Relevant bibliographies by topics / TLS Certificates

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers
  6. Reports

Academic literature on the topic 'TLS Certificates'

Author: Grafiati
Published: 23 September 2022
Last updated: 28 January 2023

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'TLS Certificates.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "TLS Certificates"

1

Lapshichyov, Vitaly V. "TLS Certificates of the Tor Network and Their Distinctive Features." International Journal of Systems and Software Security and Protection 10, no. 2 (July 2019): 20–43. http://dx.doi.org/10.4018/ijsssp.2019070102.

Full text
Abstract:
This article presents the results of an experimental study of the properties of SSL/TLS certificates of an anonymous Tor network, based on which it is concluded that there are several features that differ from other SSL/TLS certificates. At present, in the scientific literature and in the documentation of U.S. National Security Agency, and the U.K. Government Communications Headquarters devoted to the identification of Tor network traffic, two signs of SSL/TLS certificates are indicated - the name of the certificate subject, as well as the port of the certificate transmission and network connection. The results of an experimental study allow the authors to state with a high degree of probability that Tor network certificates can be identified in the data stream between the client and server of the specified network by their size, which is between 400 and 600 bytes. The list of features of the Tor network certificates is intended to develop software or add-ons to existing ones, which is used to block access of Internet users to Darknet resources or to limit the use of the Tor anonymous network service. Based on data on the distinguishing features of Tor network certificates, an algorithm is proposed for blocking access to the Internet for users of the Tor Bundle.
APA, Harvard, Vancouver, ISO, and other styles
2

Foppe, Lucas, Jeremy Martin, Travis Mayberry, Erik C. Rye, and Lamont Brown. "Exploiting TLS Client Authentication for Widespread User Tracking." Proceedings on Privacy Enhancing Technologies 2018, no. 4 (October 1, 2018): 51–63. http://dx.doi.org/10.1515/popets-2018-0031.

Full text
Abstract:
Abstract TLS, and SSL before it, has long supported the option for clients to authenticate to servers using their own certificates, but this capability has not been widely used. However, with the development of its Push Notification Service, Apple has deployed this technology on millions of devices for the first time. Wachs et al. [42] determined iOS client certificates could be used by passive network adversaries to track individual devices across the internet. Subsequently, Apple has patched their software to fix this vulnerability. We show these countermeasures are not effective by demonstrating three novel active attacks against TLS Client Certificate Authentication that are successful despite the defenses. Additionally, we show these attacks work against all known instances of TLS Client Certificate Authentication, including smart cards like those widely deployed by the Estonian government as part of their Digital ID program. Our attacks include in-path man-in-the-middle versions as well as a more powerful on-path attack that can be carried out without full network control.
APA, Harvard, Vancouver, ISO, and other styles
3

Lapshichyov, Vitaly V., and Oleg B. Makarevich. "Detection and identification method of the tor bundle use." Informatization and communication, no. 3 (May 5, 2020): 17–20. http://dx.doi.org/10.34219/2078-8320-2020-11-3-17-20.

Full text
Abstract:
This paper presents the result of author’s research aimed at developing a detecting and identifying method of the Tor Bundle use in data transmission networks, in particular, on the Internet. Based on these characteristics, an algorithm has been developed that allows legitimate blocking of user access to a global network by a popular anonymizer. The subject of the study was an SSL/TLS encryption certificate, which is transmitted by the Tor network server to the user of the Tor Bundle and which contains the set of data necessary for its identification during the implementation of the TLS “handshake”. In the course of the study of the certificates features, several distinguishing features were identified, namely: the name of the subject and issuer of the certificate, which is a random set of letters and numbers; port used when connecting to an anonymous network; certificate size. Based on the data received, a method is proposed that allows the provider’s server to block the connection during which a certificate with certain characteristics is transmitted.
APA, Harvard, Vancouver, ISO, and other styles
4

Park, Jun-Cheol. "Cookie-Based Identification of the Public Keys of TLS/SSL Certificates." Journal of Korean Institute of Communications and Information Sciences 41, no. 1 (January 31, 2016): 101–3. http://dx.doi.org/10.7840/kics.2015.41.1.101.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Astorga, Jasone, Marc Barcelo, Aitor Urbieta, and Eduardo Jacob. "Revisiting the Feasibility of Public Key Cryptography in Light of IIoT Communications." Sensors 22, no. 7 (March 27, 2022): 2561. http://dx.doi.org/10.3390/s22072561.

Full text
Abstract:
Digital certificates are regarded as the most secure and scalable way of implementing authentication services in the Internet today. They are used by most popular security protocols, including Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The lifecycle management of digital certificates relies on centralized Certification Authority (CA)-based Public Key Infrastructures (PKIs). However, the implementation of PKIs and certificate lifecycle management procedures in Industrial Internet of Things (IIoT) environments presents some challenges, mainly due to the high resource consumption that they imply and the lack of trust in the centralized CAs. This paper identifies and describes the main challenges to implement certificate-based public key cryptography in IIoT environments and it surveys the alternative approaches proposed so far in the literature to address these challenges. Most proposals rely on the introduction of a Trusted Third Party to aid the IIoT devices in tasks that exceed their capacity. The proposed alternatives are complementary and their application depends on the specific challenge to solve, the application scenario, and the capacities of the involved IIoT devices. This paper revisits all these alternatives in light of industrial communication models, identifying their strengths and weaknesses, and providing an in-depth comparative analysis.
APA, Harvard, Vancouver, ISO, and other styles
6

Martynenkov, I. V. "THE MAIN STAGES OF DEVELOPMENT OF THE CRYPTOGRAPHIC PROTOCOLS SSL/TLS AND IPsec." Prikladnaya Diskretnaya Matematika, no. 51 (2021): 31–67. http://dx.doi.org/10.17223/20710410/51/2.

Full text
Abstract:
The paper discusses the main stages of development of cryptographic protocols from SSL 2.0 (Secure Socket Layer) to TLS 1.3 (Transport Layer Security), which ensure the protection of transport layer data in the OSI model. A brief description of the modification of the RuTLS protocol based on TLS 1.3 and their main differences is given. The development of IPsec, which provides cryptographic protection of communications at the network level of the OSI model, is considered using examples of the development of the three most commonly used protocols. These include IKE (Internet Key Exchange), AH (Authentication Header), and ESP (Encapsulation Security Payload). For the SSL/TLS and IPsec specifications, the basic handshake protocols and the main stages of their development are considered. The described handshakes include primary cryptographic information exchange cycles in the form of identifiers of interaction participants, one-time numbers, lists of supported cryptographic combinations. Authentication of participants based on certificates, shared symmetric keys, data exchange for establishing a shared Diffie — Hellman secret, development of key material for secret keys of communication sessions, message authentication, and other cryptographic parameters are presented. For different versions of SSL/TLS and IPsec, the logical structures of application data cryptographic protection functions are described.
APA, Harvard, Vancouver, ISO, and other styles
7

Busygin, A. G., A. S. Konoplev, and M. O. Kalinin. "Approaches to protection of applications based on the TLS protocol against attacks using revoked certificates." Automatic Control and Computer Sciences 50, no. 8 (December 2016): 743–48. http://dx.doi.org/10.3103/s0146411616080290.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Wazan, Ahmad Samer, Romain Laborde, David W. Chadwick, Francois Barrere, Abdelmalek Benzekri, Mustafa Kaiiali, and Adib Habbal. "Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker." Security and Communication Networks 2017 (2017): 1–23. http://dx.doi.org/10.1155/2017/6907146.

Full text
Abstract:
A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the certification authority (CA), the certificate holder (or subject), and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However, we argue that the application of this model on the Internet implies that web users need to depend on almost anyone in the world in order to use PKI technology. Thus, we believe that the current TLS system is not fit for purpose and must be revisited as a whole. In response, the latest draft edition of X.509 has proposed a new trust model by adding new entity called the Trust Broker (TB). In this paper, we present an implementation approach that a Trust Broker could follow in order to give RPs trust information about a CA by assessing the quality of its issued certificates. This is related to the quality of the CA’s policies and procedures and its commitment to them. Finally, we present our Trust Broker implementation that demonstrates how RPs can make informed decisions about certificate holders in the context of the global web, without requiring large processing resources themselves.
APA, Harvard, Vancouver, ISO, and other styles
9

Pan, Jiaye, Yi Zhuang, and Binglin Sun. "Efficient and Transparent Method for Large-Scale TLS Traffic Analysis of Browsers and Analogous Programs." Security and Communication Networks 2019 (October 27, 2019): 1–22. http://dx.doi.org/10.1155/2019/8467081.

Full text
Abstract:
Many famous attacks take web browsers as transmission channels to make the target computer infected by malwares, such as watering hole and domain name hijacking. In order to protect the data transmission, the SSL/TLS protocol has been widely used to defeat various hijacking attacks. However, the existence of such encryption protection makes the security software and devices confront with the difficulty of analyzing the encrypted malicious traffic at endpoints. In order to better solve this kind of situation, this paper proposes a new efficient and transparent method for large-scale automated TLS traffic analysis, named as hyper TLS traffic analysis (HTTA). It extracts multiple types of valuable data from the target system in the hyper mode and then correlates them to decrypt the network packets in real time, so that overall data correlation analysis can be performed on the target. Additionally, we propose an aided reverse engineering method to support the analysis, which can rapidly identify the target data in different versions of the program. The proposed method can be applied to the endpoints and cloud platforms; there are no trust risk of certificates and no influence on the target programs. Finally, the real experimental results show that the method is feasible and effective for the analysis, which leads to the lower runtime overhead compared with other methods. It covers all the popular browser programs with good adaptability and can be applied to the large-scale analysis.
APA, Harvard, Vancouver, ISO, and other styles
10

Lapshichyov, Vitaly, and Oleg Makarevich. "Method for Detecting and Identification of Tor Network Data by Wireshark Analyzer." Voprosy kiberbezopasnosti, no. 4(44) (2021): 73–80. http://dx.doi.org/10.21681/2311-3456-2021-4-73-80.

Full text
Abstract:
Purpose of the study: development of a method that allows detecting and identifying packets of the Tor network, including obfuscated packets on the local machine of the network user, by a Wireshark sniffer using the filter syntax based on the features of the Tor network packets characteristic of the TLS v1.2 and v1.3 encryption versions; studying the possibility of using the SSL Bump attack (decrypting https traffic on a virtual server using self-signed x.509 certificates) to overcome the obfuscation of Tor network packets. Method: software analysis of transmitted network packets, decomposition of the contents of data packets according to their size and belonging to encryption protocols, a comparative method in relation to different versions of the encryption protocol and resources, synthesis of filtering rules based on the syntax of the analyzer was used. Results: an applied method was developed that allows detecting and identifying packets of the Tor Network, including obfuscated packets on the local machine of the network user, by a Wireshark sniffer based on the filtering syntax based on the signs of encryption packets of the TLS v1.2 and v1.3 versions; data on the impossibility of using the SSL Bump attack to overcome the obfuscation of the Tor network was obtained.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "TLS Certificates"

1

Boinapally, Kashyap. "Security Certificate Renewal Management." Thesis, Blekinge Tekniska Högskola, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-18453.

Full text
Abstract:
Context. An SSL encrypted client-server communication is necessary to maintain the security and privacy of the communication. For an SSL encryption to work, there should be a security certificate which has a certain expiry period. Periodic renewal of the certificate after its expiry is a waste of time and an effort on part of the company. Objectives. In this study, a new system has been developed and implemented, which sends a certificate during prior communication and does not wait for the certificate to expire. Automating the process to a certain extent was done to not compromise the security of the system and to speed up the process and reduce the downtime. Methods. Experiments have been conducted to test the new system and compare it to the old system. The experiments were conducted to analyze the packets and the downtime occurring from certificate renewal. Results. The results of the experiments show that there is a significant reduction in downtime. This was achieved due to the implementation of the new system and semi-automation Conclusions. The system has been implemented, and it greatly reduces the downtime occurring due to the expiry of the security certificates. Semi-Automation has been done to not hamper the security and make the system robust.
APA, Harvard, Vancouver, ISO, and other styles
2

Petersson, Jakob. "Analysis of Methods for Chained Connections with Mutual Authentication Using TLS." Thesis, Linköpings universitet, Informationskodning, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-119455.

Full text
Abstract:
TLS is a vital protocol used to secure communication over networks and it provides an end- to-end encrypted channel between two directly communicating parties. In certain situations it is not possible, or desirable, to establish direct connections from a client to a server, as for example when connecting to a server located on a secure network behind a gateway. In these cases chained connections are required. Mutual authentication and end-to-end encryption are important capabilities in a high assur- ance environment. These are provided by TLS, but there are no known solutions for chained connections. This thesis explores multiple methods that provides the functionality for chained connec- tions using TLS in a high assurance environment with trusted servers and a public key in- frastructure. A number of methods are formally described and analysed according to multi- ple criteria reflecting both functionality and security requirements. Furthermore, the most promising method is implemented and tested in order to verify that the method is viable in a real-life environment. The proposed solution modifies the TLS protocol through the use of an extension which allows for the distinction between direct and chained connections. The extension which also allows for specifying the structure of chained connections is used in the implementation of a method that creates chained connections by layering TLS connections inside each other. Testing demonstrates that the overhead of the method is negligible and that the method is a viable solution for creating chained connections with mutual authentication using TLS.
APA, Harvard, Vancouver, ISO, and other styles
3

Bruhner, Carl Magnus, and Oscar Linnarsson. "Relay Racing with X.509 Mayflies : An Analysis of Certificate Replacements and Validity Periods in HTTPS Certificate Logs." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-167063.

Full text
Abstract:
Certificates are the foundation of secure communication over the internet as of today. While certificates can be issued with long validity periods, there is always a risk of having them compromised during their lifetime. A good practice is therefore to use shorter validity periods. However, this limits the certificate lifetime and gives less flexibility in the timing of certificate replacements. In this thesis, we use publicly available network logs from Rapid7's Project Sonar to provide an overview of the current state of certificate usage behavior. Specifically, we look at the Let's Encrypt mass revocation event in March 2020, where millions of certificates were revoked with just five days notice. In general, we show how this kind of datasets can be used, and as a deeper exploration we analyze certificate validity, lifetime and use of certificates with overlapping validity periods, as well as discuss how our findings relate to industry standard and current security trends. Specifically, we isolate automated certificate services such as Let's Encrypt and cPanel to see how their certificates differ in characteristics from other certificates in general. Based on our findings, we propose a set of rules to help improve the trust in certificate usage and strengthen security online, introducing an Always secure policy aligning certificate validity with revocation time limits in order to replace revocation requirements and overcoming the fact that mobile devices today ignore this very important security feature. To round things off, we provide some ideas for further research based on our findings and what we see possible with datasets such as the one researched in this thesis.
APA, Harvard, Vancouver, ISO, and other styles
4

Klasson, Sebastian, and Nina Lindström. "Longitudinal analysis of the certificate chains of big tech company domains." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-178396.

Full text
Abstract:
The internet is one of the most widely used mediums for communication in modern society and it has become an everyday necessity for many. It is therefore of utmost importance that it remains as secure as possible. SSL and TLS are the backbones of internet security and an integral part of these technologies are the certificates used. Certificate authorities (CAs) can issue certificates that validate that domains are who they claim to be. If a user trusts a CA they can in turn also trust domains that have been validated by them. CAs can in turn trust other CAs and this, in turn, creates a chain of trust called a certificate chain. In this thesis, the structure of these certificate chains is analysed and a longitudinal dataset is created. The analysis looks at how the certificate chains have changed over time and puts extra focus on the domains of big tech companies. The dataset created can also be used for further analysis in the future and will be a useful tool in the examination of historical certificate chains. Our findings show that the certificate chains of the domains studied do change over time; both their structure and the lengths of them vary noticeably. Most of the observed domains show a decrease in average chain length between the years of 2013 and 2020 and the structure of the chains vary significantly over the years.
APA, Harvard, Vancouver, ISO, and other styles
5

Velthuis, Paul. "New authentication mechanism using certificates for big data analytic tools." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-215694.

Full text
Abstract:
Companies analyse large amounts of sensitive data on clusters of machines, using a framework such as Apache Hadoop to handle inter-process communication, and big data analytic tools such as Apache Spark and Apache Flink to analyse the growing amounts of data. Big data analytic tools are mainly tested on performance and reliability. Security and authentication have not been enough considered and they lack behind. The goal of this research is to improve the authentication and security for data analytic tools.Currently, the aforementioned big data analytic tools are using Kerberos for authentication. Kerberos has difficulties in providing multi factor authentication. Attacks on Kerberos can abuse the authentication. To improve the authentication, an analysis of the authentication in Hadoop and the data analytic tools is performed. The research describes the characteristics to gain an overview of the security of Hadoop and the data analytic tools. One characteristic is that the usage of the transport layer security (TLS) for the security of data transportation. TLS usually establishes connections with certificates. Recently, certificates with a short time to live can be automatically handed out.This thesis develops new authentication mechanism using certificates for data analytic tools on clusters of machines, providing advantages over Kerberos. To evaluate the possibility to replace Kerberos, the mechanism is implemented in Spark. As a result, the new implementation provides several improvements. The certificates used for authentication are made valid with a short time to live and are thus less vulnerable to abuse. Further, the authentication mechanism solves new requirements coming from businesses, such as providing multi-factor authenticationand scalability.In this research a new authentication mechanism is developed, implemented and evaluated, giving better data protection by providing improved authentication.
APA, Harvard, Vancouver, ISO, and other styles
6

Traore, Mohamed. "Analyse des biais de RNG pour les mécanismes cryptographiques et applications industrielles." Thesis, Université Grenoble Alpes, 2022. http://www.theses.fr/2022GRALM013.

Full text
Abstract:
Dans ce travail, nous analysons des certificats SSL/TLS X.509 (utilisant le chiffrement RSA et provenant de centaines de millions de matériels connectés) à la recherche d'anomalies et étendons notamment les travaux de Hastings, Fried et Heninger (2016). Notre étude a été réalisée sur trois bases de données provenant de l'EFF (2010-2011), de l'ANSSI (2011-2017) et de Rapid7 (2017-2021). Plusieurs vulnérabilités affectant des matériels de fabricants connus furent détectées : modules de petites tailles (strictement inférieures à 1024 bits), modules redondants (utilisés par plusieurs entités), certificats invalides mais toujours en usage, modules vulnérables à l'attaque ROCA ainsi que des modules dits «PGCD-vulnérables» (c'est-à-dire des modules ayant des facteurs communs). Pour la base de données de Rapid7, dénombrant près de 600 millions de certificats (et incluant ceux des matériels récents), nous avons identifié 1,550,382 certificats dont les modules sont PGCD-vulnérables, soit 0.27% du nombre total. Cela a permis de factoriser 14,765 modules de 2048 bits ce qui, à notre connaissance, n'a jamais été fait.En analysant certains modules PGCD-vulnérables, on a pu rétro-concevoir de façon partielle le générateur de modules (de 512 bits) utilisé par certaines familles de pare-feux, ce qui a permis la factorisation instantanée de 42 modules de 512 bits, correspondant aux certificats provenant de 8,817 adresses IPv4.Après avoir constaté que la plupart des modules factorisés avaient été générés par la bibliothèque OpenSSL, on a analysé les codes sources et les méthodes en charge du processus de génération de clefs RSA de plusieurs versions de cette bibliothèque (couvrant la période 2005 à 2021). À travers des expérimentations sur des plateformes à base de processeurs ARM, où l'on s'est mis quasiment dans les mêmes conditions que les matériels vulnérables identifiés, on a réussi à remonter aux causes de la PGCD-vulnérabilité
In this work, we analyze X.509 SSL/TLS certificates (using RSA encryption and from hundreds of millions of connected devices) looking for anomalies and notably extend the work of Hastings, Fried and Heninger (2016). Our study was carried out on three databases from EFF (2010-2011), ANSSI (2011-2017) and Rapid7 (2017-2021). Several vulnerabilities affecting devices from well-known manufacturers were detected: small moduli (strictly less than 1024 bits), redundant moduli (used by several entities), invalid certificates but still in use, moduli vulnerable to the ROCA attack as well as so-called “GCD-vulnerable” moduli (i.e. moduli having common factors). For the Rapid7 database, counting nearly 600 million certificates (and including those for recent devices), we have identified 1,550,382 certificates whose moduli are GCD-vulnerable, that is 0.27% of the total number. This made it possible to factor 14,765 moduli of 2048 bits which, to our knowledge, has never been done.By analyzing certain GCD-vulnerable moduli, we were able to partially reverse-engineer the modulus generator (of 512 bits) used by certain families of firewalls, which allowed the instantaneous factorization of 42 moduli of 512 bits, corresponding certificates from 8,817 IPv4 addresses.After noting that most of the factored moduli had been generated by the OpenSSL library, we analyzed the source codes and the methods in charge of the RSA key generation process of several versions of this library (covering the period 2005 to 2021). Through experiments on platforms based on ARM processors, where we put ourselves in almost the same conditions as the vulnerable devices identified, we managed to trace the causes of the PGCD-vulnerability
APA, Harvard, Vancouver, ISO, and other styles
7

O'Neill, Mark Thomas. "The Security Layer." BYU ScholarsArchive, 2019. https://scholarsarchive.byu.edu/etd/7761.

Full text
Abstract:
Transport Layer Security (TLS) is a vital component to the security ecosystem and the most popular security protocol used on the Internet today. Despite the strengths of the protocol, numerous vulnerabilities result from its improper use in practice. Some of these vulnerabilities arise from weaknesses in authentication, from the rigidity of the trusted authority system to the complexities of client certificates. Others result from the misuse of TLS by developers, who misuse complicated TLS libraries, improperly validate server certificates, employ outdated cipher suites, or deploy other features insecurely. To make matters worse, system administrators and users are powerless to fix these issues, and lack the ability to properly control how their own machines communicate securely online. In this dissertation we argue that the problems described are the result of an improper placement of security responsibilities. We show that by placing TLS services in the operating system, both new and existing applications can be automatically secured, developers can easily use TLS without intimate knowledge of security, and security settings can be controlled by administrators. This is demonstrated through three explorations that provide TLS features through the operating system. First, we describe and assess TrustBase, a service that repairs and strengthens certificate-based authentication for TLS connections. TrustBase uses traffic interception and a policy engine to provide administrators fine-tuned control over the trust decisions made by all applications on their systems. Second, we introduce and evaluate the Secure Socket API (SSA), which provides TLS as an operating system service through the native POSIX socket API. The SSA enables developers to use modern TLS securely, with as little as one line of code, and also allows custom tailoring of security settings by administrators. Finally, we further explore a modern approach to TLS client authentication, leveraging the operating system to provide a generic platform for strong authentication that supports easy deployment of client authentication features and protects user privacy. We conclude with a discussion of the reasons for the success of our efforts, and note avenues for future work that leverage the principles exhibited in this work, both in and beyond TLS.
APA, Harvard, Vancouver, ISO, and other styles
8

Dickinson, Luke Austin. "Certificate Revocation Table: Leveraging Locality of Reference in Web Requests to Improve TLS Certificate Revocation." BYU ScholarsArchive, 2018. https://scholarsarchive.byu.edu/etd/7010.

Full text
Abstract:
X.509 certificate revocation defends against man-in-the-middle attacks involving a compromised certificate. Certificate revocation strategies face scalability, effectiveness, and deployment challenges as HTTPS adoption rates have soared. We propose Certificate Revocation Table (CRT), a new revocation strategy that is competitive with or exceeds alternative state-of-the-art solutions in effectiveness, efficiency, certificate growth scalability, mass revocation event scalability, revocation timeliness, privacy, and deployment requirements. The CRT periodically checks the revocation status of X.509 certificates recently used by an organization, such as clients on a university's private network. By prechecking the revocation status of each certificate the client is likely to use, the client can avoid the security problems of on-demand certificate revocation checking. To validate both the effectiveness and efficiency of using a CRT, we used 60 days of TLS traffic logs from Brigham Young University to measure the effects of actively refreshing certificates for various certificate working set window lengths. Using a certificate working set window size of 45 days, an average of 99.86% of the TLS handshakes from BYU would have revocation information cached in advance using our approach. Revocation status information can be initially downloaded by clients with a 6.7 MB file and then subsequently updated using only 205.1 KB of bandwidth daily. Updates to this CRT that only include revoked certificates require just 215 bytes of bandwidth per day.
APA, Harvard, Vancouver, ISO, and other styles
9

Gustafsson, Josef. "Certificate Transparency in Theory and Practice." Thesis, Linköpings universitet, Databas och informationsteknik, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-125855.

Full text
Abstract:
Certificate Transparency provides auditability to the widely used X.509 Public Key Infrastructure (PKIX) authentication in Transport Layer Security (TLS) protocol. Transparency logs issue signed promises of inclusions to be used together with certificates for authentication of TLS servers. Google Chrome enforces the use of Certificate Transparency for validation of Extended Validation (EV) certificates. This thesis proposes a methodology for asserting correct operation and presents a survey of active Logs. An experimental Monitor has been implemented as part of the thesis. Varying Log usage patterns and metadata about Log operation are presented, and Logs are categorized based on characteristics and usage. A case of mis-issuance by Symantec is presented to show the effectiveness of Certificate Transparency.
APA, Harvard, Vancouver, ISO, and other styles
10

Sjöström, Linus, and Carl Nykvist. "How Certificate Transparency Impact the Performance." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-140838.

Full text
Abstract:
Security on the Internet is essential to ensure the privacy of an individual. Today, Trans- port Layer Security (TLS) and certificates are used to ensure this. But certificates are not enough in order to maintain confidentiality and therefore a new concept, Certificate Trans- parency (CT), has been introduced. CT improves security by allowing the analysis of sus- picious certificates. Validation by CT uses public logs that can return Signed Certificate Timestamp (SCT), which is a promise returned by the log indicating that the certificate will be added to the log. A server may then deliver the SCT to a client in three different ways: X.509v3 extension, Online Certificate Status Protocol (OSCP) stapling and TLS extension. For further analysis, we have created a tool to collect data during TLS handshakes and data transfer, including byte information, the certificates themselves, SCT delivery method and especially timing information. From our dataset we see that most websites do not use CT and the ones that use CT almost only use X.509 extension to send their SCTs.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Books on the topic "TLS Certificates"

1

Ontario. Energy Act: Revised Statutes of Ontario, 1990, chapter E.16 as amended by 1993, chapter 27, sched.; 1994, chapter 27, s. 81; 1996, chapter 19, s. 20 ; and, the following regulations (as amended) = Loi sur les hydrocarbures : Lois refondues de l'Ontario de 1990, chapitre E.16 tel qu'il est modifié par l'annexe du chap. 27 de 1993; l'art. 81 du chap. 27 de 1994; l'art. 20 du chap. 19 de 1996 ; et, les règlements suivants (tels qu'ils sont modifiés), Certificates (O. Reg. 348/96); Compressed natural gas storage, handling and utilization (O. Reg. 83/97); Fuel oil code (R.R.O. 1990, Reg. 329); Gas utilization code (O. Reg. 546/96); Oil and gas pipeline systems (O. Reg. 157/97); Propane storage, handling and utilization (O. Reg. 514/96). [Toronto]: Queen's Printer for Ontario = Imprimeur de la Reine pour l'Ontario, 2000.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
2

National Institute National Institute of Standards and Technology. Securing Web Transactions: TLS Server Certificate Management. Independently Published, 2018.

Find full text
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "TLS Certificates"

1

Hughes, Lawrence E. "Issue and Manage TLS Client Certificates." In Pro Active Directory Certificate Services, 327–58. Berkeley, CA: Apress, 2022. http://dx.doi.org/10.1007/978-1-4842-7486-6_15.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Hughes, Lawrence E. "Issue and Manage TLS Server Certificates." In Pro Active Directory Certificate Services, 275–325. Berkeley, CA: Apress, 2022. http://dx.doi.org/10.1007/978-1-4842-7486-6_14.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Li, Bingyu, Wei Wang, Lingjia Meng, Jingqiang Lin, Xuezhong Liu, and Congli Wang. "Elaphurus: Ensemble Defense Against Fraudulent Certificates in TLS." In Information Security and Cryptology, 246–59. Cham: Springer International Publishing, 2020. http://dx.doi.org/10.1007/978-3-030-42921-8_14.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Kampanakis, Panos, and Michael Kallitsis. "Faster Post-Quantum TLS Handshakes Without Intermediate CA Certificates." In Cyber Security, Cryptology, and Machine Learning, 337–55. Cham: Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-031-07689-3_25.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Hughes, Lawrence E. "SSL and TLS." In Pro Active Directory Certificate Services, 155–75. Berkeley, CA: Apress, 2022. http://dx.doi.org/10.1007/978-1-4842-7486-6_11.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Bella, Giampaolo, Rosario Giustolisi, and Gabriele Lenzini. "A Socio-technical Understanding of TLS Certificate Validation." In Trust Management VII, 281–88. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-38323-6_23.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Zhu, Liang, Johanna Amann, and John Heidemann. "Measuring the Latency and Pervasiveness of TLS Certificate Revocation." In Passive and Active Measurement, 16–29. Cham: Springer International Publishing, 2016. http://dx.doi.org/10.1007/978-3-319-30505-9_2.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Rajathi, N., and Meghna Praveen. "Practical Implementation and Analysis of TLS Client Certificate Authentication." In Advances in Intelligent Systems and Computing, 695–703. Singapore: Springer Singapore, 2021. http://dx.doi.org/10.1007/978-981-15-8443-5_59.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Fiedler, Arno, and Christoph Thiel. "The need of European White Knights for the TLS/SSL Certificate System." In ISSE 2014 Securing Electronic Business Processes, 170–74. Wiesbaden: Springer Fachmedien Wiesbaden, 2014. http://dx.doi.org/10.1007/978-3-658-06708-3_13.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Whelan, Feargal. "Schenectady Putters and Leaving Certificate Ta-Tas: Satirizing Irish Nation-Building in ‘Echo’s Bones’." In Beckett and Modernism, 147–59. Cham: Springer International Publishing, 2018. http://dx.doi.org/10.1007/978-3-319-70374-9_10.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "TLS Certificates"

1

Torroledo, Ivan, Luis David Camacho, and Alejandro Correa Bahnsen. "Hunting Malicious TLS Certificates with Deep Neural Networks." In CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM, 2018. http://dx.doi.org/10.1145/3270101.3270105.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Persiano, Pino, and Ivan Visconti. "User privacy issues regarding certificates and the TLS protocol." In the 7th ACM conference. New York, New York, USA: ACM Press, 2000. http://dx.doi.org/10.1145/352600.352609.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Sakurai, Yuji, Takuya Watanabe, Tetsuya Okuda, Mitsuaki Akiyama, and Tatsuya Mori. "Discovering HTTPSified Phishing Websites Using the TLS Certificates Footprints." In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 2020. http://dx.doi.org/10.1109/eurospw51379.2020.00077.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Matsumoto, Stephanos, and Raphael M. Reischuk. "Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS." In Workshop on Security of Emerging Networking Technologies. Reston, VA: Internet Society, 2015. http://dx.doi.org/10.14722/sent.2015.23009.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Nawrocki, Marcin, Pouyan Fotouhi Tehrani, Raphael Hiesgen, Jonas Mücke, Thomas C. Schmidt, and Matthias Wählisch. "On the interplay between TLS certificates and QUIC performance." In CoNEXT '22: The 18th International Conference on emerging Networking EXperiments and Technologies. New York, NY, USA: ACM, 2022. http://dx.doi.org/10.1145/3555050.3569123.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Ferreira, Ana, Rosario Giustolisi, Jean-Louis Huynen, Vincent Koenig, and Gabriele Lenzini. "Studies in Socio-technical Security Analysis: Authentication of Identities with TLS Certificates." In 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 2013. http://dx.doi.org/10.1109/trustcom.2013.190.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Xia, Wei, Wei Wang, Xin He, Gang Xiong, Gaopeng Gou, Zhenzhen Li, and Zhen Li. "Old Habits Die Hard: A Sober Look at TLS Client Certificates in the Real World." In 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 2021. http://dx.doi.org/10.1109/trustcom53373.2021.00029.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Walsh, Kevin. "TLS with trustworthy certificate authorities." In 2016 IEEE Conference on Communications and Network Security (CNS). IEEE, 2016. http://dx.doi.org/10.1109/cns.2016.7860543.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Ukrop, Martin, Lydia Kraus, Vashek Matyas, and Heider Ahmad Mutleq Wahsheh. "Will you trust this TLS certificate?" In ACSAC '19: 2019 Annual Computer Security Applications Conference. New York, NY, USA: ACM, 2019. http://dx.doi.org/10.1145/3359789.3359800.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Hageman, Kaspar, Egon Kidmose, René Hansen, and Jens Pedersen. "Can a TLS Certificate Be Phishy?" In 18th International Conference on Security and Cryptography. SCITEPRESS - Science and Technology Publications, 2021. http://dx.doi.org/10.5220/0010516600380049.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "TLS Certificates"

1

Sethi, M., J. Preuß Mattsson, and S. Turner. Handling Large Certificates and Long Certificate Chains in TLS-Based EAP Methods. RFC Editor, February 2022. http://dx.doi.org/10.17487/rfc9191.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Serhrouchni, A., and H. Labiod. TLS Authentication Using Intelligent Transport System (ITS) Certificates. Edited by M. Msahli, N. Cam-Winget, and W. Whyte. RFC Editor, September 2020. http://dx.doi.org/10.17487/rfc8902.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Thakore, D. Transport Layer Security (TLS) Authorization Using Digital Transmission Content Protection (DTCP) Certificates. RFC Editor, July 2015. http://dx.doi.org/10.17487/rfc7562.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Ghedini, A., and V. Vasiliev. TLS Certificate Compression. RFC Editor, December 2020. http://dx.doi.org/10.17487/rfc8879.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Saint-Andre, P., and J. Hodges. Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). RFC Editor, March 2011. http://dx.doi.org/10.17487/rfc6125.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Akram, Mehwish, William C. Barker, Rob Clatterbuck, Donna Dodson, Brandon Everhart, Jane Gilbert, William Haag, et al. Securing web transactions TLS server certificate management. Gaithersburg, MD: National Institute of Standards and Technology, June 2020. http://dx.doi.org/10.6028/nist.sp.1800-16.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Pettersen, Y. The Transport Layer Security (TLS) Multiple Certificate Status Request Extension. RFC Editor, June 2013. http://dx.doi.org/10.17487/rfc6961.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Campbell, B., J. Bradley, N. Sakimura, and T. Lodderstedt. OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens. RFC Editor, February 2020. http://dx.doi.org/10.17487/rfc8705.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Shoemaker, R. B. Automated Certificate Management Environment (ACME) TLS Application‑Layer Protocol Negotiation (ALPN) Challenge Extension. RFC Editor, February 2020. http://dx.doi.org/10.17487/rfc8737.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Housley, R. TLS 1.3 Extension for Certificate-Based Authentication with an External Pre-Shared Key. RFC Editor, March 2020. http://dx.doi.org/10.17487/rfc8773.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'TLS Certificates' for particular source types:
Journal articles Dissertations / Theses
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography