对TLS的安全性增强，以改进国家控制

2017 12th International Conference for Internet Technology and Secured Transactions (ICITST) Pub Date : 2017-12-01 DOI:10.23919/ICITST.2017.8356398

Lamya Alqaydi, C. Yeun, E. Damiani

{"title":"对TLS的安全性增强，以改进国家控制","authors":"Lamya Alqaydi, C. Yeun, E. Damiani","doi":"10.23919/ICITST.2017.8356398","DOIUrl":null,"url":null,"abstract":"Establishing a secure connection is a must nowadays since a lot of transactions are being done online. For instance, it can vary from buying items from small shops into buying extremely expensive equipment online. Hence, the need for securing the sessions and e-commerce is highly required. Furthermore, any government entity will require its communication to be secured from eavesdropping and Man in The Middle (MITM) attacks. Web Threats are spreading around the world and becoming more aggressive every year. Secure Socket Layer (SSL) and Transport Layer Security (TLS) were established as a standard to encrypt the communication between the client and the server. Everyday new vulnerabilities and loopholes in the internet protocols are being discovered. Hence an enhancement to the TLS protocol is a must. This need rises since most transactions and confidential communication is done through the network. Then information security researchers and developers have to test, develop, verify and enhance the security of the network. Throughout this report a study of the TLS protocol will be highlighted and its relative security. Later, a proposed method to test different TLS protocols will be explained. Future work will include developing a prototype that will be used to test different TLS protocol versions.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"306 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Security enhancements to TLS for improved national control\",\"authors\":\"Lamya Alqaydi, C. Yeun, E. Damiani\",\"doi\":\"10.23919/ICITST.2017.8356398\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Establishing a secure connection is a must nowadays since a lot of transactions are being done online. For instance, it can vary from buying items from small shops into buying extremely expensive equipment online. Hence, the need for securing the sessions and e-commerce is highly required. Furthermore, any government entity will require its communication to be secured from eavesdropping and Man in The Middle (MITM) attacks. Web Threats are spreading around the world and becoming more aggressive every year. Secure Socket Layer (SSL) and Transport Layer Security (TLS) were established as a standard to encrypt the communication between the client and the server. Everyday new vulnerabilities and loopholes in the internet protocols are being discovered. Hence an enhancement to the TLS protocol is a must. This need rises since most transactions and confidential communication is done through the network. Then information security researchers and developers have to test, develop, verify and enhance the security of the network. Throughout this report a study of the TLS protocol will be highlighted and its relative security. Later, a proposed method to test different TLS protocols will be explained. Future work will include developing a prototype that will be used to test different TLS protocol versions.\",\"PeriodicalId\":440665,\"journal\":{\"name\":\"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)\",\"volume\":\"306 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/ICITST.2017.8356398\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/ICITST.2017.8356398","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

建立一个安全的连接现在是必须的，因为很多交易都是在网上完成的。例如，它可以从小商店购买物品，也可以在网上购买极其昂贵的设备。因此，非常需要保护会话和电子商务。此外，任何政府实体都将要求其通信免受窃听和中间人(MITM)攻击。网络威胁正在全球范围内蔓延，并且每年都变得越来越具有攻击性。建立了安全套接字层(SSL)和传输层安全(TLS)作为客户端和服务器之间通信的加密标准。每天都有新的互联网协议漏洞被发现。因此，必须对TLS协议进行增强。由于大多数交易和机密通信都是通过网络完成的，因此这种需求会增加。信息安全研究人员和开发人员必须测试、开发、验证和增强网络的安全性。在本报告中，将重点介绍TLS协议及其相对安全性的研究。稍后，我们将介绍一种测试不同TLS协议的方法。未来的工作将包括开发一个原型，用于测试不同的TLS协议版本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Security enhancements to TLS for improved national control

Establishing a secure connection is a must nowadays since a lot of transactions are being done online. For instance, it can vary from buying items from small shops into buying extremely expensive equipment online. Hence, the need for securing the sessions and e-commerce is highly required. Furthermore, any government entity will require its communication to be secured from eavesdropping and Man in The Middle (MITM) attacks. Web Threats are spreading around the world and becoming more aggressive every year. Secure Socket Layer (SSL) and Transport Layer Security (TLS) were established as a standard to encrypt the communication between the client and the server. Everyday new vulnerabilities and loopholes in the internet protocols are being discovered. Hence an enhancement to the TLS protocol is a must. This need rises since most transactions and confidential communication is done through the network. Then information security researchers and developers have to test, develop, verify and enhance the security of the network. Throughout this report a study of the TLS protocol will be highlighted and its relative security. Later, a proposed method to test different TLS protocols will be explained. Future work will include developing a prototype that will be used to test different TLS protocol versions.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)

自引率

0.00%

发文量