Global ETD Search

1	Improving Routing Security Using a Decentralized Public Key Distribution Algorithm Goold, Jeremy C. 13 April 2005 (has links) Today's society has developed a reliance on networking infrastructures. Health, financial, and many other institutions deploy mission critical and even life critical applications on local networks and the global Internet. The security of this infrastructure has been called into question over the last decade. In particular, the protocols directing traffic through the network have been found to be vulnerable. One such protocol is the Open Shortest Path First (OSPF) protocol. This thesis proposes a security extension to OSPF containing a decentralized certificate authentication scheme (DecentCA) that eliminates the single point of failure/attack present in current OSPF security extensions. An analysis of the security of the DecentCA is performed. Furthermore, an implementation of DecentCA in the Quagga routing software suite is accomplished. computer routing protocols security OSPF certificate authority decentralized Computer Sciences
2	Dynamic identities for flexible access control Andersson, Fredrik, Hagström, Stefan January 2005 (has links) This thesis will analyse the pros and cons of a module-based approach versus the currently existing certiﬁcate schemes and the proposed requirements for a module-based certiﬁcate scheme to serve as a plausible identity veriﬁcation system. We will present a possible model and evaluate it in respect to the existing solutions and our set of identiﬁed requirements. PKI identity validation certificate authority Computer Sciences Datavetenskap (datalogi)
3	Entwicklung eines Systems zur Erfassung und Untersuchung von Certificate Transparency Logs Meesters, Johannes 13 July 2024 (has links) Angesichts der zentralen Rolle der Root-Zertifizierungsstellen als Vertrauensanker der Web PKI und der in der Vergangenheit aufgetretenen Vorfälle mit unberechtigt oder inkorrekt ausgestellten Zertifikaten, ist die Transparenz und Verantwortlichkeit dieser Root CAs von großer Bedeutung. Seit der Einführung von Certificate Transparency Logs werden alle von Certificate Authorities ausgestellten Zertifikate in diese öffentlichen Logs eingetragen. Die Arbeit stellt die Problematik der eingeschränkten Zugänglichkeit dieser Daten für die Wissenschaft dar und entwickelt ein Werkzeug, dass eine unabhängige Aufzeichnung und Auswertung von Certificate Transparency Logs ermöglicht. Das entwickelte System nutzt eine containerbasierte Architektur und Elasticsearch zur effizienten Speicherung und Analyse der Daten. Es bewältigt ein hohes Datenaufkommen von durchschnittlich 25 Millionen Log-Einträgen pro Tag und ermöglicht eine anpassbare Datenverarbeitung und -auswertung. Die Vorverarbeitung und Indexierung sowie die Auswertung der Daten erfolgte mit Python, was eine flexible Anpassung des Systems an unterschiedliche Forschungsfragen erlaubt. Über einen Zeitraum von 42 Tagen wurden insgesamt 645 Millionen CT Log-Einträge aufgezeichnet und analysiert. Aus den Auswertungen geht hervor, wie verschiedene CAs und deren Root-Zertifikate genutzt werden und wie stark die unterschiedlichen CT Logs von CAs verwendet werden. Die Arbeit identifiziert jedoch auch Herausforderungen, wie den hohen Speicherbedarf und notwendige Optimierungen in der Datenindexierung.:1 Einleitung 1.1 Problemstellung 1.2 Zielstellung 2 Grundlagen 2.1 X509-Zertifikate 2.1.1 Felder 2.1.2 Erweiterungen 2.2 Certificate Transparency 2.2.1 Certificate Transparency Log 2.2.2 Überprüfung durch User Agents 2.2.3 Überprüfung durch Monitors 2.2.4 Eintragung durch Certificate Authorities 3 Konzeptionierung 3.1 Abfrage der CT Logs 3.2 Verarbeitung der Zertifikate 3.3 Speicherung & Auswertung der Daten 3.4 Überwachung 3.5 Docker 4 Implementierung 4.1 Plattform 4.2 Überwachung 4.3 certstream-server 4.4 Verarbeitung 4.4.1 Pufferung (stream-to-queue-publisher) 4.4.2 Vorverarbeitung (cert-indexer) 4.5 Elasticsearch 4.5.1 Speicherverbrauch 4.5.2 Field Mappings 5 Auswertung 5.1 Logs & Log-Betreiber 5.2 Certificate Authorites 5.3 Zertifikats-Größe 5.4 Gültigkeitsdauer 6 Schluss 6.1 Fazit 6.2 Ausblick A Beispiel X509 Leaf-Zertifikat B Beispiel X509 Root-Zertifikat C Beispiele Elasticsearch Abfragen Literatur Abbildungsverzeichnis Tabellenverzeichnis / In view of the central role of the root certification authorities as trust anchors of the Web PKI and the incidents that have occurred in the past with unauthorised or incorrectly issued certificates, the transparency and accountability of these root CAs is of great importance. With the introduction of Certificate Transparency Logs, all certificates issued by Certificate Authorities are now entered in public logs. The work presents the problem of the limited accessibility of this data for science and develops a tool that enables an independent recording and evaluation of Certificate Transparency Logs. The developed system uses a container-based architecture and Elasticsearch to efficiently store and analyse the data. It can handle a high volume of data, averaging 25 million log entries per day, and enables customisable data processing and analysis. Python was used to pre-process, index and analyse the data, allowing the system to be flexibly adapted to different research questions. A total of 645 million CT log entries were recorded and analysed over a period of 42 days. The analyses show how different CAs and their root certificates are used and how much the different CT logs are used by CAs. However, the work also identifies challenges, such as the high memory requirements and necessary optimisations in data indexing.:1 Einleitung 1.1 Problemstellung 1.2 Zielstellung 2 Grundlagen 2.1 X509-Zertifikate 2.1.1 Felder 2.1.2 Erweiterungen 2.2 Certificate Transparency 2.2.1 Certificate Transparency Log 2.2.2 Überprüfung durch User Agents 2.2.3 Überprüfung durch Monitors 2.2.4 Eintragung durch Certificate Authorities 3 Konzeptionierung 3.1 Abfrage der CT Logs 3.2 Verarbeitung der Zertifikate 3.3 Speicherung & Auswertung der Daten 3.4 Überwachung 3.5 Docker 4 Implementierung 4.1 Plattform 4.2 Überwachung 4.3 certstream-server 4.4 Verarbeitung 4.4.1 Pufferung (stream-to-queue-publisher) 4.4.2 Vorverarbeitung (cert-indexer) 4.5 Elasticsearch 4.5.1 Speicherverbrauch 4.5.2 Field Mappings 5 Auswertung 5.1 Logs & Log-Betreiber 5.2 Certificate Authorites 5.3 Zertifikats-Größe 5.4 Gültigkeitsdauer 6 Schluss 6.1 Fazit 6.2 Ausblick A Beispiel X509 Leaf-Zertifikat B Beispiel X509 Root-Zertifikat C Beispiele Elasticsearch Abfragen Literatur Abbildungsverzeichnis Tabellenverzeichnis
4	A Distributed Public Key Infrastructure for the Web Backed by a Blockchain / En distribuerad publik nyckel-infrastruktur för webben uppbackad av en blockkedja Fredriksson, Bastian January 2017 (has links) The thesis investigates how a blockchain can be used to build a decentralised public key infrastructure for the web, by proposing a custom federation blockchain relying on honest majority. Our main contribution is the design of a Proof of Stake protocol based on a stake tree, which builds upon an idea called follow-the-satoshi used in previous papers. Digital identities are stored in an authenticated self-balancing tree maintained by blockchain nodes. Our back-of-the-envelope calculations, based on the size of the domain name system, show that the block size must be set to at least 5.2 MB, while each blockchain node with a one-month transaction history would need to store about 243 GB. Thin clients would have to synchronise about 13.6 MB of block headers per year, and download an additional 3.7 KB of proof data for every leaf certificate which is to be checked. / Uppsatsen undersöker hur en blockkedja kan användas för att bygga en decentraliserad publik nyckel-infrastruktur för webben. Vi ger ett designförslag på en blockkedja som drivs av en pålitlig grupp av noder, där en majoritet antas vara ärliga. Vårt huvudsakliga bidrag är utformningen av ett Proof of Stake-protokoll baserat på ett staketräd, vilket bygger på en idé som kallas follow-the-satoshi omnämnd i tidigare publikationer. Digitala identiteter sparas i ett autentiserat, självbalanserande träd som underhålls av noder anslutna till blockkedjenätverket. Våra preliminära beräkningar baserade på storleken av DNS-systemet visar att blockstorleken måste sättas till åtminstone 5.2 MB, medan varje nod med en månads transaktionshistorik måste spara ungefär 243 GB. Webbläsare och andra resurssnåla klienter måste synkronisera 13.6 MB data per år, och ladda ner ytterligare 3.7 KB för varje användarcertifikat som skall valideras. Public key infrastructure Blockchain Merkle tree Proof of Stake Certificate authority Computer Sciences Datavetenskap (datalogi)
5	Public certificate management revisited : A summary of policy changes over a two-year period (2021-2023) / En sammanfattning av Certifikatutfärdares policyer Bergström, Simon, Kozak, Lowe January 2023 (has links) The purpose of this study was to investigate how the Digital Certificate managementactors of the Public Key Infrastructure of the Internet have changed over the past two years(2021-2023). A set of one million registered top domains were queried with the intention ofmapping out their certificates. This thesis presents a frequency analysis of issuing Certifi-cate Authorities of the top one million domains and presents a concise table showing whichthe most popular Certificate Authorities are, as well as how the popularity has shifted overthe past two years. This thesis also presents tables of how well a select few major CertificateAuthorities follow the stipulated Baseline Requirements issued for the purpose of settingguidelines in handling certificates. Our findings suggest that the major Certificate Author-ities have highly increased their compliance with the requirements over the time period.The Baseline Requirements have stipulated a few new guidelines, none of which relate tothe fields of issuance, revocation and expiration. All the major Certificate Authorities haveadded more support than they have retracted and so it is clear to see that they respect theBaseline Requirements and work toward implementing them. Certificate Authority Baseline Requirements CA BR Computer and Information Sciences Data- och informationsvetenskap
6	Porovnanie vybraných certifikačných autorít v Českej republike / Comparison of selected certificate authorities in the Czech Republic Tencer, Peter January 2010 (has links) This thesis deals with basic principles of electronic signature and functions of certificate authorities, which is complemented with description of legislation environment in Czech Republic. The second part of the thesis includes methodology for comparison of certificate authority's functions in the field of qualified personal certificates. This methodology is afterwards applied for comparison of functions of accredited certificate authorities operating in Czech Republic and for determination of the best authority according to defined criteria and their significance weights.
7	Single Sign-On : Risks and Opportunities of Using SSO (Single Sign-On) in a Complex System Environment with Focus on Overall Security Aspects Cakir, Ece January 2013 (has links) Main concern of this thesis is to help design a secure and reliable network system which keeps growing in complexity due to the interfaces with multiple logging sub-systems and to ensure the safety of the network environment for everyone involved. The parties somewhat involved in network systems are always in need of developing new solutions to security problems and striving to have a secure access into a network so as to fulfil their job in safe computing environments. Implementation and use of SSO (Single Sign-On) offering secure and reliable network in complex systems has been specifically defined for the overall security aspects of enterprises. The information to be used within and out of organization was structured layer by layer according to the organizational needs to define the sub-systems. The users in the enterprise were defined according to their role based profiles. Structuring the information layer by layer was shown to improve the level of security by providing multiple authentication mechanisms. Before implementing SSO system necessary requirements are identified. Thereafter, user identity management and different authentication mechanisms were defined together with the network protocols and standards to insure a safe exchange of information within and outside the organization. A marketing research was conducted in line of the SSO solutions. Threat and risk analysis was conducted according to ISO/IEC 27003:2010 standard. The degree of threat and risk were evaluated by considering their consequences and possibilities. These evaluations were processed by risk treatments. MoDAF (Ministry of Defence Architecture Framework) used to show what kind of resources, applications and the other system related information are needed and exchanged in the network. In essence some suggestions were made concerning the ideas of implementing SSO solutions presented in the discussion and analysis chapter. SSO information security authentication federated identity multi-factor authentication MoDAF framework SAML LDAP certificate authority kerberos shibboleth SSO architectures risk evaluation. Computer Sciences Datavetenskap (datalogi)
8	Certifikační autorita / Certification authority Herinek, Denis January 2018 (has links) There is a lot of available services on the internet those need to be more secured and trusted. Public key infrastructure is used in sectors where are higher expectations in case of authentication, integrity and confidentality. It is almost impossible to imagine how internet banking or electronic signatures of important documents would work without PKI. There is a lot of open-source realisations of PKI created by users. Digital certificates as a part of PKI are issued by certificate authorities. This diploma thesis consists of open- source realisation of certificate authority and timestamping authority to demonstrate services which they provide.
9	Public certificate management : An analysis of policies and practices used by CAs / Offentlig certifikathantering : En analys av policys och praxis som används av CAs Bergström, Anna, Berghäll, Emily January 2021 (has links) Certificate Authorities (CAs) carry a huge responsibility in today's internet security landscape as they issue certificates that establish secure end-to-end connections. This thesis conducts a policy review and survey of CAs' Certificate Policies and Certificate Practice Statements to find similarities and differences that could lead to possible vulnerabilities. Based on this, the thesis then presents a taxonomy-based analysis as well as comparisons of the top CAs to the Baseline Requirements. The main areas of the policies that were focused on are the issuance, revocation and expiration practices of the top 30 CAs as determined by the use of Tranco's list. We also determine the top CA groups, meaning the CAs whose policies are being used by the most other CAs as well as including a top 100 CAs list. The study suggests that the most popular CAs hold such a position because of two main reasons: they are easy to acquire and/or because they are connected to several other CAs. The results suggest that some of the biggest vulnerabilities in the policies are what the CAs do not mention in any section as it puts the CA at risk for vulnerabilities. The results also suggest that the most dangerous attacks are social engineering attacks, as some of the stipulations for issuance and revocations make it possible to pretend to be the entity of subscribes to the certificate rather than a malicious one. Certificate Issuance Revocation Expiration Certificate Authority Certificate Policy Certificate Practice Statement Certificate Management Policy review Social engineering CA/Browser forum Baseline Requirements Computer Sciences Datavetenskap (datalogi)
10	The Shifting Web of Trust : Exploring the Transformative Journey of Certificate Chains in Prominent Domains / Förtroendets Föränderliga Väv : Att Utforska den Transformativa Resan av Certifikatkedjor av Populära Domäner Döberl, Marcus, Freiherr von Wangenheim, York January 2023 (has links) The security and integrity of TLS certificates are essential for ensuring secure transmission over the internet and protecting millions of people from man-in-the-middle attacks. Certificate Authorities (CA) play a crucial role in issuing and managing thesecertificates. This bachelor thesis presents a longitudinal analysis of certificate chains forpopular domains, examining their evolution over time and across different categories. Using publicly available certificate data from sources such as crt.sh and censys.io, we createda longitudinal dataset of certificate chains for domains from the Top 1-M list of Tranco.We categorized the certificates based on their type, and the particular service categories.We analyzed a selected set of domains over time and identified the patterns and trendsthat emerged in their certificate chains. Our analysis revealed several noteworthy trends,including an increase in the use of new CAs and a shift of which types of certificates areused, we also found a trend in shorter certificate chains and fewer paths from domain toroot certificate. This implies a more streamlined and simplified certificate process overtime until today. Our findings have implications for the broader cybersecurity communityand demonstrate the importance of ongoing monitoring and analysis of certificate chainsfor popular domains. Certificate Authority CA Let's Encrypt Network modelling analysis and measurement; Network security authentication measurement trust and privacy; Web technologies Internet säkerhet Certifikat Cybersäkerhet Nätverk Internet Computer and Information Sciences Data- och informationsvetenskap

Search results