Готові списки джерел за темами / TLS Certificates

Добірка наукової літератури з теми "TLS Certificates"

Автор: Grafiati
Опубліковано: 23 вересня 2022
Оновлено: 28 січня 2023

Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями

Оберіть тип джерела:

Зміст

Ознайомтеся зі списками актуальних статей, книг, дисертацій, тез та інших наукових джерел на тему "TLS Certificates".

Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.

Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.

Статті в журналах з теми "TLS Certificates"

1

Lapshichyov, Vitaly V. "TLS Certificates of the Tor Network and Their Distinctive Features." International Journal of Systems and Software Security and Protection 10, no. 2 (July 2019): 20–43. http://dx.doi.org/10.4018/ijsssp.2019070102.

Повний текст джерела
Анотація:
This article presents the results of an experimental study of the properties of SSL/TLS certificates of an anonymous Tor network, based on which it is concluded that there are several features that differ from other SSL/TLS certificates. At present, in the scientific literature and in the documentation of U.S. National Security Agency, and the U.K. Government Communications Headquarters devoted to the identification of Tor network traffic, two signs of SSL/TLS certificates are indicated - the name of the certificate subject, as well as the port of the certificate transmission and network connection. The results of an experimental study allow the authors to state with a high degree of probability that Tor network certificates can be identified in the data stream between the client and server of the specified network by their size, which is between 400 and 600 bytes. The list of features of the Tor network certificates is intended to develop software or add-ons to existing ones, which is used to block access of Internet users to Darknet resources or to limit the use of the Tor anonymous network service. Based on data on the distinguishing features of Tor network certificates, an algorithm is proposed for blocking access to the Internet for users of the Tor Bundle.
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Foppe, Lucas, Jeremy Martin, Travis Mayberry, Erik C. Rye, and Lamont Brown. "Exploiting TLS Client Authentication for Widespread User Tracking." Proceedings on Privacy Enhancing Technologies 2018, no. 4 (October 1, 2018): 51–63. http://dx.doi.org/10.1515/popets-2018-0031.

Повний текст джерела
Анотація:
Abstract TLS, and SSL before it, has long supported the option for clients to authenticate to servers using their own certificates, but this capability has not been widely used. However, with the development of its Push Notification Service, Apple has deployed this technology on millions of devices for the first time. Wachs et al. [42] determined iOS client certificates could be used by passive network adversaries to track individual devices across the internet. Subsequently, Apple has patched their software to fix this vulnerability. We show these countermeasures are not effective by demonstrating three novel active attacks against TLS Client Certificate Authentication that are successful despite the defenses. Additionally, we show these attacks work against all known instances of TLS Client Certificate Authentication, including smart cards like those widely deployed by the Estonian government as part of their Digital ID program. Our attacks include in-path man-in-the-middle versions as well as a more powerful on-path attack that can be carried out without full network control.
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Lapshichyov, Vitaly V., and Oleg B. Makarevich. "Detection and identification method of the tor bundle use." Informatization and communication, no. 3 (May 5, 2020): 17–20. http://dx.doi.org/10.34219/2078-8320-2020-11-3-17-20.

Повний текст джерела
Анотація:
This paper presents the result of author’s research aimed at developing a detecting and identifying method of the Tor Bundle use in data transmission networks, in particular, on the Internet. Based on these characteristics, an algorithm has been developed that allows legitimate blocking of user access to a global network by a popular anonymizer. The subject of the study was an SSL/TLS encryption certificate, which is transmitted by the Tor network server to the user of the Tor Bundle and which contains the set of data necessary for its identification during the implementation of the TLS “handshake”. In the course of the study of the certificates features, several distinguishing features were identified, namely: the name of the subject and issuer of the certificate, which is a random set of letters and numbers; port used when connecting to an anonymous network; certificate size. Based on the data received, a method is proposed that allows the provider’s server to block the connection during which a certificate with certain characteristics is transmitted.
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Park, Jun-Cheol. "Cookie-Based Identification of the Public Keys of TLS/SSL Certificates." Journal of Korean Institute of Communications and Information Sciences 41, no. 1 (January 31, 2016): 101–3. http://dx.doi.org/10.7840/kics.2015.41.1.101.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Astorga, Jasone, Marc Barcelo, Aitor Urbieta, and Eduardo Jacob. "Revisiting the Feasibility of Public Key Cryptography in Light of IIoT Communications." Sensors 22, no. 7 (March 27, 2022): 2561. http://dx.doi.org/10.3390/s22072561.

Повний текст джерела
Анотація:
Digital certificates are regarded as the most secure and scalable way of implementing authentication services in the Internet today. They are used by most popular security protocols, including Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The lifecycle management of digital certificates relies on centralized Certification Authority (CA)-based Public Key Infrastructures (PKIs). However, the implementation of PKIs and certificate lifecycle management procedures in Industrial Internet of Things (IIoT) environments presents some challenges, mainly due to the high resource consumption that they imply and the lack of trust in the centralized CAs. This paper identifies and describes the main challenges to implement certificate-based public key cryptography in IIoT environments and it surveys the alternative approaches proposed so far in the literature to address these challenges. Most proposals rely on the introduction of a Trusted Third Party to aid the IIoT devices in tasks that exceed their capacity. The proposed alternatives are complementary and their application depends on the specific challenge to solve, the application scenario, and the capacities of the involved IIoT devices. This paper revisits all these alternatives in light of industrial communication models, identifying their strengths and weaknesses, and providing an in-depth comparative analysis.
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Martynenkov, I. V. "THE MAIN STAGES OF DEVELOPMENT OF THE CRYPTOGRAPHIC PROTOCOLS SSL/TLS AND IPsec." Prikladnaya Diskretnaya Matematika, no. 51 (2021): 31–67. http://dx.doi.org/10.17223/20710410/51/2.

Повний текст джерела
Анотація:
The paper discusses the main stages of development of cryptographic protocols from SSL 2.0 (Secure Socket Layer) to TLS 1.3 (Transport Layer Security), which ensure the protection of transport layer data in the OSI model. A brief description of the modification of the RuTLS protocol based on TLS 1.3 and their main differences is given. The development of IPsec, which provides cryptographic protection of communications at the network level of the OSI model, is considered using examples of the development of the three most commonly used protocols. These include IKE (Internet Key Exchange), AH (Authentication Header), and ESP (Encapsulation Security Payload). For the SSL/TLS and IPsec specifications, the basic handshake protocols and the main stages of their development are considered. The described handshakes include primary cryptographic information exchange cycles in the form of identifiers of interaction participants, one-time numbers, lists of supported cryptographic combinations. Authentication of participants based on certificates, shared symmetric keys, data exchange for establishing a shared Diffie — Hellman secret, development of key material for secret keys of communication sessions, message authentication, and other cryptographic parameters are presented. For different versions of SSL/TLS and IPsec, the logical structures of application data cryptographic protection functions are described.
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Busygin, A. G., A. S. Konoplev, and M. O. Kalinin. "Approaches to protection of applications based on the TLS protocol against attacks using revoked certificates." Automatic Control and Computer Sciences 50, no. 8 (December 2016): 743–48. http://dx.doi.org/10.3103/s0146411616080290.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Wazan, Ahmad Samer, Romain Laborde, David W. Chadwick, Francois Barrere, Abdelmalek Benzekri, Mustafa Kaiiali, and Adib Habbal. "Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker." Security and Communication Networks 2017 (2017): 1–23. http://dx.doi.org/10.1155/2017/6907146.

Повний текст джерела
Анотація:
A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the certification authority (CA), the certificate holder (or subject), and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However, we argue that the application of this model on the Internet implies that web users need to depend on almost anyone in the world in order to use PKI technology. Thus, we believe that the current TLS system is not fit for purpose and must be revisited as a whole. In response, the latest draft edition of X.509 has proposed a new trust model by adding new entity called the Trust Broker (TB). In this paper, we present an implementation approach that a Trust Broker could follow in order to give RPs trust information about a CA by assessing the quality of its issued certificates. This is related to the quality of the CA’s policies and procedures and its commitment to them. Finally, we present our Trust Broker implementation that demonstrates how RPs can make informed decisions about certificate holders in the context of the global web, without requiring large processing resources themselves.
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Pan, Jiaye, Yi Zhuang, and Binglin Sun. "Efficient and Transparent Method for Large-Scale TLS Traffic Analysis of Browsers and Analogous Programs." Security and Communication Networks 2019 (October 27, 2019): 1–22. http://dx.doi.org/10.1155/2019/8467081.

Повний текст джерела
Анотація:
Many famous attacks take web browsers as transmission channels to make the target computer infected by malwares, such as watering hole and domain name hijacking. In order to protect the data transmission, the SSL/TLS protocol has been widely used to defeat various hijacking attacks. However, the existence of such encryption protection makes the security software and devices confront with the difficulty of analyzing the encrypted malicious traffic at endpoints. In order to better solve this kind of situation, this paper proposes a new efficient and transparent method for large-scale automated TLS traffic analysis, named as hyper TLS traffic analysis (HTTA). It extracts multiple types of valuable data from the target system in the hyper mode and then correlates them to decrypt the network packets in real time, so that overall data correlation analysis can be performed on the target. Additionally, we propose an aided reverse engineering method to support the analysis, which can rapidly identify the target data in different versions of the program. The proposed method can be applied to the endpoints and cloud platforms; there are no trust risk of certificates and no influence on the target programs. Finally, the real experimental results show that the method is feasible and effective for the analysis, which leads to the lower runtime overhead compared with other methods. It covers all the popular browser programs with good adaptability and can be applied to the large-scale analysis.
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Lapshichyov, Vitaly, and Oleg Makarevich. "Method for Detecting and Identification of Tor Network Data by Wireshark Analyzer." Voprosy kiberbezopasnosti, no. 4(44) (2021): 73–80. http://dx.doi.org/10.21681/2311-3456-2021-4-73-80.

Повний текст джерела
Анотація:
Purpose of the study: development of a method that allows detecting and identifying packets of the Tor network, including obfuscated packets on the local machine of the network user, by a Wireshark sniffer using the filter syntax based on the features of the Tor network packets characteristic of the TLS v1.2 and v1.3 encryption versions; studying the possibility of using the SSL Bump attack (decrypting https traffic on a virtual server using self-signed x.509 certificates) to overcome the obfuscation of Tor network packets. Method: software analysis of transmitted network packets, decomposition of the contents of data packets according to their size and belonging to encryption protocols, a comparative method in relation to different versions of the encryption protocol and resources, synthesis of filtering rules based on the syntax of the analyzer was used. Results: an applied method was developed that allows detecting and identifying packets of the Tor Network, including obfuscated packets on the local machine of the network user, by a Wireshark sniffer based on the filtering syntax based on the signs of encryption packets of the TLS v1.2 and v1.3 versions; data on the impossibility of using the SSL Bump attack to overcome the obfuscation of the Tor network was obtained.
Стилі APA, Harvard, Vancouver, ISO та ін.
Більше джерел

Дисертації з теми "TLS Certificates"

1

Boinapally, Kashyap. "Security Certificate Renewal Management." Thesis, Blekinge Tekniska Högskola, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-18453.

Повний текст джерела
Анотація:
Context. An SSL encrypted client-server communication is necessary to maintain the security and privacy of the communication. For an SSL encryption to work, there should be a security certificate which has a certain expiry period. Periodic renewal of the certificate after its expiry is a waste of time and an effort on part of the company. Objectives. In this study, a new system has been developed and implemented, which sends a certificate during prior communication and does not wait for the certificate to expire. Automating the process to a certain extent was done to not compromise the security of the system and to speed up the process and reduce the downtime. Methods. Experiments have been conducted to test the new system and compare it to the old system. The experiments were conducted to analyze the packets and the downtime occurring from certificate renewal. Results. The results of the experiments show that there is a significant reduction in downtime. This was achieved due to the implementation of the new system and semi-automation Conclusions. The system has been implemented, and it greatly reduces the downtime occurring due to the expiry of the security certificates. Semi-Automation has been done to not hamper the security and make the system robust.
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Petersson, Jakob. "Analysis of Methods for Chained Connections with Mutual Authentication Using TLS." Thesis, Linköpings universitet, Informationskodning, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-119455.

Повний текст джерела
Анотація:
TLS is a vital protocol used to secure communication over networks and it provides an end- to-end encrypted channel between two directly communicating parties. In certain situations it is not possible, or desirable, to establish direct connections from a client to a server, as for example when connecting to a server located on a secure network behind a gateway. In these cases chained connections are required. Mutual authentication and end-to-end encryption are important capabilities in a high assur- ance environment. These are provided by TLS, but there are no known solutions for chained connections. This thesis explores multiple methods that provides the functionality for chained connec- tions using TLS in a high assurance environment with trusted servers and a public key in- frastructure. A number of methods are formally described and analysed according to multi- ple criteria reflecting both functionality and security requirements. Furthermore, the most promising method is implemented and tested in order to verify that the method is viable in a real-life environment. The proposed solution modifies the TLS protocol through the use of an extension which allows for the distinction between direct and chained connections. The extension which also allows for specifying the structure of chained connections is used in the implementation of a method that creates chained connections by layering TLS connections inside each other. Testing demonstrates that the overhead of the method is negligible and that the method is a viable solution for creating chained connections with mutual authentication using TLS.
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Bruhner, Carl Magnus, and Oscar Linnarsson. "Relay Racing with X.509 Mayflies : An Analysis of Certificate Replacements and Validity Periods in HTTPS Certificate Logs." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-167063.

Повний текст джерела
Анотація:
Certificates are the foundation of secure communication over the internet as of today. While certificates can be issued with long validity periods, there is always a risk of having them compromised during their lifetime. A good practice is therefore to use shorter validity periods. However, this limits the certificate lifetime and gives less flexibility in the timing of certificate replacements. In this thesis, we use publicly available network logs from Rapid7's Project Sonar to provide an overview of the current state of certificate usage behavior. Specifically, we look at the Let's Encrypt mass revocation event in March 2020, where millions of certificates were revoked with just five days notice. In general, we show how this kind of datasets can be used, and as a deeper exploration we analyze certificate validity, lifetime and use of certificates with overlapping validity periods, as well as discuss how our findings relate to industry standard and current security trends. Specifically, we isolate automated certificate services such as Let's Encrypt and cPanel to see how their certificates differ in characteristics from other certificates in general. Based on our findings, we propose a set of rules to help improve the trust in certificate usage and strengthen security online, introducing an Always secure policy aligning certificate validity with revocation time limits in order to replace revocation requirements and overcoming the fact that mobile devices today ignore this very important security feature. To round things off, we provide some ideas for further research based on our findings and what we see possible with datasets such as the one researched in this thesis.
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Klasson, Sebastian, and Nina Lindström. "Longitudinal analysis of the certificate chains of big tech company domains." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-178396.

Повний текст джерела
Анотація:
The internet is one of the most widely used mediums for communication in modern society and it has become an everyday necessity for many. It is therefore of utmost importance that it remains as secure as possible. SSL and TLS are the backbones of internet security and an integral part of these technologies are the certificates used. Certificate authorities (CAs) can issue certificates that validate that domains are who they claim to be. If a user trusts a CA they can in turn also trust domains that have been validated by them. CAs can in turn trust other CAs and this, in turn, creates a chain of trust called a certificate chain. In this thesis, the structure of these certificate chains is analysed and a longitudinal dataset is created. The analysis looks at how the certificate chains have changed over time and puts extra focus on the domains of big tech companies. The dataset created can also be used for further analysis in the future and will be a useful tool in the examination of historical certificate chains. Our findings show that the certificate chains of the domains studied do change over time; both their structure and the lengths of them vary noticeably. Most of the observed domains show a decrease in average chain length between the years of 2013 and 2020 and the structure of the chains vary significantly over the years.
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Velthuis, Paul. "New authentication mechanism using certificates for big data analytic tools." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-215694.

Повний текст джерела
Анотація:
Companies analyse large amounts of sensitive data on clusters of machines, using a framework such as Apache Hadoop to handle inter-process communication, and big data analytic tools such as Apache Spark and Apache Flink to analyse the growing amounts of data. Big data analytic tools are mainly tested on performance and reliability. Security and authentication have not been enough considered and they lack behind. The goal of this research is to improve the authentication and security for data analytic tools.Currently, the aforementioned big data analytic tools are using Kerberos for authentication. Kerberos has difficulties in providing multi factor authentication. Attacks on Kerberos can abuse the authentication. To improve the authentication, an analysis of the authentication in Hadoop and the data analytic tools is performed. The research describes the characteristics to gain an overview of the security of Hadoop and the data analytic tools. One characteristic is that the usage of the transport layer security (TLS) for the security of data transportation. TLS usually establishes connections with certificates. Recently, certificates with a short time to live can be automatically handed out.This thesis develops new authentication mechanism using certificates for data analytic tools on clusters of machines, providing advantages over Kerberos. To evaluate the possibility to replace Kerberos, the mechanism is implemented in Spark. As a result, the new implementation provides several improvements. The certificates used for authentication are made valid with a short time to live and are thus less vulnerable to abuse. Further, the authentication mechanism solves new requirements coming from businesses, such as providing multi-factor authenticationand scalability.In this research a new authentication mechanism is developed, implemented and evaluated, giving better data protection by providing improved authentication.
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Traore, Mohamed. "Analyse des biais de RNG pour les mécanismes cryptographiques et applications industrielles." Thesis, Université Grenoble Alpes, 2022. http://www.theses.fr/2022GRALM013.

Повний текст джерела
Анотація:
Dans ce travail, nous analysons des certificats SSL/TLS X.509 (utilisant le chiffrement RSA et provenant de centaines de millions de matériels connectés) à la recherche d'anomalies et étendons notamment les travaux de Hastings, Fried et Heninger (2016). Notre étude a été réalisée sur trois bases de données provenant de l'EFF (2010-2011), de l'ANSSI (2011-2017) et de Rapid7 (2017-2021). Plusieurs vulnérabilités affectant des matériels de fabricants connus furent détectées : modules de petites tailles (strictement inférieures à 1024 bits), modules redondants (utilisés par plusieurs entités), certificats invalides mais toujours en usage, modules vulnérables à l'attaque ROCA ainsi que des modules dits «PGCD-vulnérables» (c'est-à-dire des modules ayant des facteurs communs). Pour la base de données de Rapid7, dénombrant près de 600 millions de certificats (et incluant ceux des matériels récents), nous avons identifié 1,550,382 certificats dont les modules sont PGCD-vulnérables, soit 0.27% du nombre total. Cela a permis de factoriser 14,765 modules de 2048 bits ce qui, à notre connaissance, n'a jamais été fait.En analysant certains modules PGCD-vulnérables, on a pu rétro-concevoir de façon partielle le générateur de modules (de 512 bits) utilisé par certaines familles de pare-feux, ce qui a permis la factorisation instantanée de 42 modules de 512 bits, correspondant aux certificats provenant de 8,817 adresses IPv4.Après avoir constaté que la plupart des modules factorisés avaient été générés par la bibliothèque OpenSSL, on a analysé les codes sources et les méthodes en charge du processus de génération de clefs RSA de plusieurs versions de cette bibliothèque (couvrant la période 2005 à 2021). À travers des expérimentations sur des plateformes à base de processeurs ARM, où l'on s'est mis quasiment dans les mêmes conditions que les matériels vulnérables identifiés, on a réussi à remonter aux causes de la PGCD-vulnérabilité
In this work, we analyze X.509 SSL/TLS certificates (using RSA encryption and from hundreds of millions of connected devices) looking for anomalies and notably extend the work of Hastings, Fried and Heninger (2016). Our study was carried out on three databases from EFF (2010-2011), ANSSI (2011-2017) and Rapid7 (2017-2021). Several vulnerabilities affecting devices from well-known manufacturers were detected: small moduli (strictly less than 1024 bits), redundant moduli (used by several entities), invalid certificates but still in use, moduli vulnerable to the ROCA attack as well as so-called “GCD-vulnerable” moduli (i.e. moduli having common factors). For the Rapid7 database, counting nearly 600 million certificates (and including those for recent devices), we have identified 1,550,382 certificates whose moduli are GCD-vulnerable, that is 0.27% of the total number. This made it possible to factor 14,765 moduli of 2048 bits which, to our knowledge, has never been done.By analyzing certain GCD-vulnerable moduli, we were able to partially reverse-engineer the modulus generator (of 512 bits) used by certain families of firewalls, which allowed the instantaneous factorization of 42 moduli of 512 bits, corresponding certificates from 8,817 IPv4 addresses.After noting that most of the factored moduli had been generated by the OpenSSL library, we analyzed the source codes and the methods in charge of the RSA key generation process of several versions of this library (covering the period 2005 to 2021). Through experiments on platforms based on ARM processors, where we put ourselves in almost the same conditions as the vulnerable devices identified, we managed to trace the causes of the PGCD-vulnerability
Стилі APA, Harvard, Vancouver, ISO та ін.
7

O'Neill, Mark Thomas. "The Security Layer." BYU ScholarsArchive, 2019. https://scholarsarchive.byu.edu/etd/7761.

Повний текст джерела
Анотація:
Transport Layer Security (TLS) is a vital component to the security ecosystem and the most popular security protocol used on the Internet today. Despite the strengths of the protocol, numerous vulnerabilities result from its improper use in practice. Some of these vulnerabilities arise from weaknesses in authentication, from the rigidity of the trusted authority system to the complexities of client certificates. Others result from the misuse of TLS by developers, who misuse complicated TLS libraries, improperly validate server certificates, employ outdated cipher suites, or deploy other features insecurely. To make matters worse, system administrators and users are powerless to fix these issues, and lack the ability to properly control how their own machines communicate securely online. In this dissertation we argue that the problems described are the result of an improper placement of security responsibilities. We show that by placing TLS services in the operating system, both new and existing applications can be automatically secured, developers can easily use TLS without intimate knowledge of security, and security settings can be controlled by administrators. This is demonstrated through three explorations that provide TLS features through the operating system. First, we describe and assess TrustBase, a service that repairs and strengthens certificate-based authentication for TLS connections. TrustBase uses traffic interception and a policy engine to provide administrators fine-tuned control over the trust decisions made by all applications on their systems. Second, we introduce and evaluate the Secure Socket API (SSA), which provides TLS as an operating system service through the native POSIX socket API. The SSA enables developers to use modern TLS securely, with as little as one line of code, and also allows custom tailoring of security settings by administrators. Finally, we further explore a modern approach to TLS client authentication, leveraging the operating system to provide a generic platform for strong authentication that supports easy deployment of client authentication features and protects user privacy. We conclude with a discussion of the reasons for the success of our efforts, and note avenues for future work that leverage the principles exhibited in this work, both in and beyond TLS.
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Dickinson, Luke Austin. "Certificate Revocation Table: Leveraging Locality of Reference in Web Requests to Improve TLS Certificate Revocation." BYU ScholarsArchive, 2018. https://scholarsarchive.byu.edu/etd/7010.

Повний текст джерела
Анотація:
X.509 certificate revocation defends against man-in-the-middle attacks involving a compromised certificate. Certificate revocation strategies face scalability, effectiveness, and deployment challenges as HTTPS adoption rates have soared. We propose Certificate Revocation Table (CRT), a new revocation strategy that is competitive with or exceeds alternative state-of-the-art solutions in effectiveness, efficiency, certificate growth scalability, mass revocation event scalability, revocation timeliness, privacy, and deployment requirements. The CRT periodically checks the revocation status of X.509 certificates recently used by an organization, such as clients on a university's private network. By prechecking the revocation status of each certificate the client is likely to use, the client can avoid the security problems of on-demand certificate revocation checking. To validate both the effectiveness and efficiency of using a CRT, we used 60 days of TLS traffic logs from Brigham Young University to measure the effects of actively refreshing certificates for various certificate working set window lengths. Using a certificate working set window size of 45 days, an average of 99.86% of the TLS handshakes from BYU would have revocation information cached in advance using our approach. Revocation status information can be initially downloaded by clients with a 6.7 MB file and then subsequently updated using only 205.1 KB of bandwidth daily. Updates to this CRT that only include revoked certificates require just 215 bytes of bandwidth per day.
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Gustafsson, Josef. "Certificate Transparency in Theory and Practice." Thesis, Linköpings universitet, Databas och informationsteknik, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-125855.

Повний текст джерела
Анотація:
Certificate Transparency provides auditability to the widely used X.509 Public Key Infrastructure (PKIX) authentication in Transport Layer Security (TLS) protocol. Transparency logs issue signed promises of inclusions to be used together with certificates for authentication of TLS servers. Google Chrome enforces the use of Certificate Transparency for validation of Extended Validation (EV) certificates. This thesis proposes a methodology for asserting correct operation and presents a survey of active Logs. An experimental Monitor has been implemented as part of the thesis. Varying Log usage patterns and metadata about Log operation are presented, and Logs are categorized based on characteristics and usage. A case of mis-issuance by Symantec is presented to show the effectiveness of Certificate Transparency.
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Sjöström, Linus, and Carl Nykvist. "How Certificate Transparency Impact the Performance." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-140838.

Повний текст джерела
Анотація:
Security on the Internet is essential to ensure the privacy of an individual. Today, Trans- port Layer Security (TLS) and certificates are used to ensure this. But certificates are not enough in order to maintain confidentiality and therefore a new concept, Certificate Trans- parency (CT), has been introduced. CT improves security by allowing the analysis of sus- picious certificates. Validation by CT uses public logs that can return Signed Certificate Timestamp (SCT), which is a promise returned by the log indicating that the certificate will be added to the log. A server may then deliver the SCT to a client in three different ways: X.509v3 extension, Online Certificate Status Protocol (OSCP) stapling and TLS extension. For further analysis, we have created a tool to collect data during TLS handshakes and data transfer, including byte information, the certificates themselves, SCT delivery method and especially timing information. From our dataset we see that most websites do not use CT and the ones that use CT almost only use X.509 extension to send their SCTs.
Стилі APA, Harvard, Vancouver, ISO та ін.
Більше джерел

Книги з теми "TLS Certificates"

1

Ontario. Energy Act: Revised Statutes of Ontario, 1990, chapter E.16 as amended by 1993, chapter 27, sched.; 1994, chapter 27, s. 81; 1996, chapter 19, s. 20 ; and, the following regulations (as amended) = Loi sur les hydrocarbures : Lois refondues de l'Ontario de 1990, chapitre E.16 tel qu'il est modifié par l'annexe du chap. 27 de 1993; l'art. 81 du chap. 27 de 1994; l'art. 20 du chap. 19 de 1996 ; et, les règlements suivants (tels qu'ils sont modifiés), Certificates (O. Reg. 348/96); Compressed natural gas storage, handling and utilization (O. Reg. 83/97); Fuel oil code (R.R.O. 1990, Reg. 329); Gas utilization code (O. Reg. 546/96); Oil and gas pipeline systems (O. Reg. 157/97); Propane storage, handling and utilization (O. Reg. 514/96). [Toronto]: Queen's Printer for Ontario = Imprimeur de la Reine pour l'Ontario, 2000.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
2

National Institute National Institute of Standards and Technology. Securing Web Transactions: TLS Server Certificate Management. Independently Published, 2018.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.

Частини книг з теми "TLS Certificates"

1

Hughes, Lawrence E. "Issue and Manage TLS Client Certificates." In Pro Active Directory Certificate Services, 327–58. Berkeley, CA: Apress, 2022. http://dx.doi.org/10.1007/978-1-4842-7486-6_15.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Hughes, Lawrence E. "Issue and Manage TLS Server Certificates." In Pro Active Directory Certificate Services, 275–325. Berkeley, CA: Apress, 2022. http://dx.doi.org/10.1007/978-1-4842-7486-6_14.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Li, Bingyu, Wei Wang, Lingjia Meng, Jingqiang Lin, Xuezhong Liu, and Congli Wang. "Elaphurus: Ensemble Defense Against Fraudulent Certificates in TLS." In Information Security and Cryptology, 246–59. Cham: Springer International Publishing, 2020. http://dx.doi.org/10.1007/978-3-030-42921-8_14.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Kampanakis, Panos, and Michael Kallitsis. "Faster Post-Quantum TLS Handshakes Without Intermediate CA Certificates." In Cyber Security, Cryptology, and Machine Learning, 337–55. Cham: Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-031-07689-3_25.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Hughes, Lawrence E. "SSL and TLS." In Pro Active Directory Certificate Services, 155–75. Berkeley, CA: Apress, 2022. http://dx.doi.org/10.1007/978-1-4842-7486-6_11.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Bella, Giampaolo, Rosario Giustolisi, and Gabriele Lenzini. "A Socio-technical Understanding of TLS Certificate Validation." In Trust Management VII, 281–88. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-38323-6_23.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Zhu, Liang, Johanna Amann, and John Heidemann. "Measuring the Latency and Pervasiveness of TLS Certificate Revocation." In Passive and Active Measurement, 16–29. Cham: Springer International Publishing, 2016. http://dx.doi.org/10.1007/978-3-319-30505-9_2.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Rajathi, N., and Meghna Praveen. "Practical Implementation and Analysis of TLS Client Certificate Authentication." In Advances in Intelligent Systems and Computing, 695–703. Singapore: Springer Singapore, 2021. http://dx.doi.org/10.1007/978-981-15-8443-5_59.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Fiedler, Arno, and Christoph Thiel. "The need of European White Knights for the TLS/SSL Certificate System." In ISSE 2014 Securing Electronic Business Processes, 170–74. Wiesbaden: Springer Fachmedien Wiesbaden, 2014. http://dx.doi.org/10.1007/978-3-658-06708-3_13.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Whelan, Feargal. "Schenectady Putters and Leaving Certificate Ta-Tas: Satirizing Irish Nation-Building in ‘Echo’s Bones’." In Beckett and Modernism, 147–59. Cham: Springer International Publishing, 2018. http://dx.doi.org/10.1007/978-3-319-70374-9_10.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.

Тези доповідей конференцій з теми "TLS Certificates"

1

Torroledo, Ivan, Luis David Camacho, and Alejandro Correa Bahnsen. "Hunting Malicious TLS Certificates with Deep Neural Networks." In CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM, 2018. http://dx.doi.org/10.1145/3270101.3270105.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Persiano, Pino, and Ivan Visconti. "User privacy issues regarding certificates and the TLS protocol." In the 7th ACM conference. New York, New York, USA: ACM Press, 2000. http://dx.doi.org/10.1145/352600.352609.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Sakurai, Yuji, Takuya Watanabe, Tetsuya Okuda, Mitsuaki Akiyama, and Tatsuya Mori. "Discovering HTTPSified Phishing Websites Using the TLS Certificates Footprints." In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 2020. http://dx.doi.org/10.1109/eurospw51379.2020.00077.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Matsumoto, Stephanos, and Raphael M. Reischuk. "Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS." In Workshop on Security of Emerging Networking Technologies. Reston, VA: Internet Society, 2015. http://dx.doi.org/10.14722/sent.2015.23009.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Nawrocki, Marcin, Pouyan Fotouhi Tehrani, Raphael Hiesgen, Jonas Mücke, Thomas C. Schmidt, and Matthias Wählisch. "On the interplay between TLS certificates and QUIC performance." In CoNEXT '22: The 18th International Conference on emerging Networking EXperiments and Technologies. New York, NY, USA: ACM, 2022. http://dx.doi.org/10.1145/3555050.3569123.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Ferreira, Ana, Rosario Giustolisi, Jean-Louis Huynen, Vincent Koenig, and Gabriele Lenzini. "Studies in Socio-technical Security Analysis: Authentication of Identities with TLS Certificates." In 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 2013. http://dx.doi.org/10.1109/trustcom.2013.190.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Xia, Wei, Wei Wang, Xin He, Gang Xiong, Gaopeng Gou, Zhenzhen Li, and Zhen Li. "Old Habits Die Hard: A Sober Look at TLS Client Certificates in the Real World." In 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 2021. http://dx.doi.org/10.1109/trustcom53373.2021.00029.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Walsh, Kevin. "TLS with trustworthy certificate authorities." In 2016 IEEE Conference on Communications and Network Security (CNS). IEEE, 2016. http://dx.doi.org/10.1109/cns.2016.7860543.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Ukrop, Martin, Lydia Kraus, Vashek Matyas, and Heider Ahmad Mutleq Wahsheh. "Will you trust this TLS certificate?" In ACSAC '19: 2019 Annual Computer Security Applications Conference. New York, NY, USA: ACM, 2019. http://dx.doi.org/10.1145/3359789.3359800.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Hageman, Kaspar, Egon Kidmose, René Hansen, and Jens Pedersen. "Can a TLS Certificate Be Phishy?" In 18th International Conference on Security and Cryptography. SCITEPRESS - Science and Technology Publications, 2021. http://dx.doi.org/10.5220/0010516600380049.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.

Звіти організацій з теми "TLS Certificates"

1

Sethi, M., J. Preuß Mattsson, and S. Turner. Handling Large Certificates and Long Certificate Chains in TLS-Based EAP Methods. RFC Editor, February 2022. http://dx.doi.org/10.17487/rfc9191.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Serhrouchni, A., and H. Labiod. TLS Authentication Using Intelligent Transport System (ITS) Certificates. Edited by M. Msahli, N. Cam-Winget, and W. Whyte. RFC Editor, September 2020. http://dx.doi.org/10.17487/rfc8902.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Thakore, D. Transport Layer Security (TLS) Authorization Using Digital Transmission Content Protection (DTCP) Certificates. RFC Editor, July 2015. http://dx.doi.org/10.17487/rfc7562.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Ghedini, A., and V. Vasiliev. TLS Certificate Compression. RFC Editor, December 2020. http://dx.doi.org/10.17487/rfc8879.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Saint-Andre, P., and J. Hodges. Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). RFC Editor, March 2011. http://dx.doi.org/10.17487/rfc6125.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Akram, Mehwish, William C. Barker, Rob Clatterbuck, Donna Dodson, Brandon Everhart, Jane Gilbert, William Haag, et al. Securing web transactions TLS server certificate management. Gaithersburg, MD: National Institute of Standards and Technology, June 2020. http://dx.doi.org/10.6028/nist.sp.1800-16.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Pettersen, Y. The Transport Layer Security (TLS) Multiple Certificate Status Request Extension. RFC Editor, June 2013. http://dx.doi.org/10.17487/rfc6961.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Campbell, B., J. Bradley, N. Sakimura, and T. Lodderstedt. OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens. RFC Editor, February 2020. http://dx.doi.org/10.17487/rfc8705.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Shoemaker, R. B. Automated Certificate Management Environment (ACME) TLS Application‑Layer Protocol Negotiation (ALPN) Challenge Extension. RFC Editor, February 2020. http://dx.doi.org/10.17487/rfc8737.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Housley, R. TLS 1.3 Extension for Certificate-Based Authentication with an External Pre-Shared Key. RFC Editor, March 2020. http://dx.doi.org/10.17487/rfc8773.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Також вас можуть зацікавити розширені добірки на тему "TLS Certificates" для конкретних типів джерел:
Статті в журналах Дисертації
Ми пропонуємо знижки на всі преміум-плани для авторів, чиї праці увійшли до тематичних добірок літератури. Зв'яжіться з нами, щоб отримати унікальний промокод!

До бібліографії