Relevant bibliographies by topics / SSL/TLS Certificates

Academic literature on the topic 'SSL/TLS Certificates'

Author: Grafiati
Published: 23 September 2022
Last updated: 28 January 2023

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Contents

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'SSL/TLS Certificates.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "SSL/TLS Certificates"

1

Lapshichyov, Vitaly V. "TLS Certificates of the Tor Network and Their Distinctive Features." International Journal of Systems and Software Security and Protection 10, no. 2 (July 2019): 20–43. http://dx.doi.org/10.4018/ijsssp.2019070102.

Full text
Abstract:
This article presents the results of an experimental study of the properties of SSL/TLS certificates of an anonymous Tor network, based on which it is concluded that there are several features that differ from other SSL/TLS certificates. At present, in the scientific literature and in the documentation of U.S. National Security Agency, and the U.K. Government Communications Headquarters devoted to the identification of Tor network traffic, two signs of SSL/TLS certificates are indicated - the name of the certificate subject, as well as the port of the certificate transmission and network connection. The results of an experimental study allow the authors to state with a high degree of probability that Tor network certificates can be identified in the data stream between the client and server of the specified network by their size, which is between 400 and 600 bytes. The list of features of the Tor network certificates is intended to develop software or add-ons to existing ones, which is used to block access of Internet users to Darknet resources or to limit the use of the Tor anonymous network service. Based on data on the distinguishing features of Tor network certificates, an algorithm is proposed for blocking access to the Internet for users of the Tor Bundle.
APA, Harvard, Vancouver, ISO, and other styles
2

Foppe, Lucas, Jeremy Martin, Travis Mayberry, Erik C. Rye, and Lamont Brown. "Exploiting TLS Client Authentication for Widespread User Tracking." Proceedings on Privacy Enhancing Technologies 2018, no. 4 (October 1, 2018): 51–63. http://dx.doi.org/10.1515/popets-2018-0031.

Full text
Abstract:
Abstract TLS, and SSL before it, has long supported the option for clients to authenticate to servers using their own certificates, but this capability has not been widely used. However, with the development of its Push Notification Service, Apple has deployed this technology on millions of devices for the first time. Wachs et al. [42] determined iOS client certificates could be used by passive network adversaries to track individual devices across the internet. Subsequently, Apple has patched their software to fix this vulnerability. We show these countermeasures are not effective by demonstrating three novel active attacks against TLS Client Certificate Authentication that are successful despite the defenses. Additionally, we show these attacks work against all known instances of TLS Client Certificate Authentication, including smart cards like those widely deployed by the Estonian government as part of their Digital ID program. Our attacks include in-path man-in-the-middle versions as well as a more powerful on-path attack that can be carried out without full network control.
APA, Harvard, Vancouver, ISO, and other styles
3

Park, Jun-Cheol. "Cookie-Based Identification of the Public Keys of TLS/SSL Certificates." Journal of Korean Institute of Communications and Information Sciences 41, no. 1 (January 31, 2016): 101–3. http://dx.doi.org/10.7840/kics.2015.41.1.101.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Martynenkov, I. V. "THE MAIN STAGES OF DEVELOPMENT OF THE CRYPTOGRAPHIC PROTOCOLS SSL/TLS AND IPsec." Prikladnaya Diskretnaya Matematika, no. 51 (2021): 31–67. http://dx.doi.org/10.17223/20710410/51/2.

Full text
Abstract:
The paper discusses the main stages of development of cryptographic protocols from SSL 2.0 (Secure Socket Layer) to TLS 1.3 (Transport Layer Security), which ensure the protection of transport layer data in the OSI model. A brief description of the modification of the RuTLS protocol based on TLS 1.3 and their main differences is given. The development of IPsec, which provides cryptographic protection of communications at the network level of the OSI model, is considered using examples of the development of the three most commonly used protocols. These include IKE (Internet Key Exchange), AH (Authentication Header), and ESP (Encapsulation Security Payload). For the SSL/TLS and IPsec specifications, the basic handshake protocols and the main stages of their development are considered. The described handshakes include primary cryptographic information exchange cycles in the form of identifiers of interaction participants, one-time numbers, lists of supported cryptographic combinations. Authentication of participants based on certificates, shared symmetric keys, data exchange for establishing a shared Diffie — Hellman secret, development of key material for secret keys of communication sessions, message authentication, and other cryptographic parameters are presented. For different versions of SSL/TLS and IPsec, the logical structures of application data cryptographic protection functions are described.
APA, Harvard, Vancouver, ISO, and other styles
5

Lapshichyov, Vitaly V., and Oleg B. Makarevich. "Detection and identification method of the tor bundle use." Informatization and communication, no. 3 (May 5, 2020): 17–20. http://dx.doi.org/10.34219/2078-8320-2020-11-3-17-20.

Full text
Abstract:
This paper presents the result of author’s research aimed at developing a detecting and identifying method of the Tor Bundle use in data transmission networks, in particular, on the Internet. Based on these characteristics, an algorithm has been developed that allows legitimate blocking of user access to a global network by a popular anonymizer. The subject of the study was an SSL/TLS encryption certificate, which is transmitted by the Tor network server to the user of the Tor Bundle and which contains the set of data necessary for its identification during the implementation of the TLS “handshake”. In the course of the study of the certificates features, several distinguishing features were identified, namely: the name of the subject and issuer of the certificate, which is a random set of letters and numbers; port used when connecting to an anonymous network; certificate size. Based on the data received, a method is proposed that allows the provider’s server to block the connection during which a certificate with certain characteristics is transmitted.
APA, Harvard, Vancouver, ISO, and other styles
6

Lapshichyov, Vitaly, and Oleg Makarevich. "Method for Detecting and Identification of Tor Network Data by Wireshark Analyzer." Voprosy kiberbezopasnosti, no. 4(44) (2021): 73–80. http://dx.doi.org/10.21681/2311-3456-2021-4-73-80.

Full text
Abstract:
Purpose of the study: development of a method that allows detecting and identifying packets of the Tor network, including obfuscated packets on the local machine of the network user, by a Wireshark sniffer using the filter syntax based on the features of the Tor network packets characteristic of the TLS v1.2 and v1.3 encryption versions; studying the possibility of using the SSL Bump attack (decrypting https traffic on a virtual server using self-signed x.509 certificates) to overcome the obfuscation of Tor network packets. Method: software analysis of transmitted network packets, decomposition of the contents of data packets according to their size and belonging to encryption protocols, a comparative method in relation to different versions of the encryption protocol and resources, synthesis of filtering rules based on the syntax of the analyzer was used. Results: an applied method was developed that allows detecting and identifying packets of the Tor Network, including obfuscated packets on the local machine of the network user, by a Wireshark sniffer based on the filtering syntax based on the signs of encryption packets of the TLS v1.2 and v1.3 versions; data on the impossibility of using the SSL Bump attack to overcome the obfuscation of the Tor network was obtained.
APA, Harvard, Vancouver, ISO, and other styles
7

Asratian, R. E. "Secure Network Channel for Web Services based on SSL/TLS Technology in a Linux Environment." Programmnaya Ingeneria 13, no. 3 (March 23, 2022): 124–31. http://dx.doi.org/10.17587/prin.13.124-131.

Full text
Abstract:
An approach to the organization of secure interaction in distributed systems via a public network is considered, based on the organization of secure communication channels based on sSl/TLS technology. Unlike VPN technology, the described approach is strictly focused on supporting only HTTP/SOAP interactions in distributed systems, which allows you to implement authentication and authorization based on HTTP-header data and client public key certifi­cates as ready-made technical solutions. The approach implies the use of special gateways that provide switching from HTTP to HTTPS on the client side and switching from HTTPS to HTTP on the web server side and make up a "transparent" communication channel for system components. It is assumed that both client programs and web serv­ers are located in the same secure private network (or even on the same network node) with the gateways serving them, and only the interaction between the gateways is carried out through the public network. The work of gateways is based on the use of SSL/TLS technology to add a secure channel over an already open TCP connection. The main idea of the approach is that in this case, security tools are connected at high levels of the OSI protocol hierarchy, which allows gateways to analyze high-level parameters of information requests and responses of web servers con­tained in HTTP-headers. And this, in turn, allows you to add additional "intelligence" to the gateways associated with authentication of servers and clients, as well as with the differentiation of access rights to information resources up to individual functions (methods) of web services based on the data contained in "Subject Name" attribute of public key certificates. The implementation of the approach in the Linux environment and the results of an experimental study are described. In particular, the study showed that when calling service functions with a runtime of 0.5 seconds or higher, the secure channel increases the total query execution time by only a few percent, even with a rather large amount of data being transmitted (up to 200 kilobytes).
APA, Harvard, Vancouver, ISO, and other styles
8

Pan, Jiaye, Yi Zhuang, and Binglin Sun. "Efficient and Transparent Method for Large-Scale TLS Traffic Analysis of Browsers and Analogous Programs." Security and Communication Networks 2019 (October 27, 2019): 1–22. http://dx.doi.org/10.1155/2019/8467081.

Full text
Abstract:
Many famous attacks take web browsers as transmission channels to make the target computer infected by malwares, such as watering hole and domain name hijacking. In order to protect the data transmission, the SSL/TLS protocol has been widely used to defeat various hijacking attacks. However, the existence of such encryption protection makes the security software and devices confront with the difficulty of analyzing the encrypted malicious traffic at endpoints. In order to better solve this kind of situation, this paper proposes a new efficient and transparent method for large-scale automated TLS traffic analysis, named as hyper TLS traffic analysis (HTTA). It extracts multiple types of valuable data from the target system in the hyper mode and then correlates them to decrypt the network packets in real time, so that overall data correlation analysis can be performed on the target. Additionally, we propose an aided reverse engineering method to support the analysis, which can rapidly identify the target data in different versions of the program. The proposed method can be applied to the endpoints and cloud platforms; there are no trust risk of certificates and no influence on the target programs. Finally, the real experimental results show that the method is feasible and effective for the analysis, which leads to the lower runtime overhead compared with other methods. It covers all the popular browser programs with good adaptability and can be applied to the large-scale analysis.
APA, Harvard, Vancouver, ISO, and other styles
9

Kang, James Jin, Kiran Fahd, and Sitalakshmi Venkatraman. "Trusted Time-Based Verification Model for Automatic Man-in-the-Middle Attack Detection in Cybersecurity." Cryptography 2, no. 4 (December 5, 2018): 38. http://dx.doi.org/10.3390/cryptography2040038.

Full text
Abstract:
Due to the prevalence and constantly increasing risk of cyber-attacks, new and evolving security mechanisms are required to protect information and networks and ensure the basic security principles of confidentiality, integrity, and availability—referred to as the CIA triad. While confidentiality and integrity can be achieved using Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates, these depend on the correct authentication of servers, which could be compromised due to man-in-the-middle (MITM) attacks. Many existing solutions have practical limitations due to their operational complexity, deployment costs, as well as adversaries. We propose a novel scheme to detect MITM attacks with minimal intervention and workload to the network and systems. Our proposed model applies a novel inferencing scheme for detecting true anomalies in transmission time at a trusted time server (TTS) using time-based verification of sent and received messages. The key contribution of this paper is the ability to automatically detect MITM attacks with trusted verification of the transmission time using a learning-based inferencing algorithm. When used in conjunction with existing systems, such as intrusion detection systems (IDS), which require comprehensive configuration and network resource costs, it can provide a robust solution that addresses these practical limitations while saving costs by providing assurance.
APA, Harvard, Vancouver, ISO, and other styles
10

Jornet-Monteverde, Julio Antonio, and Juan José Galiana-Merino. "Low-Cost Conversion of Single-Zone HVAC Systems to Multi-Zone Control Systems Using Low-Power Wireless Sensor Networks." Sensors 20, no. 13 (June 27, 2020): 3611. http://dx.doi.org/10.3390/s20133611.

Full text
Abstract:
This paper presents a novel approach to convert a conventional house air conditioning installation into a more efficient system that individually controls the temperature of each zone of the house through Wi-Fi technology. Each zone regulates the air flow depending on the detected temperature, providing energy savings and increasing the machine performance. Therefore, the first step was to examine the communication bus of the air conditioner and obtain the different signal codes. Thus, an alternative Controller module has been designed and developed to control and manage the requests on the communication bus (Bus–Wi-Fi gateway). A specific circuit has been designed to adapt the signal of the serial port of the Controller with the communication bus. For the acquisition of the temperature and humidity data in each zone, a Node module has been developed, which communicates with the Controller through the Wi-Fi interface using the Message Queuing Telemetry Transport (MQTT) protocol with Secure Sockets Layer / Transport Layer Security (SSL/TLS) certificates. It has been equipped with an LCD touch screen as a human-machine interface. The Controller and the Node modules have been developed with the ultra-low power consumption CC3200 microController of Texas Instruments and the code has been implemented under the TI-RTOS real-time operating system. An additional module based on the Raspberry Pi computer has been designed to create the Wi-Fi network and implement the required network functionalities. The developed system not only ensures that the temperature in each zone is the desired one, but also controls the fan velocity of the indoor unit and the opening area of the vent registers, which considerably improves the efficiency of the system. Compared with the single-zone system, the experiments carried out show energy savings between 75% and 94% when only one of the zones is selected, and 44% when the whole house is air-conditioned, in addition to considerably improving user comfort.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "SSL/TLS Certificates"

1

Boinapally, Kashyap. "Security Certificate Renewal Management." Thesis, Blekinge Tekniska Högskola, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-18453.

Full text
Abstract:
Context. An SSL encrypted client-server communication is necessary to maintain the security and privacy of the communication. For an SSL encryption to work, there should be a security certificate which has a certain expiry period. Periodic renewal of the certificate after its expiry is a waste of time and an effort on part of the company. Objectives. In this study, a new system has been developed and implemented, which sends a certificate during prior communication and does not wait for the certificate to expire. Automating the process to a certain extent was done to not compromise the security of the system and to speed up the process and reduce the downtime. Methods. Experiments have been conducted to test the new system and compare it to the old system. The experiments were conducted to analyze the packets and the downtime occurring from certificate renewal. Results. The results of the experiments show that there is a significant reduction in downtime. This was achieved due to the implementation of the new system and semi-automation Conclusions. The system has been implemented, and it greatly reduces the downtime occurring due to the expiry of the security certificates. Semi-Automation has been done to not hamper the security and make the system robust.
APA, Harvard, Vancouver, ISO, and other styles
2

Petersson, Jakob. "Analysis of Methods for Chained Connections with Mutual Authentication Using TLS." Thesis, Linköpings universitet, Informationskodning, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-119455.

Full text
Abstract:
TLS is a vital protocol used to secure communication over networks and it provides an end- to-end encrypted channel between two directly communicating parties. In certain situations it is not possible, or desirable, to establish direct connections from a client to a server, as for example when connecting to a server located on a secure network behind a gateway. In these cases chained connections are required. Mutual authentication and end-to-end encryption are important capabilities in a high assur- ance environment. These are provided by TLS, but there are no known solutions for chained connections. This thesis explores multiple methods that provides the functionality for chained connec- tions using TLS in a high assurance environment with trusted servers and a public key in- frastructure. A number of methods are formally described and analysed according to multi- ple criteria reflecting both functionality and security requirements. Furthermore, the most promising method is implemented and tested in order to verify that the method is viable in a real-life environment. The proposed solution modifies the TLS protocol through the use of an extension which allows for the distinction between direct and chained connections. The extension which also allows for specifying the structure of chained connections is used in the implementation of a method that creates chained connections by layering TLS connections inside each other. Testing demonstrates that the overhead of the method is negligible and that the method is a viable solution for creating chained connections with mutual authentication using TLS.
APA, Harvard, Vancouver, ISO, and other styles
3

Bruhner, Carl Magnus, and Oscar Linnarsson. "Relay Racing with X.509 Mayflies : An Analysis of Certificate Replacements and Validity Periods in HTTPS Certificate Logs." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-167063.

Full text
Abstract:
Certificates are the foundation of secure communication over the internet as of today. While certificates can be issued with long validity periods, there is always a risk of having them compromised during their lifetime. A good practice is therefore to use shorter validity periods. However, this limits the certificate lifetime and gives less flexibility in the timing of certificate replacements. In this thesis, we use publicly available network logs from Rapid7's Project Sonar to provide an overview of the current state of certificate usage behavior. Specifically, we look at the Let's Encrypt mass revocation event in March 2020, where millions of certificates were revoked with just five days notice. In general, we show how this kind of datasets can be used, and as a deeper exploration we analyze certificate validity, lifetime and use of certificates with overlapping validity periods, as well as discuss how our findings relate to industry standard and current security trends. Specifically, we isolate automated certificate services such as Let's Encrypt and cPanel to see how their certificates differ in characteristics from other certificates in general. Based on our findings, we propose a set of rules to help improve the trust in certificate usage and strengthen security online, introducing an Always secure policy aligning certificate validity with revocation time limits in order to replace revocation requirements and overcoming the fact that mobile devices today ignore this very important security feature. To round things off, we provide some ideas for further research based on our findings and what we see possible with datasets such as the one researched in this thesis.
APA, Harvard, Vancouver, ISO, and other styles
4

Klasson, Sebastian, and Nina Lindström. "Longitudinal analysis of the certificate chains of big tech company domains." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-178396.

Full text
Abstract:
The internet is one of the most widely used mediums for communication in modern society and it has become an everyday necessity for many. It is therefore of utmost importance that it remains as secure as possible. SSL and TLS are the backbones of internet security and an integral part of these technologies are the certificates used. Certificate authorities (CAs) can issue certificates that validate that domains are who they claim to be. If a user trusts a CA they can in turn also trust domains that have been validated by them. CAs can in turn trust other CAs and this, in turn, creates a chain of trust called a certificate chain. In this thesis, the structure of these certificate chains is analysed and a longitudinal dataset is created. The analysis looks at how the certificate chains have changed over time and puts extra focus on the domains of big tech companies. The dataset created can also be used for further analysis in the future and will be a useful tool in the examination of historical certificate chains. Our findings show that the certificate chains of the domains studied do change over time; both their structure and the lengths of them vary noticeably. Most of the observed domains show a decrease in average chain length between the years of 2013 and 2020 and the structure of the chains vary significantly over the years.
APA, Harvard, Vancouver, ISO, and other styles
5

Traore, Mohamed. "Analyse des biais de RNG pour les mécanismes cryptographiques et applications industrielles." Thesis, Université Grenoble Alpes, 2022. http://www.theses.fr/2022GRALM013.

Full text
Abstract:
Dans ce travail, nous analysons des certificats SSL/TLS X.509 (utilisant le chiffrement RSA et provenant de centaines de millions de matériels connectés) à la recherche d'anomalies et étendons notamment les travaux de Hastings, Fried et Heninger (2016). Notre étude a été réalisée sur trois bases de données provenant de l'EFF (2010-2011), de l'ANSSI (2011-2017) et de Rapid7 (2017-2021). Plusieurs vulnérabilités affectant des matériels de fabricants connus furent détectées : modules de petites tailles (strictement inférieures à 1024 bits), modules redondants (utilisés par plusieurs entités), certificats invalides mais toujours en usage, modules vulnérables à l'attaque ROCA ainsi que des modules dits «PGCD-vulnérables» (c'est-à-dire des modules ayant des facteurs communs). Pour la base de données de Rapid7, dénombrant près de 600 millions de certificats (et incluant ceux des matériels récents), nous avons identifié 1,550,382 certificats dont les modules sont PGCD-vulnérables, soit 0.27% du nombre total. Cela a permis de factoriser 14,765 modules de 2048 bits ce qui, à notre connaissance, n'a jamais été fait.En analysant certains modules PGCD-vulnérables, on a pu rétro-concevoir de façon partielle le générateur de modules (de 512 bits) utilisé par certaines familles de pare-feux, ce qui a permis la factorisation instantanée de 42 modules de 512 bits, correspondant aux certificats provenant de 8,817 adresses IPv4.Après avoir constaté que la plupart des modules factorisés avaient été générés par la bibliothèque OpenSSL, on a analysé les codes sources et les méthodes en charge du processus de génération de clefs RSA de plusieurs versions de cette bibliothèque (couvrant la période 2005 à 2021). À travers des expérimentations sur des plateformes à base de processeurs ARM, où l'on s'est mis quasiment dans les mêmes conditions que les matériels vulnérables identifiés, on a réussi à remonter aux causes de la PGCD-vulnérabilité
In this work, we analyze X.509 SSL/TLS certificates (using RSA encryption and from hundreds of millions of connected devices) looking for anomalies and notably extend the work of Hastings, Fried and Heninger (2016). Our study was carried out on three databases from EFF (2010-2011), ANSSI (2011-2017) and Rapid7 (2017-2021). Several vulnerabilities affecting devices from well-known manufacturers were detected: small moduli (strictly less than 1024 bits), redundant moduli (used by several entities), invalid certificates but still in use, moduli vulnerable to the ROCA attack as well as so-called “GCD-vulnerable” moduli (i.e. moduli having common factors). For the Rapid7 database, counting nearly 600 million certificates (and including those for recent devices), we have identified 1,550,382 certificates whose moduli are GCD-vulnerable, that is 0.27% of the total number. This made it possible to factor 14,765 moduli of 2048 bits which, to our knowledge, has never been done.By analyzing certain GCD-vulnerable moduli, we were able to partially reverse-engineer the modulus generator (of 512 bits) used by certain families of firewalls, which allowed the instantaneous factorization of 42 moduli of 512 bits, corresponding certificates from 8,817 IPv4 addresses.After noting that most of the factored moduli had been generated by the OpenSSL library, we analyzed the source codes and the methods in charge of the RSA key generation process of several versions of this library (covering the period 2005 to 2021). Through experiments on platforms based on ARM processors, where we put ourselves in almost the same conditions as the vulnerable devices identified, we managed to trace the causes of the PGCD-vulnerability
APA, Harvard, Vancouver, ISO, and other styles
6

O'Neill, Mark Thomas. "The Security Layer." BYU ScholarsArchive, 2019. https://scholarsarchive.byu.edu/etd/7761.

Full text
Abstract:
Transport Layer Security (TLS) is a vital component to the security ecosystem and the most popular security protocol used on the Internet today. Despite the strengths of the protocol, numerous vulnerabilities result from its improper use in practice. Some of these vulnerabilities arise from weaknesses in authentication, from the rigidity of the trusted authority system to the complexities of client certificates. Others result from the misuse of TLS by developers, who misuse complicated TLS libraries, improperly validate server certificates, employ outdated cipher suites, or deploy other features insecurely. To make matters worse, system administrators and users are powerless to fix these issues, and lack the ability to properly control how their own machines communicate securely online. In this dissertation we argue that the problems described are the result of an improper placement of security responsibilities. We show that by placing TLS services in the operating system, both new and existing applications can be automatically secured, developers can easily use TLS without intimate knowledge of security, and security settings can be controlled by administrators. This is demonstrated through three explorations that provide TLS features through the operating system. First, we describe and assess TrustBase, a service that repairs and strengthens certificate-based authentication for TLS connections. TrustBase uses traffic interception and a policy engine to provide administrators fine-tuned control over the trust decisions made by all applications on their systems. Second, we introduce and evaluate the Secure Socket API (SSA), which provides TLS as an operating system service through the native POSIX socket API. The SSA enables developers to use modern TLS securely, with as little as one line of code, and also allows custom tailoring of security settings by administrators. Finally, we further explore a modern approach to TLS client authentication, leveraging the operating system to provide a generic platform for strong authentication that supports easy deployment of client authentication features and protects user privacy. We conclude with a discussion of the reasons for the success of our efforts, and note avenues for future work that leverage the principles exhibited in this work, both in and beyond TLS.
APA, Harvard, Vancouver, ISO, and other styles
7

Gustafsson, Josef. "Certificate Transparency in Theory and Practice." Thesis, Linköpings universitet, Databas och informationsteknik, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-125855.

Full text
Abstract:
Certificate Transparency provides auditability to the widely used X.509 Public Key Infrastructure (PKIX) authentication in Transport Layer Security (TLS) protocol. Transparency logs issue signed promises of inclusions to be used together with certificates for authentication of TLS servers. Google Chrome enforces the use of Certificate Transparency for validation of Extended Validation (EV) certificates. This thesis proposes a methodology for asserting correct operation and presents a survey of active Logs. An experimental Monitor has been implemented as part of the thesis. Varying Log usage patterns and metadata about Log operation are presented, and Logs are categorized based on characteristics and usage. A case of mis-issuance by Symantec is presented to show the effectiveness of Certificate Transparency.
APA, Harvard, Vancouver, ISO, and other styles
8

Klepáčková, Karolína. "Aplikace pro Android na bezpečnostní monitorování komunikace." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2019. http://www.nusl.cz/ntk/nusl-399203.

Full text
Abstract:
This diploma thesis is focused on implementation of application for security monitoring of network communication of other applications in mobile device with Android platform. Provides users information about security risks that may harm his/her privacy or device. It uses a local VPN to tunnel all data sent to the wireless network. These can be linked to an application that has sent them because the Android kernel is derived from the Linux kernel and can be used to retrieve information about established network connections and the application identifier associated with the connection. This mapping allows to get more information about an app that is potentially dangerous for your mobile device.
APA, Harvard, Vancouver, ISO, and other styles
9

Rapp, Axel. "Web site security maturity of the European Union and its member states : A survey study on the compliance with best practices of DNSSEC, HSTS, HTTPS, TLS-version, and certificate validation types." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-20127.

Full text
Abstract:
With e-governance steadily growing, citizen-to-state communication via Web sites is as well, placing enormous trust in the protocols designed to handle this communication in a secure manner. Since breaching any of the protocols enabling Web site communication could yield benefits to a malicious attacker and bring harm to end-users, the battle between hackers and information security professionals is ongoing and never-ending. This phenomenon is the main reason why it is of importance to adhere to the latest best practices established by specialized independent organizations. Best practice compliance is important for any organization, but maybe most of all for our governing authorities, which we should hold to the highest standard possible due to the nature of their societal responsibility to protect the public. This report aims to, by conducting a quantitative survey, study the Web sites of the governments and government agencies of the member states of the European Union, as well as Web sites controlled by the European Union to assess to what degree their domains comply with the current best practices of DNSSEC, HSTS, HTTPS, SSL/TLS, and certificate validation types. The findings presented in this paper show that there are significant differences in compliance level between the different parameters measured, where HTTPS best practice deployment was the highest (96%) and HSTS best practice deployment was the lowest (3%). Further, when comparing the average best practice compliance by country, Denmark and the Netherlands performed the best, while Cyprus had the lowest average.
APA, Harvard, Vancouver, ISO, and other styles
10

Slavík, Petr. "Laboratorní úloha infrastruktury veřejných klíčů." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2009. http://www.nusl.cz/ntk/nusl-217981.

Full text
Abstract:
The aim of this thesis is to study and describe the theme of Public Key Infrastructure (PKI). Within the scope of minute PKI characterization there is a gradual depiction of particular structural elements, which are above all represented by cryptographic operations (asymetric and symetric cryptography, hash function and digital signature); then, there are also individual PKI subjects that are dealt with, like eg. certification authority, certificates, security protocols, secure heap etc. Last but not least there are a few complete Public Key Infrastructure implementation solutions described (OpenSSL, Microsft CA). The practical part of the thesis, a lab exercise, gives potential students the knowledge of installing OpenSSL system based certification authority. The next task educate students how to secure web server with certificate signed with own CA and also how to secure web server users‘ access control through certificates signed by the previously installed CA.
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "SSL/TLS Certificates"

1

Hughes, Lawrence E. "SSL and TLS." In Pro Active Directory Certificate Services, 155–75. Berkeley, CA: Apress, 2022. http://dx.doi.org/10.1007/978-1-4842-7486-6_11.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Fiedler, Arno, and Christoph Thiel. "The need of European White Knights for the TLS/SSL Certificate System." In ISSE 2014 Securing Electronic Business Processes, 170–74. Wiesbaden: Springer Fachmedien Wiesbaden, 2014. http://dx.doi.org/10.1007/978-3-658-06708-3_13.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Mogollon, Manuel. "TLS, SSL, and SET." In Cryptography and Security Services, 300–333. IGI Global, 2008. http://dx.doi.org/10.4018/978-1-59904-837-6.ch012.

Full text
Abstract:
In an Internet commercial transaction, the secure Web server and the buyer’s computer authenticate each other and encipher the data transmitted using transport layer security (TLS) or secure socket layer (SSL) protocols. When a purchase is made online using a credit card, does the customer’s bank need to know what was purchased? Not really. Does the seller need to know the customer’s credit card number? Actually, the answer is no. The responses to these questions were the main premises of the secure electronic transaction (SET). In the late 1990’s, SET was approved as the credit card standard, but it failed to be accepted because of its cost and the problems regarding distribution of end-user certificates. However, SET is explained in this chapter as an ideal protocol, from the point of view of certificates, digital signatures, and cryptography for securing credit card transactions over the Internet.
APA, Harvard, Vancouver, ISO, and other styles
4

"Creating a Network of Trust Using X.509 Certificates." In Implementing SSL/TLS Using Cryptography and PKI, 221–96. Indianapolis, IN, USA: Wiley Publishing, Inc., 2011. http://dx.doi.org/10.1002/9781118255797.ch5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Chen, Lei, Wen-Chen Hu, Ming Yang, and Lei Zhang. "Applied Cryptography in E-mail Services and Web Services." In Applied Cryptography for Cyber Security and Defense, 130–45. IGI Global, 2011. http://dx.doi.org/10.4018/978-1-61520-783-1.ch005.

Full text
Abstract:
E-mail services are the method of sending and receiving electronic messages over communication networks. Web services on the other hand provide a channel of accessing interlinked hypermeida via the World Wide Web. As these two methods of network communications turn into the most popular services over the Internet, applied cryptography and secure authentication protocols become indispensable in securing confidential data over public networks. In this chapter, we first review a number of cryptographic ciphers widely used in secure communication protocols. We then discuss and compare the popular trust system Web of Trust, the certificate standard X.509, and the standard for public key systems Public Key Infrastructure (PKI). Two secure e-mail standards, OpenPGP and S/MIME, are examined and compared. The de facto standard cryptographic protocol for e-commerce, Secure Socket Layer (SSL) / Transport Layer Security (TLS), and XML Security Standards for secure web services are also discussed.
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "SSL/TLS Certificates"

1

Matsumoto, Stephanos, and Raphael M. Reischuk. "Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS." In Workshop on Security of Emerging Networking Technologies. Reston, VA: Internet Society, 2015. http://dx.doi.org/10.14722/sent.2015.23009.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Manolache, Florin B., and Octavian Rusu. "Automated SSL/TLS Certificate Distribution System." In 2021 20th RoEduNet Conference: Networking in Education and Research (RoEduNet). IEEE, 2021. http://dx.doi.org/10.1109/roedunet54112.2021.9637722.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Gallersdorfer, Ulrich, and Florian Matthes. "TeSC: TLS/SSL-Certificate Endorsed Smart Contracts." In 2021 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS). IEEE, 2021. http://dx.doi.org/10.1109/dapps52256.2021.00016.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Escarrone, Thiago, Diego Kreutz, and Maurício Fiorenza. "Uma Primeira Analise do Ecosistema HTTPS no Brasil." In XVII Escola Regional de Redes de Computadores. Sociedade Brasileira de Computação - SBC, 2019. http://dx.doi.org/10.5753/errc.2019.9226.

Full text
Abstract:
O HTTPS (SSL/TLS) é essencial para garantir a segurança (e.g. confidencialidade dos dados) das comunicações que utilizam o protocolo HTTP na Internet. Entretanto, apesar da crescente adoção do HTTPS, muitos sites ainda não implementam da maneira correta os certificados digitais. Neste trabalho é presentado um primeiro levantamento sobre o estado do ecossistema SSL/TLS no Brasil. Para a análise, foram selecionados 44 sites de instituições financeiras e governamentais, incluindo o governo federal e governos estaduais. Os resultados apontam que a maioria dos sites utilizam ou suportam versões antigas do SSL ou do TLS, que contém vulnerabilidades conhecidas e passíveis de exploração por agentes maliciosos.
APA, Harvard, Vancouver, ISO, and other styles
5

Chen, Yuting, and Zhendong Su. "Guided differential testing of certificate validation in SSL/TLS implementations." In ESEC/FSE'15: Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering. New York, NY, USA: ACM, 2015. http://dx.doi.org/10.1145/2786805.2786835.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Fu, Peipei, Zhen Li, Gang Xiong, Zigang Cao, and Cuicui Kang. "SSL/TLS Security Exploration Through X.509 Certificate’s Life Cycle Measurement." In 2018 IEEE Symposium on Computers and Communications (ISCC). IEEE, 2018. http://dx.doi.org/10.1109/iscc.2018.8538533.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Chen, Chu, Cong Tian, Zhenhua Duan, and Liang Zhao. "RFC-directed differential testing of certificate validation in SSL/TLS implementations." In ICSE '18: 40th International Conference on Software Engineering. New York, NY, USA: ACM, 2018. http://dx.doi.org/10.1145/3180155.3180226.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Fiorenza, Maurício M., Diego Kreutz, Thiago Escarrone, and Daniel Temp. "Uma Análise da Utilização de HTTPS no Brasil." In Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos. Sociedade Brasileira de Computação, 2020. http://dx.doi.org/10.5753/sbrc.2020.12338.

Full text
Abstract:
O HTTPS é essencial para garantir a segurança das comunicações que utilizam o protocolo HTTP na Internet. Entretanto, apesar da crescente adoção do HTTPS, muitos sites ainda não implementam da maneira correta os certificados digitais e não suportam a versão 1.3 do TLS. Este trabalho apresenta uma análise da utilização do HTTPS no Brasil. A análise apresentada neste paper inclui 5806 sites de instituições públicas e privadas, incluindo sites das três esferas governamentais, instituições financeiras, comércio eletrônico, além de 994 endereços IP da base de dados do Censys, que englobam endereços de operadoras e provedores de serviços de Internet. Os resultados demonstram que a maioria dos serviços analisados utilizam ou suportam versões antigas do TLS/SSL, que contém vulnerabilidades conhecidas e passíveis de exploração por agentes maliciosos. Apenas 30% dos sites analisados suportam a versão 1.3 do TLS.
APA, Harvard, Vancouver, ISO, and other styles
9

Brubaker, Chad, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, and Vitaly Shmatikov. "Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations." In 2014 IEEE Symposium on Security and Privacy (SP). IEEE, 2014. http://dx.doi.org/10.1109/sp.2014.15.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Chen, Chao, Wenrui Diao, Yingpei Zeng, Shanqing Guo, and Chengyu Hu. "DRLgencert: Deep Learning-Based Automated Testing of Certificate Verification in SSL/TLS Implementations." In 2018 IEEE International Conference on Software Maintenance and Evolution (ICSME). IEEE, 2018. http://dx.doi.org/10.1109/icsme.2018.00014.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'SSL/TLS Certificates' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography