specified. In this dissertation is studied the applicability of the certified compiler CompCert in cryptographic software development. The first point being addressed was the use of support libraries, such as big number libraries. As a matter of fact, such libraries are an essential requisite for the considered type of application, therefore the study of different options for using these libraries, always considering the impact in program’s performance and semantic preservation offered by the compiler. The second point being addressed was the use of SIMD extensions available on recent processors. Here the objective was to demonstrate how one could overcome the current CompCert’s limitations as to discuss other solutions.
Um componente essencial na produção de sistemas informáticos é o compilador: a ferramenta responsável por traduzir o código numa linguagem de alto nível como o C ou o Java em instruções do processador que serão efectivamente executadas. Mas os compiladores são eles próprios programas grandes e complexos, vulneráveis a falhas que se podem propagar de forma incontrolável por todos os programas por eles processados. Com o objectivo de ultrapassar esse risco surgiram recentemente as primeiras propostas de "compiladores certificados" onde se garante que o processo de compilação está conforme o especificado. Nesta dissertação é estudada a aplicabilidade do compilador certificado CompCert no desenvolvimento de software criptográfico. O primeiro aspecto abordado foi a utilização de bibliotecas de suporte, como as bibliotecas de números grandes. De facto, tais bibliotecas são um requisito essencial para tipo de aplicação considerado, estudando-se por isso diferentes alternativas para a utilização dessas bibliotecas, considerando quer o impacto na eficiência dos programas, quer as garantias de preservação semântica oferecidas pelo compilador. Um segundo aspecto abordado foi a utilização de extensões SIMD disponibilizadas pelos processadores mais recentes. Aqui o objectivo foi o de mostrar como é possível ultrapassar as limitações da versão actual do CompCert, assim como discutir soluções mais abrangentes ao problema.