590 Hits in 5.0 sec

An Analysis of TLS Handshake Proxying

Douglas Stebila, Nick Sullivan
2015 2015 IEEE Trustcom/BigDataSE/ISPA  
As most widely used on the web, HTTPS provides server-to-client authentication using X.509 certificates issued by a commercial certificate authority binding a particular RSA public key to a particular  ...  This architecture is flexible and provides additional benefits above and beyond caching such as DDoS protection and web application firewall services.  ... 
doi:10.1109/trustcom.2015.385 dblp:conf/trustcom/StebilaS15 fatcat:s7xdpin7dzgptk6axvotegfzim

Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS

Karthikeyan Bhargavan, Antoine Delignat Lavaud, Cedric Fournet, Alfredo Pironti, Pierre Yves Strub
2014 2014 IEEE Symposium on Security and Privacy  
At the protocol level, we design and implement two new TLS extensions that strengthen the authentication guarantees of the handshake.  ...  We present new client impersonation attacks against TLS renegotiations, wireless networks, challenge-response protocols, and channel-bound cookies.  ...  TLS INTERFACES AND THEIR SAFE USAGE Modern clients and servers interact with TLS in ways far beyond the original intended interface.  ... 
doi:10.1109/sp.2014.14 dblp:conf/sp/BhargavanDFPS14 fatcat:7jt2pm6vpzd65ijps7a7mclldu

Strengthening user authentication through opportunistic cryptographic identity assertions

Alexei Czeskis, Michael Dietz, Tadayoshi Kohno, Dan Wallach, Dirk Balfanz
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
User authentication systems are at an impasse.  ...  We describe and evaluate our server-side, Chromium web browser, and Android phone implementations of PhoneAuth.  ...  We implemented and evaluated PhoneAuth, and our assessment is that PhoneAuth is a viable solution for improving the security of authentication on the web today.  ... 
doi:10.1145/2382196.2382240 dblp:conf/ccs/CzeskisDKWB12 fatcat:vi5raid3wve33kbm4v5cof64sq

TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications

Daniel Diaz-Sanchez, Andres Marin-Lopez, Florina Almenarez, Patricia Arias, R. Simon Sherratt
2019 IEEE Communications Surveys and Tutorials  
Moreover, as it relies on public key infrastructure (PKI) for authentication, it is also affected by PKI problems.  ...  According to this, this paper provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current certificate pinning solutions in order to illustrate the potential  ...  Then, the traffic can be redirected to unprotected Web servers or to servers using self signed certificates, since, as discussed in Section III, clients will "click through" upon a warning.  ... 
doi:10.1109/comst.2019.2914453 fatcat:lwwk7pbogfeidhc4t6wth5gvne

The power of recognition

Jörg Schwenk, Florian Kohlar, Marcus Amon
2011 Proceedings of the 7th ACM workshop on Digital identity management - DIM '11  
The basic idea behind the SLSOP is to strengthen the identification of web servers through domain names, certificates and browser security warnings by a recognition of public keys to authenticate servers  ...  Today, entity authentication in the TLS protocol involves at least three complex and partly insecure systems: the Domain Name System (DNS), Public Key Infrastructures (PKI), and human users, bound together  ...  In this scenario, the server recognizes the client based on a TLS client certificate. This is similar to the SLSOP, with the duties of client and server exchanged.  ... 
doi:10.1145/2046642.2046656 dblp:conf/dim/SchwenkKA11 fatcat:ho65mm6pevg7hcy73z24xy4uhm

SoK: Delegation and Revocation, the Missing Links in the Web's Chain of Trust [article]

Laurent Chuat, AbdelRahman Abdou, Ralf Sasse, Christoph Sprenger, David Basin, Adrian Perrig
2020 arXiv   pre-print
We analyze solutions that address the long-standing delegation and revocation shortcomings of the web PKI, with a focus on approaches that directly affect the chain of trust (i.e., the X.509 certification  ...  These problems are exacerbated by the lack of a native delegation mechanism in TLS, which increasingly leads domain owners to engage in dangerous practices such as sharing their private keys with third  ...  Server and Client Authentication Although TLS is most commonly used for server authentication, it supports client authentication as well, and so do delegated credentials.  ... 
arXiv:1906.10775v2 fatcat:hsi6whdv6jb25jc3qp43f7obka

Content delivery over TLS: a cryptographic analysis of keyless SSL

Karthikeyan Bhargavan, Ioana Boureanu, Pierre-Alain Fouque, Cristina Onete, Benjamin Richard
2017 2017 IEEE European Symposium on Security and Privacy (EuroS&P)  
The Transport Layer Security (TLS) protocol is designed to allow two parties, a client and a server, to communicate securely over an insecure network.  ...  We also propose a new design for Keyless TLS 1.3 and prove that it achieves 3(S)ACCEsecurity, assuming that the TLS 1.3 handshake implements an authenticated 2-party key exchange.  ...  between a client and a server, typically authenticated using public-key certificates.  ... 
doi:10.1109/eurosp.2017.52 dblp:conf/eurosp/BhargavanBFOR17 fatcat:7t2lmrzhrnhppanpe3d5d4zlgq

Assurance Requirements for Mutual User and Service Provider Authentication [chapter]

Audun Jøsang
2015 Lecture Notes in Computer Science  
Unilateral authentication is obviously insufficient for securing twoway interaction, so both user authentication assurance and service provider authentication assurance must be considered.  ...  This paper first describes and compares some of the current eAuthentication frameworks for user authentication.  ...  However, the TLS protocol alone can only provide server authentication type S→C in Figure 2 , because the authenticity of server certificates, and thereby of the server, are validated by the client system  ... 
doi:10.1007/978-3-319-17016-9_3 fatcat:ngm7rdf4qrd5rm72d7r655fjcy

Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things [article]

Markus Dahlmanns, Johannes Lohmöller, Jan Pennekamp, Jörn Bodenhausen, Klaus Wehrle, Martin Henze
2022 arXiv   pre-print
., via configuration templates, is promising to strengthen security.  ...  Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT,  ...  Third, we focus on hosts not denying our connection due to failed client authentication (column (D)TLS Auth. OK).  ... 
arXiv:2206.00322v1 fatcat:5kbna3w63jej3jgkku3maocuti

Zero Footprint Secure Internet Authentication Using Network Smart Card [chapter]

Asad M. Ali
2006 Lecture Notes in Computer Science  
Traditional two-factor authentication techniques require modifications to client machine, remote server, or both.  ...  It outlines the role of these next generation smart cards in addressing some of the weaknesses inherent in current Internet authentication frameworks.  ...  While client authentication is optional, TLS requires the server side to be authenticated before TLS handshake can proceed.  ... 
doi:10.1007/11733447_7 fatcat:kvizrfcpbbhfffkiea6spwn6wu

Privacy-Enhancing Technologies [chapter]

Kent Seamons
2021 Modern Socio-Technical Perspectives on Privacy  
These technologies include secure messaging, secure email, HTTPS, two-factor authentication, and anonymous communication.  ...  The web server certificate authenticates a website to the browser. HTTPS warnings have been an area of significant usability studies and modification over the past decade.  ...  It also provides increased privacy protection by encrypting the server certificates transmitted to the client.  ... 
doi:10.1007/978-3-030-82786-1_8 fatcat:2hciujom6rawxgbhpuahtxfv6i

Examining cyber security implementation through TLS/SSL on academic institutional repository in Indonesia

Irhamni Ali
2021 Berkala Ilmu Perpustakaan dan Informasi  
Some serious finding is that most Indonesian Academic Institutional Repositories have vulnerable security issues in their SSL and TLS and can cause a severe problem for their information asset's security  ...  The TLS/SSL provides a protocol for web client (browser) and a web server creating connection each other and using encrypted public key to agree on a shared secured key to communicate using symmetric encryption  ...  The MITMA (Man in The Middle Attacks) The TLS/SSL protocol works with securing a Web client (browser) and server during communicate each other.  ... 
doi:10.22146/bip.v17i2.2082 fatcat:rl7ezupezbfplgnmunbiwletua

Securing Password Authentication for Web-based Applications [article]

Teik Guan Tan and Pawel Szalachowski and Jianying Zhou
2020 arXiv   pre-print
This vulnerability can be exploited for phishing attacks as the web authentication process is not end-to-end secured from each input password field to the web server.  ...  We further analyze the proposed protocol through an abuse-case evaluation, discuss various deployment issues, and also perform a test implementation to understand its data and execution overheads  ...  [13] proposal to supplement the authentication process by using self-signed client certificates as bearer tokens, as well as efforts to incorporate SRP into TLS [47] .  ... 
arXiv:2011.06257v1 fatcat:l4xha34lunahrkuouigp4tbq34

Beyond secure channels

Yacine Gasmi, Ahmad-Reza Sadeghi, Patrick Stewin, Martin Unger, N. Asokan
2007 Proceedings of the 2007 ACM workshop on Scalable trusted computing - STC '07  
We use Subject Key Attestation Evidence extensions to X.509v3 certificates to convey configuration information during key agreement (TLS handshake).  ...  We also present a concrete implementation proposal based on Transport Layer Security (TLS) protocol, and Trusted Computing technology.  ...  that replaces the TLS certificate and authenticates the endpoints.  ... 
doi:10.1145/1314354.1314363 dblp:conf/ccs/GasmiSSUA07 fatcat:2lhina4qhzcm7e6n55ggo2ftpa

Reactive and Proactive Standardisation of TLS [chapter]

Kenneth G. Paterson, Thyla van der Merwe
2016 Lecture Notes in Computer Science  
for TLS 1.3.  ...  In the development of TLS 1.3, the IETF TLS Working Group has adopted an "analysis-prior-to-deployment" design philosophy. This is in sharp contrast to all previous versions of the protocol.  ...  Acknowledgements Paterson was supported in part by a research programme funded by Huawei Technologies and delivered through the Institute for Cyber Security Innovation at Royal Holloway, University of  ... 
doi:10.1007/978-3-319-49100-4_7 fatcat:33ngau3bv5a5lb3purmdqqtmxe
« Previous Showing results 1 — 15 out of 590 results