Global ETD Search

21	Virtual Private Network Communication over a session layer socket protocol (SOCKS) Soler Avellén, Carl Richard January 2011 (has links) SYSTeam is an IT solutions supplier company that wants to develop a product which permits users to communicate with each other, over the Internet, in a secure way. The solution creates communication between two subnets which are connected through a Virtual Private Network (VPN) Gateway. The security of the communication is implemented at the application layer by using the Secure Socket Layer (SSL) protocol which carries, encrypted within it, a session layer technology called Sock-et-s (SOCKS). The communication prototype is developed in a Linux platform with the Integrated Development Environment (IDE) Eclipse and Java programming language. There are many similar software-hardware based products in the market, but these solutions usually demand high budgets. This thesis shows the development of a communication prototype of a new, and low cost, alternative product. This report also describes how the Java SOCKS methods are increased with further functionality in order to reach the designed communication infrastructure. The entire implementation is tested by using a network analyzer software called Wireshark and a log function which writes out messages in order for us to know which part of the code is running. VPN SOCKS JAVA Socket SSL Computer Sciences Datavetenskap (datalogi)
22	Důvěryhodná proxy v SSL/TLS spojení / Trusted proxy in SSL/TLS connection Smolík, Jiří January 2017 (has links) The problem of SSL/TLS interception ("trusted proxy in SSL/TLS connection") has been known for years and many implementations exist. However, all of them share a single technical solution which is based solely on the PKI authentication mechanism and suffers from multiple serious disadvantages. Most importantly, it is not compatible with several aspects or future trends of SSL/TLS and PKI, there's almost no space for improvement and its real use may spawn legal issues. After we analyze technical background and the current solution, we will propose another one, based not only on PKI but SSL/TLS too. Both solutions will be compared and general superiority of the new one will be shown. Basic implementation and analysis will follow, along with deployment requirements and ideas for future development. Powered by TCPDF (www.tcpdf.org)
23	Detekce a analýza přenosů využívajících protokoly SSL/TLS / Traffic detection and analysis using SSL/TLS Hutar, Jan January 2017 (has links) This diploma thesis deals with a detection and analysis of secure connections of electro- nic communication through SSL/TLS protocols. The thesis begins with introduction to SSL/TLS protocols. Thereafter, an analysis of messages used to establish secure con- nections using STARTTLS and postal protocols SMTP, POP3, and IMAP was made. Metadata detection and extraction of secured simplex and duplex connections take place using deep packet inspection tools. The tool of choice is the nDPI library from the Ntop project. The library was extended to detect the connections and extract the metadata based on studies and analysis of transmitted messages. Finally, testing is performed on a training data set and a basic analysis of acquired metadata is made.
24	Proposta de um agente de aplicação para detecção, prevenção e contenção de ataques em ambientes computacionais. / Proposal of an application-based agent for detection, prevention and containment of attacks in computational environment. Militelli, Leonardo Cavallari 09 June 2006 (has links) Canais seguros, como os gerados pelos protocolos SSL e TLS, são cada vez mais utilizados nos serviços de rede para propiciar autenticação de parceiro, integridade e sigilo dos dados. Porém, sua utilização impede que um sistema de detecção de intrusão de rede possa observar o conteúdo dos pacotes, impossibilitando a análise das mensagens. Como alternativa de contorno deste problema é proposta a arquitetura de um agente de detecção, prevenção e contenção de ataques baseado em aplicação, que possibilite interceptar fluxos de mensagens diretamente na aplicação, inserido no contexto de uma arquitetura de detecção distribuída e padronizada. O ADACA (Agente de Detecção, Análise e Contenção de Ataques) é um agente IDS (Intrusion Detection System) híbrido capaz de operar tanto no modo ativo quanto passivo. Dessa forma, permite realizar a análise do conteúdo de mensagens que estejam protegidos por protocolos seguros, como o SSL e TLS, e adotar uma medida predefinida antes que a aplicação alvo processe um conteúdo malicioso. Além disso, o padrão de formato de mensagens de alertas IDMEF (Intrusion Detection Message Exchange Format), proposto pelo IDWG, é adotado para notificação de eventos do agente ADACA a um IDS central. Os resultados obtidos mostraram a viabilidade da utilização de agentes de aplicação, acoplados diretamente à aplicação, como complemento aos sistemas IDS de rede. / Secure channel, as the one generated by protocols like SSL and TLS, has been used on network services to provide partner authentication, integrity and confidentiality. However, its utilization prevents a network intrusion detection system to observe and analyze packets content. As an alternative to circumvent this problem, the present work proposes an agent-based intrusion detection, prevention and containment architecture capable to capture messages flows directly at the host application and introduce it on a distributed intrusion detection framework. The ADACA (Attack Detection, Analysis and Containment Agent) is a hybrid agent that can operate on active and passive mode. In this context, it is able to detect attacks where the application payload is encrypted by secure protocols, like SSL and TLS, and take some predefined measure before the host application process a malicious content. Further that, Intrusion Detection Message Exchange Format (IDMEF) standard proposed by IDWG is considered to send alerts between agent ADACA and an IDS central. The results shown that is practicable to use an application agent attached to an application as a complement of network intrusion detection systems. Agent Agente Ataque Attack Detecção de intrusos IDMEF IDMEF Intrusion detection Network Prevenção Prevention Rede de computadores Security Segurança SSL SSL
25	Proposta de um agente de aplicação para detecção, prevenção e contenção de ataques em ambientes computacionais. / Proposal of an application-based agent for detection, prevention and containment of attacks in computational environment. Leonardo Cavallari Militelli 09 June 2006 (has links) Canais seguros, como os gerados pelos protocolos SSL e TLS, são cada vez mais utilizados nos serviços de rede para propiciar autenticação de parceiro, integridade e sigilo dos dados. Porém, sua utilização impede que um sistema de detecção de intrusão de rede possa observar o conteúdo dos pacotes, impossibilitando a análise das mensagens. Como alternativa de contorno deste problema é proposta a arquitetura de um agente de detecção, prevenção e contenção de ataques baseado em aplicação, que possibilite interceptar fluxos de mensagens diretamente na aplicação, inserido no contexto de uma arquitetura de detecção distribuída e padronizada. O ADACA (Agente de Detecção, Análise e Contenção de Ataques) é um agente IDS (Intrusion Detection System) híbrido capaz de operar tanto no modo ativo quanto passivo. Dessa forma, permite realizar a análise do conteúdo de mensagens que estejam protegidos por protocolos seguros, como o SSL e TLS, e adotar uma medida predefinida antes que a aplicação alvo processe um conteúdo malicioso. Além disso, o padrão de formato de mensagens de alertas IDMEF (Intrusion Detection Message Exchange Format), proposto pelo IDWG, é adotado para notificação de eventos do agente ADACA a um IDS central. Os resultados obtidos mostraram a viabilidade da utilização de agentes de aplicação, acoplados diretamente à aplicação, como complemento aos sistemas IDS de rede. / Secure channel, as the one generated by protocols like SSL and TLS, has been used on network services to provide partner authentication, integrity and confidentiality. However, its utilization prevents a network intrusion detection system to observe and analyze packets content. As an alternative to circumvent this problem, the present work proposes an agent-based intrusion detection, prevention and containment architecture capable to capture messages flows directly at the host application and introduce it on a distributed intrusion detection framework. The ADACA (Attack Detection, Analysis and Containment Agent) is a hybrid agent that can operate on active and passive mode. In this context, it is able to detect attacks where the application payload is encrypted by secure protocols, like SSL and TLS, and take some predefined measure before the host application process a malicious content. Further that, Intrusion Detection Message Exchange Format (IDMEF) standard proposed by IDWG is considered to send alerts between agent ADACA and an IDS central. The results shown that is practicable to use an application agent attached to an application as a complement of network intrusion detection systems. Agente Ataque Detecção de intrusos IDMEF Prevenção Rede de computadores Segurança SSL Agent Attack IDMEF Intrusion detection Network Prevention Security SSL
26	Étude des protocoles d'authentification et de dérivation de clefs en 3 parties / Authenticated key exchange protocols in three parties Richard, Benjamin 30 August 2017 (has links) Dans cette thèse, nous nous sommes intéressés à la sécurité des protocoles d’authentification et de dérivations de clefs dans le cas où une troisième entité intermédiaire, partiellement de confiance, est requise pour différentes raisons pratiques. Dans un premier temps, nous nous sommes focalisés sur le protocole AKA, dont les différentes versions sont utilisées pour établir un canal sécurisé sur la voix radio au sein des réseaux mobiles 3G et 4G. Nous avons d’abord fait état des faiblesses de sécurité et celles concernant le respect de la vie privée des clients mobiles durant l’établissement d’un tel canal sécurisé. Différentes solutions pratiques ont été proposé afin d’assurer les propriétés de sécurité et de vie privée requises par le 3GPP au sein des réseaux 3G, 4G. Dans un second temps, nous avons analysé le protocole Keyless SSL utilisé au sein des CDNs afin d’établir le canal sécurisé requis pour les communications HTTPS. Nous avons proposé un modèle de sécurité calculatoire recoupant l’ensemble des besoins de sécurité et ainsi pointé les différentes faiblesses de sécurité de la proposition Keyless SSL. Par conséquent, une variante basée sur TLS 1.2 a été proposé. / In this thesis, we study the security of authentication and key exchange protocols when they are proxied through a semi-trusted third party is required. We begin by focusing on the security of the UMTS/LTE AKA protocol, when the different versions of this protocol are used to establish a secure channel across a radio access link in 3G and 4G mobile networks. We first describe some security and privacy weaknesses during the execution of the EPS- and UMTS-AKA protocols. Then, several practical solutions are proposed, guaranteeing better security and privacy for this protocol in both 3G and 4G scenarios. Secondly, we focus on computer networks, more precisely on the use of the Keyless SSL in proxying over HTTPS. A security model including the different various, specific security requirements from the web delivery context has been established. We also identify and discuss various weaknesses in the structure of Keyless SSL. Finally, we propose an improvement of Keyless SSL over TLS 1.2, and describe how Keyless SSL could work securely for the new TLS 1.3 protocol version. Sécurité Vie privée Protocoles AKA Réseaux Mobiles Keyless SSL Tls Security Privacy AKA Protocols Mobile Networks Keyless SSL Tls
27	Encrypted Chat Client : Encrypted communication over XMPP Rosén, Oskar January 2015 (has links) Every day there are internet users all over the world who sends a total sum of millions of emails and instant messages and a majority of these are sent and transmitted without any form of encryption. When we send an unencrypted message it can be monitored, analyzed and even stored by organiza-tions and individuals. Therefore using encrypted communication is vital for not having our privacy violated. One of the problems that needs to be solved is to allow two persons to communicate in (near) real time through text over internet in a secure and easy way for the user, while at the same time allowing the user to have a good experience and maintaining confidentiality. The chat client should be able to communicate with other platforms than only itself and must therefore use and fol-low an existing protocol for instant messaging. To receive a true end-to-end encryption, all data needs to be encrypted and decrypted locally on the user's computer before it is sent out on the inter-net. SSL / TLS can be used as a protective layer, but it must be complemented by an extra and sepa-rate layer of encryption since SSL / TLS is not an authentic end-to-end encryption. This is because of the SSL data is decrypted when they land on the server, while true end-to-end data is only de-crypted locally on the receivers computer. This thesis have resulted in a working chat client built on the XMPP protocol with support for using OTR encryption that offers true end-to-end encryption. / Varje dag finns det internetanvändare världen över som sammanlagt skickar miljontals email och direktmeddelanden vilka majoriteten skickas och överförs utan någon form utav kryptering. När vi skickar ett okrypterat meddelande kan det bli övervakat, analyserat och till och med lagrat utav or-ganisationer och individer. Därför är användande utav krypterad kommunikation avgörande för att inte vår integritet ska kränkas. Ett utav problemen som behöver lösas är att tillåta två personer att kommunicera i (nära) realtid genom text över internet på ett säkert och enkelt sätt för användaren. Detta samtidigt som användaren har en bra användarupplevelse och bibehåller konfidentialitet. Chattklienten ska kunna kommunicera med andra plattformar än sig själv och måste därmed an-vända sig utav och följa ett existerande protokoll för direktmeddelanden. För att få en riktig end-to-end kryptering måste all data krypteras och dekrypteras lokalt på användarens dator innan det skickas över internet. SSL / TLS kan användas som ett skyddande lager, men måste kompletteras av ett extra och separat lager av kryptering då SSL / TLS inte är äkta "end-to-end" kryptering. Detta är på grund utav att SSL data är dekrypterad när det kommer till servern, medan äkta "end-to-end" kryptering endast är dekrypterat lokalt på mottagarens dator. Denna avhandling resulterade i en fungerande chattklient byggt på XMPP protokollet med stöd för OTR kryptering som erbjuder äkta "end-to-end" kryptering. Chat client Encryption SSL/TLS OTR XMPP Chattklient Kryptering SSL/TLS OTR XMPP Computer and Information Sciences Data- och informationsvetenskap
28	SSACC -SERVIÇO DE SEGURANÇA PARA AUTENTICAÇÃO CIENTE DO CONTEXTO: para Dispositivos Móveis no Paradigma da Computação em Nuvem / SSAACC SECURITY FOR SOCIAL AUTHENTICATION AWARE OF CONTEXT: to Mobile Devices in Computing Paradigm Cloud MORAES, Renato Ubaldo Moreira e 26 September 2014 (has links) Made available in DSpace on 2016-08-17T14:52:38Z (GMT). No. of bitstreams: 1 Dissertacao_Renato Ubaldo Moreira e Moraes.pdf: 1378349 bytes, checksum: c8d418a48e72c6d94fdc632323dcf508 (MD5) Previous issue date: 2014-09-26 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Nowadays, there was a massive inclusion of smart mobile devices, known as smartphones, and with this accession, there s consequently a large increase in the consumption of information, especially from the internet. To support the great demand for information access, it s created a numerous devices to facilitate both access, the creation and the storage of such information, among the best known and disseminated currently is cloud computing. The feedback takes currently, an increasingly important and even critical for some entities, size and value turns out to be very desirable. Being often target capture and espionage attempts. To obtain data confidential information hackers use numerous devices, and more is used to scan networks. In other words can be described as scan "Scans notifications in computer networks, in order to identify which computers are active and which services are available for them. It is widely used by attackers to identify potential targets because it allows associate potential vulnerabilities to services enabled on a computer " [10]. According to [10] the number of attacks has been widening each year as shown in Figure 1.1 and 1.2 which are in section 1.1. Based on this high number incidents, the growth of the information consumer by means of devices furniture and the need to improve energy costs, the proposed establishment of the Office Security for Context Aware of authentication (Serviço de Segurança para Autenticação Ciente do Contexto(SSACC)) is required for today. The ssacc focus to provide a secure channel for transfer files to a server, using context information and reducing energy waste, thus saving resources and framing the Green Computing. Made based on the Secure Socket Layer (SSL), which is a widely used protocol that provides secure communication through a network. It uses several different cryptographic processes to ensure that data sent through the network is secure. It provides a security enhancement for the Transport Control Protocol (TCP) / Internet Protocol (IP) standard, which is used for communication with the Internet. SSL uses public key cryptography to provide authentication. The SSL protocol also uses encryption of the private key and digital signatures to ensure privacy and the integrity of data " [26]. / Atualmente houve uma adesão em massa aos dispositivos móveis inteligentes, conhecidos como smartphones, e, com essa adesão, houve consequentemente um grande aumento no consumo da informação, principalmente proveniente da internet. Para atender a grande demanda de acesso à informação foi criado inúmeros artifícios para facilitar tanto o acesso, quanto a criação e o armazenamento dessas informações, dentre os mais conhecidos e difundidos atualmente está a computação em nuvem. A informação assume, hoje em dia, uma importância crescente e até vital para algumas entidades, e com tamanho valor acaba se tornando muito desejada, sendo muitas vezes alvo de tentativas de captura e espionagem. Para se obter dados de informações confidenciais hackers usam inúmeros artifícios, e o mais usado é o scan de redes, que em outras palavras pode ser descrito scan como "notificações de varreduras em redes de computadores, com o intuito de identificar quais computadores estão ativos e quais serviços estão sendo disponibilizados por eles. É amplamente utilizado por atacantes para identificar potenciais alvos, pois permite associar possíveis vulnerabilidades aos serviços habilitados em um computador" [10]. De acordo com o [10] o número de ataques só vem crescendo a cada ano como mostra a figura 1.1 e 1.2 que estão na seção 1.1. Com base nesse alto número de incidentes, o crescimento do consumo da informação por meio de dispositivos móveis e a necessidade de melhorar gastos de energia, a proposta de criação do Serviço de Segurança para Autenticação Ciente do Contexto (SSACC) é necessária para a atualidade. O SSACC tem como principal objetivo fornecer um canal seguro para transferência de arquivos para um servidor, fazendo uso de informações de contexto e diminuindo o desperdício de energia, consequentemente economizando recursos e se enquadrando à Computação Verde. Feito com base no Secure Socket Layer(SSL), que é um "protocolo amplamente utilizado que fornece comunicação segura através de uma rede. Ele usa vários processos criptográficos diferentes para garantir que os dados enviados por meio de rede são seguras. Ele fornece um aprimoramento de segurança para o protocolo Transport Control Protocol (TCP)/ Internet Protocol (IP) padrão, que é usado para comunicação com a internet. SSL utiliza criptografia de chave pública para fornecer autenticação. O protocolo SSL também usa criptografia de chave privada e assinaturas digitais para garantir a privacidade e a integridade dos dados" [26]. criptografia computação em nuvem ciência do contexto SSL computação verde cryptography cloud computing context aware SSL green computing
29	Utveckling av mobilapplikation för säkerhetssystem / Development of mobile application for security system Söderman Stolpe, Kim January 2012 (has links) Målet med detta examensarbete har varit att utveckla en mobilapplikation till Android som på ett användarvänligt sätt exponerar de webbtjänster som företaget TLab West AB’s säkerhetssystem Sentrion tillhandahåller. Företaget har introducerat ett nytt kommunikationsprotokoll baserat på JSON till Sentrionsystemet vilket har testats och använts av vår applikation. Det främsta effektmålet företaget velat se är ett utökat stöd av funktionaliteten som systemets webbserver erbjuder, och detta med ett tydligt och lättmanövrerat användargränssnitt. Detta har åstadkommits genom att övergå ifrån det befintliga webbgränssnittet till en native Android applikation som utnyttjar det nya JSON kommunikationsprotokollet med ett snabbt och intuitivt menysystem. Då kommunikationen med företaget huvudsakligen skett på distans, och de har utvecklat sitt JSON protokoll parallellt med vår applikation så valde vi att arbeta iterativt. Den iterativa processen blev inspirerad av Scrum med korta sprintar på en till två veckor för att upprätthålla en intensiv kontakt med företaget och snabbt få återkoppling på utvecklingsprocessen. Arbetet genomfördes enligt projektplaneringen och resulterade i en mobilapplikation som företaget blev mycket nöjda med, all grundläggande önskad funktionalitet implementerades samt att en del bonuskrav uppfylldes. Vi kände i efterhand att valda arbetsmetoder var helt rätt för denna typ av projekt och de krav som återstår att lösa är programvaruinställning för större textstorlek, ett användarfall som består av att kvittera larm och meddelanden. Slutligen återstår det en teoretisk lösning på ett specifikt kommunikationsproblem då säkerhetssystemet helt stängt sina inkommande portar och all kommunikation måste initieras från Sentrion-enheten. / The goal with this bachelor thesis has been to develop a cell phone application for the Android platform that utilizes the web services offered by TLab West AB’s security system called Sentrion. TLab West has introduced a new communication protocol for their Sentrion system that is based upon JSON and was tested for the first time with our cell phone application. The most prominent effect goal that TLab West strived for was an enhanced support of the core functionality offered by the security systems web server, all this with a clear and easily maneuvered user interface. To accomplish this we abandoned the existing web interface and developed a native Android application that communicates with Sentrion using the newly developed JSON protocol and implementing a quick and intuitive menu system. Most of our dealings with TLab West took place using distance communication and they were developing the JSON protocol in parallel with our own application development. This led us into using an iterative software process model inspired by Scrum with short sprints of one to two weeks in order to maintain an intensive contact with TLab West and quickly get feedback on the development. The development transpired according to the project plan and resulted in a cell phone application that was well received by TLab West, all the core functional requirements were implemented and some of the bonus requirements were achieved as well. In reflection we felt that the chosen development process worked very well for this type of distance communication project. The requirements which have not been met are the functionality to increase the font size within the application settings, also the functionality to acknowledge alarm and messages. A solution to a very specific communication problem is unsolved where the security system’s inbound ports are unavailable and all communication must be initiated by the Sentrion. Android native app scrum JSON https ssl tls DMZ Android native app scrum JSON HTTPS SSL TLS DMZ Engineering and Technology Teknik och teknologier
30	Une étude de l’écosystème TLS / A study of the TLS ecosystem Levillain, Olivier 23 September 2016 (has links) SSL/TLS, un protocole de sécurité datant de 1995, est devenu aujourd'hui une brique essentielle pour la sécurité des communications, depuis les sites de commerce en ligne ou les réseaux sociaux jusqu'aux réseaux privés virtuels (VPN), en passant par la protection des protocoles de messagerie électronique, et de nombreux autres protocoles. Ces dernières années, SSL/TLS a été l'objet de toutes les attentions, menant à la découverte de nombreuses failles de sécurité et à des améliorations du protocole. Dans cette thèse, nous commençons par explorer l'écosystème SSL/TLS sur Internet en énumérant les serveurs HTTPS sur l'espace IPv4; nous proposons pour cela des méthodologies de collecte et d'analyse permettant d'obtenir des résultats reproductibles et comparables entre différentes campagnes de mesure. Au-delà de ces observations, nous nous sommes intéressés en détail à deux aspects essentiels de la sécurité TLS: comment parer les attaques sur le Record Protocol, et comment implémenter des parsers sûrs et efficaces. Finalement, en se basant sur les nombreuses failles d'implémentation qui ont affecté presque toutes les piles TLS ces dernières années, nous tirons quelques enseignements concernant les difficultés liées à l'écriture d'une bibliothèque TLS de confiance / SSL/TLS, a 20-year old security protocol, has become a major component securing network communications, from HTTPS e-commerce and social network sites to Virtual Private Networks, from e-mail protocols to virtually every possible protocol. In the recent years, SSL/TLS has received a lot of attentions, leading to the discovery of many security vulnerabilities, and to protocol improvements. In this thesis, we first explore the SSL/TLS ecosystem at large using IPv4 HTTPS scans, while proposing collection and analysis methodologies to obtain reproducible and comparable results across different measurement campaigns. Beyond these observations, we focused on two key aspects of TLS security: how to mitigate Record Protocol attacks, and how to write safe and efficient parsers. Finally, building on the numerous implementation flaws in almost all TLS stacks in the last years, we propose some thoughts about the challenges in writing a secure TLS library SSL/TLS Sécurité des systèmes d'information Protocoles cryptographiques Mesures réseau Implémentation de protocoles réseau Parsers SSL/TLS IT security Cryptographic protocols Network campaigns Network protocol implementation Parsers

Search results