Filters








1,945 Hits in 4.4 sec

Securing SSL Certificate Verification through Dynamic Linking

Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, Dave Tian, Kevin R.B. Butler, Abdulrahman Alkhelaifi
2014 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14  
Recent discoveries of widespread vulnerabilities in the SSL-/TLS protocol stack, particular with regard to the verification of server certificates, has left the security of the Internet's communications  ...  to the certificate authority system.  ...  Braden Hollembaek was funded in part through an NSF REU supplement. Availability Source code for CertShim will be made available from our lab website at http://sensei.ufl.edu.  ... 
doi:10.1145/2660267.2660338 dblp:conf/ccs/BatesPNHTBA14 fatcat:5yo5la5n25ftflrisjgo3fkuce

Linking remote attestation to secure tunnel endpoints

Kenneth Goldman, Ronald Perez, Reiner Sailer
2006 Proceedings of the first ACM workshop on Scalable trusted computing - STC '06  
We examine here how to link specific properties of a remote system -gained through TPM-based attestation-to secure tunnel endpoints to counter attacks where a compromised authenticated SSL endpoint relays  ...  We show how the proposed mechanism can be deployed in virtualized environments to create inexpensive SSL endpoint certificates and instant revocation that scales Internet-wide.  ...  Using the same CA speeds client verification, but the security properties are the same in either case. This solution cryptographically links the platform and the SSL endpoint properties.  ... 
doi:10.1145/1179474.1179481 dblp:conf/ccs/GoldmanPS06 fatcat:kyf5owc7hfezxerdl6l55v5fpe

An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities [article]

Vasant Tendulkar, William Enck
2014 arXiv   pre-print
We provide two concrete suggestions: 1) linking the application's debug state to SSL verification, and 2) pinning certificates and CAs in the manifest.  ...  For example, developing an application that accesses a test Web server with a self-signed certificate requires additional code to remove SSL verification; however, this code is not always removed in production  ...  Thus, if SSL verification is linked with the debug flag, then developers will not have to worry about adding custom SSL verification code to use a particular certificate on test servers.  ... 
arXiv:1410.7745v1 fatcat:2xgxfjdnq5fxdlbf7ybfgxuety

DCDroid

Yingjie Wang, Xing Liu, Weixuan Mao, Wei Wang
2019 Proceedings of the ACM Turing Celebration Conference - China on - ACM TURC '19  
The improper implementations include trusting all certificates, trusting all domain names, or ignoring certificate verification errors.  ...  In this work, we are motivated to detect vulnerabilities in implementation of SSL/TLS in Android apps by designing and implementing a tool called DCDroid (Detecting SSL/TLS Certificate verification vulnerabilities  ...  In order to secure the transmission of sensitive data for avoiding data leakage or attacks, many apps use HTTPS(HTTP over Security Socket Layer(SSL)/Transport Layer Security(TLS)) protocol to transmit  ... 
doi:10.1145/3321408.3326665 dblp:conf/acmturc/WangLM019 fatcat:7gj2yd6huncrzj3uwtkd5op7ry

Protection AgainstWeb-based Password Phishing

Chik How Tan, Joseph Chee Ming Teo
2007 Fourth International Conference on Information Technology (ITNG'07)  
In this paper, we discussed phishing attacks and related weaknesses of Secure socket layer (SSL) protocol.Further we discuss and evaluate some proposed solutions against phishing and web spoofing attacks  ...  The attacks have been targeted the non-cryptographic security protocols likeTransport layer security and secure socket layerprotocols.  ...  The use of SSL is not authenticated if the signature verification of the digital secure and not working properly against phishing attacks certificatewith certificate authority public key is valid.  ... 
doi:10.1109/itng.2007.162 dblp:conf/itng/TanT07 fatcat:fuadlb7cp5f7ddqcrfll6apgnu

Automatically Detecting SSL Error-Handling Vulnerabilities in Hybrid Mobile Web Apps

Chaoshun Zuo, Jianliang Wu, Shanqing Guo
2015 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '15  
In this paper, we show there is another type of SSL vulnerability that stems from the error-handling code in the hybrid mobile web apps.  ...  To protect the security and privacy of the communications, these hybrid apps all use HTTPS by WebView, a key component in modern web browser.  ...  SMV-Hunter focuses on app built-in SSL verification weakness, whereas our system focuses on the weakness in HTTPS verification error handling process. Meanwhile, the SSL usage is also different.  ... 
doi:10.1145/2714576.2714583 dblp:conf/ccs/ZuoWG15 fatcat:3bim2mcpjvc4xenrnt6rbws34u

Secure and Guarantee QoS in a Video Sequence: A New Approach Based on TLS Protocol to Secure Data and RTP to Ensure Real-Time Exchanges

Hamza Touil, Nabil El Akkad, Khalid Satori
2021 International Journal of Safety and Security Engineering  
On the other hand, QoS is considered the central part of the communication used to judge the deliverable quality through several parameters (latency, jitter ...).  ...  The so-called TLS (Transport Layer Security) handshake is often used for this task without obviating that many fundamental parameters of TLS connections are transmitted explicitly.  ...  However, in our case, we will modify it to be dynamic and automatic and linked to the channel and QoS status.  ... 
doi:10.18280/ijsse.110107 fatcat:cnmfov6vsvfohgbhayx4xad6ji

Realization of Mobile Femtocells: Operational and Protocol Requirements

Suneth Namal, Madhusanka Liyanage, Andrei Gurtov
2012 Wireless personal communications  
Secondly, we propose the indispensable modifications that enable device mobility, and the suitable transport architecture options based on direct IP links and relay chains.  ...  Among them, Host Identity Protocol (HIP) was chosen due to enhanced support in flexible mobility, security and end-user privacy.  ...  Security with TLS and its forerunner SSL are designed to provide security in public Internet.  ... 
doi:10.1007/s11277-012-0818-9 fatcat:jrcy52xgkzeebjv7oq2t4qbsny

Security Collapse in the HTTPS Market

Axel Arnbak, Hadi Asghari, Michel Van Eeten, Nico Van Eijk
2014 Queue  
Figure 1 . 1 HTTPS authentication data flows. and subsequent SSL Certificate offering Certificate signature verification (OSCP) 'Handshake' -authentication CA Root Verification technical interventions  ...  This is done with the help of a Transport Layer Security/Secure Sockets Layer (TLS/ SSL) certificate containing basic information for authentication purposes.  ... 
doi:10.1145/2668152.2673311 fatcat:vnafy2sy3nbungdcftchp4qd2e

Security collapse in the HTTPS market

Axel Arnbak, Hadi Asghari, Michel Van Eeten, Nico Van Eijk
2014 Communications of the ACM  
Figure 1 . 1 HTTPS authentication data flows. and subsequent SSL Certificate offering Certificate signature verification (OSCP) 'Handshake' -authentication CA Root Verification technical interventions  ...  This is done with the help of a Transport Layer Security/Secure Sockets Layer (TLS/ SSL) certificate containing basic information for authentication purposes.  ... 
doi:10.1145/2660574 fatcat:hqyjxw5tx5dybczx4us2oq35oi

MIDP 2.0 security enhancements

O. Kolsi
2004 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the  
Many security threats exist in MIDP 1.0 environment since the specification addresses only a limited number of security issues.  ...  We also conclude that there still exist problems in MIDP 2.0 security, mainly related to the PKI that is part of trusted applications and new secure protocols.  ...  Humans are usually the weakest link also in secure protocols and applications like SSL, SSH and PGP.  ... 
doi:10.1109/hicss.2004.1265679 dblp:conf/hicss/KolsiV04 fatcat:xfnildultvhrrpjlkdtvz6nvpe

Timing Analysis of SSL/TLS Man in the Middle Attacks [article]

Kevin Benton, Ty Bross
2013 arXiv   pre-print
We intend to show that it is possible to detect man-in-the-middle attacks on SSL and TLS by detecting timing differences between a standard SSL session and an attack we created.  ...  Therefore, if a site hasn't been connected to before, the first SSL connection is allowed to go through using its normal certificate.  ...  Additional Certificate Verification Mechanisms Another approach to detecting man-in-the-middle attacks is to perform additional verifications on the certificate received from the web server.  ... 
arXiv:1308.3559v1 fatcat:phb5mshkind7jdoo7yrkr234mm

Secure and Guarantee QoS in a Video Sequence: a New Approach Based on TLS Protocol to Secure Data and RTP to Ensure Real-time Exchanges

Hamza Touil, Nabil El Akkad, Khalid Satori
2021 WSEAS Transactions on Communications  
In this work, we implement a secure approach useful in continuous communications in a time axis (video sequence, VOIP call...), the process consists in establishing a well-secured connection between two  ...  is essential for the customer in order to make a decision: If the jitter is within the standards (compared to the tolerable value), we continue to encrypt with the AES256 key, if no, both ends must go through  ...  However, in our case, we will modify it to be dynamic and automatic and linked to the channel and QoS status.  ... 
doi:10.37394/23204.2021.20.7 fatcat:p6fslvf6mfhstheanr547gndai

SSLDetecter: Detecting SSL Security Vulnerabilities of Android Applications Based on a Novel Automatic Traversal Method

Junwei Tang, Jingjing Li, Ruixuan Li, Hongmu Han, Xiwu Gu, Zhiyong Xu
2019 Security and Communication Networks  
However, developers may misuse SSL-related APIs, which would lead attackers to steal user's privacy through man-in-the-middle attacks.  ...  Android usually employs the Secure Socket Layer (SSL) protocol to protect the user's privacy in network transmission.  ...  security vulnerability. ey only extract static URLs, and dynamic URL link certificates cannot be obtained effectively.  ... 
doi:10.1155/2019/7193684 fatcat:ldbrr77hfzgwvjsgdvyiew3eyq

Role-based access control on the web

Joon S. Park, Ravi Sandhu, Gail-Joon Ahn
2001 ACM Transactions on Privacy and Security  
To demonstrate feasibility, we implement each architecture by integrating and extending well-known technologies such as cookies, X.509, SSL, and LDAP, providing compatibility with current Web technologies  ...  ACKNOWLEDGMENTS This work was partially supported by the National Science Foundation and the National Security Agency.  ...  Secure Socket Layer (SSL).  ... 
doi:10.1145/383775.383777 fatcat:6pqevv2a5vd6xcpgrb6rjcpl3m
« Previous Showing results 1 — 15 out of 1,945 results