Global ETD Search

21	Entwicklung eines Systems zur Erfassung und Untersuchung von Certificate Transparency Logs Meesters, Johannes 13 July 2024 (has links) Angesichts der zentralen Rolle der Root-Zertifizierungsstellen als Vertrauensanker der Web PKI und der in der Vergangenheit aufgetretenen Vorfälle mit unberechtigt oder inkorrekt ausgestellten Zertifikaten, ist die Transparenz und Verantwortlichkeit dieser Root CAs von großer Bedeutung. Seit der Einführung von Certificate Transparency Logs werden alle von Certificate Authorities ausgestellten Zertifikate in diese öffentlichen Logs eingetragen. Die Arbeit stellt die Problematik der eingeschränkten Zugänglichkeit dieser Daten für die Wissenschaft dar und entwickelt ein Werkzeug, dass eine unabhängige Aufzeichnung und Auswertung von Certificate Transparency Logs ermöglicht. Das entwickelte System nutzt eine containerbasierte Architektur und Elasticsearch zur effizienten Speicherung und Analyse der Daten. Es bewältigt ein hohes Datenaufkommen von durchschnittlich 25 Millionen Log-Einträgen pro Tag und ermöglicht eine anpassbare Datenverarbeitung und -auswertung. Die Vorverarbeitung und Indexierung sowie die Auswertung der Daten erfolgte mit Python, was eine flexible Anpassung des Systems an unterschiedliche Forschungsfragen erlaubt. Über einen Zeitraum von 42 Tagen wurden insgesamt 645 Millionen CT Log-Einträge aufgezeichnet und analysiert. Aus den Auswertungen geht hervor, wie verschiedene CAs und deren Root-Zertifikate genutzt werden und wie stark die unterschiedlichen CT Logs von CAs verwendet werden. Die Arbeit identifiziert jedoch auch Herausforderungen, wie den hohen Speicherbedarf und notwendige Optimierungen in der Datenindexierung.:1 Einleitung 1.1 Problemstellung 1.2 Zielstellung 2 Grundlagen 2.1 X509-Zertifikate 2.1.1 Felder 2.1.2 Erweiterungen 2.2 Certificate Transparency 2.2.1 Certificate Transparency Log 2.2.2 Überprüfung durch User Agents 2.2.3 Überprüfung durch Monitors 2.2.4 Eintragung durch Certificate Authorities 3 Konzeptionierung 3.1 Abfrage der CT Logs 3.2 Verarbeitung der Zertifikate 3.3 Speicherung & Auswertung der Daten 3.4 Überwachung 3.5 Docker 4 Implementierung 4.1 Plattform 4.2 Überwachung 4.3 certstream-server 4.4 Verarbeitung 4.4.1 Pufferung (stream-to-queue-publisher) 4.4.2 Vorverarbeitung (cert-indexer) 4.5 Elasticsearch 4.5.1 Speicherverbrauch 4.5.2 Field Mappings 5 Auswertung 5.1 Logs & Log-Betreiber 5.2 Certificate Authorites 5.3 Zertifikats-Größe 5.4 Gültigkeitsdauer 6 Schluss 6.1 Fazit 6.2 Ausblick A Beispiel X509 Leaf-Zertifikat B Beispiel X509 Root-Zertifikat C Beispiele Elasticsearch Abfragen Literatur Abbildungsverzeichnis Tabellenverzeichnis / In view of the central role of the root certification authorities as trust anchors of the Web PKI and the incidents that have occurred in the past with unauthorised or incorrectly issued certificates, the transparency and accountability of these root CAs is of great importance. With the introduction of Certificate Transparency Logs, all certificates issued by Certificate Authorities are now entered in public logs. The work presents the problem of the limited accessibility of this data for science and develops a tool that enables an independent recording and evaluation of Certificate Transparency Logs. The developed system uses a container-based architecture and Elasticsearch to efficiently store and analyse the data. It can handle a high volume of data, averaging 25 million log entries per day, and enables customisable data processing and analysis. Python was used to pre-process, index and analyse the data, allowing the system to be flexibly adapted to different research questions. A total of 645 million CT log entries were recorded and analysed over a period of 42 days. The analyses show how different CAs and their root certificates are used and how much the different CT logs are used by CAs. However, the work also identifies challenges, such as the high memory requirements and necessary optimisations in data indexing.:1 Einleitung 1.1 Problemstellung 1.2 Zielstellung 2 Grundlagen 2.1 X509-Zertifikate 2.1.1 Felder 2.1.2 Erweiterungen 2.2 Certificate Transparency 2.2.1 Certificate Transparency Log 2.2.2 Überprüfung durch User Agents 2.2.3 Überprüfung durch Monitors 2.2.4 Eintragung durch Certificate Authorities 3 Konzeptionierung 3.1 Abfrage der CT Logs 3.2 Verarbeitung der Zertifikate 3.3 Speicherung & Auswertung der Daten 3.4 Überwachung 3.5 Docker 4 Implementierung 4.1 Plattform 4.2 Überwachung 4.3 certstream-server 4.4 Verarbeitung 4.4.1 Pufferung (stream-to-queue-publisher) 4.4.2 Vorverarbeitung (cert-indexer) 4.5 Elasticsearch 4.5.1 Speicherverbrauch 4.5.2 Field Mappings 5 Auswertung 5.1 Logs & Log-Betreiber 5.2 Certificate Authorites 5.3 Zertifikats-Größe 5.4 Gültigkeitsdauer 6 Schluss 6.1 Fazit 6.2 Ausblick A Beispiel X509 Leaf-Zertifikat B Beispiel X509 Root-Zertifikat C Beispiele Elasticsearch Abfragen Literatur Abbildungsverzeichnis Tabellenverzeichnis
22	PKI/PMI AND SMART TOKENS IN HEALTHCARE INFORMATION SYSTEMS Liu, Hailong, Qi, Wenhua, Zhang, Qishan, Wu, Jinpei 10 1900 (has links) International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, Nevada / While healthcare industry is striving to achieve e-health systems for improvements in healthcare quality, cost, and access, privacy and security about medical records should be considered carefully. This paper makes a deep study of Public Key Infrastructures (PKIs) and Privilege Management Infrastructures (PMIs) and how they can secure e-health systems. To access resources, e.g. patient records, both authentication and authorization are needed, so public key certificates and attribute certificates are both required to protect healthcare information. From a typical medical scenario, we see not only static but also dynamic permissions are required. Dynamic authorization maybe the most complex problem in e-health systems. security PKI PMI public key certificate attribute certificate smart token e-health digital signature
23	Certificate Revocation Table: Leveraging Locality of Reference in Web Requests to Improve TLS Certificate Revocation Dickinson, Luke Austin 01 October 2018 (has links) X.509 certificate revocation defends against man-in-the-middle attacks involving a compromised certificate. Certificate revocation strategies face scalability, effectiveness, and deployment challenges as HTTPS adoption rates have soared. We propose Certificate Revocation Table (CRT), a new revocation strategy that is competitive with or exceeds alternative state-of-the-art solutions in effectiveness, efficiency, certificate growth scalability, mass revocation event scalability, revocation timeliness, privacy, and deployment requirements. The CRT periodically checks the revocation status of X.509 certificates recently used by an organization, such as clients on a university's private network. By prechecking the revocation status of each certificate the client is likely to use, the client can avoid the security problems of on-demand certificate revocation checking. To validate both the effectiveness and efficiency of using a CRT, we used 60 days of TLS traffic logs from Brigham Young University to measure the effects of actively refreshing certificates for various certificate working set window lengths. Using a certificate working set window size of 45 days, an average of 99.86% of the TLS handshakes from BYU would have revocation information cached in advance using our approach. Revocation status information can be initially downloaded by clients with a 6.7 MB file and then subsequently updated using only 205.1 KB of bandwidth daily. Updates to this CRT that only include revoked certificates require just 215 bytes of bandwidth per day. certificate revocation X.509 certificate caching working sets locality of reference Computer Sciences
24	Towards Efficient Certificate Revocation Status Validation in Vehicular Ad Hoc Networks with Data Mining Zhang, Qingwei 26 November 2012 (has links) Vehicular Ad hoc Networks (VANETs) are emerging as a promising approach to improving traffic safety and providing a wide range of wireless applications for drivers and passengers. To perform reliable and trusted vehicular communications, one prerequisite is to ensure a peer vehicle’s credibility by means of digital certificates validation from messages that are sent out by other vehicles. However, in vehicular communication systems, certificates validation is more time consuming than in traditional networks, due to the fact that each vehicle receives a large number of messages in a short period of time. Another issue that needs to be addressed is the unsuccessful delivery of information between vehicles and other entities on the road as a result of their high mobility rate. For these reasons, we need new solutions to accelerate the process of certificates validation. In this thesis, we propose a certificate revocation status validation scheme using the concept of clustering; based on data mining practices, which can meet the aforementioned requirements. We employ the technique of k -means clustering to boost the efficiency of certificates validation, thereby enhancing the security of a vehicular ad hoc network. Additionally, a comprehensive analysis of the security of the proposed scheme is presented. The analytical results demonstrate that this scheme can effectively improve the validation of certificates and thus secure the vehicular communication in vehicular networks. VANETs digital certificates Certificate Revocation List k-Means authentication certificate validation
25	Towards Efficient Certificate Revocation Status Validation in Vehicular Ad Hoc Networks with Data Mining Zhang, Qingwei January 2012 (has links) Vehicular Ad hoc Networks (VANETs) are emerging as a promising approach to improving traffic safety and providing a wide range of wireless applications for drivers and passengers. To perform reliable and trusted vehicular communications, one prerequisite is to ensure a peer vehicle’s credibility by means of digital certificates validation from messages that are sent out by other vehicles. However, in vehicular communication systems, certificates validation is more time consuming than in traditional networks, due to the fact that each vehicle receives a large number of messages in a short period of time. Another issue that needs to be addressed is the unsuccessful delivery of information between vehicles and other entities on the road as a result of their high mobility rate. For these reasons, we need new solutions to accelerate the process of certificates validation. In this thesis, we propose a certificate revocation status validation scheme using the concept of clustering; based on data mining practices, which can meet the aforementioned requirements. We employ the technique of k -means clustering to boost the efficiency of certificates validation, thereby enhancing the security of a vehicular ad hoc network. Additionally, a comprehensive analysis of the security of the proposed scheme is presented. The analytical results demonstrate that this scheme can effectively improve the validation of certificates and thus secure the vehicular communication in vehicular networks. VANETs digital certificates Certificate Revocation List k-Means authentication certificate validation
26	Longitudinal analysis of the certificate chains of big tech company domains / Longitudinell analys av certifikatkedjor till domäner tillhörande stora teknikföretag Klasson, Sebastian, Lindström, Nina January 2021 (has links) The internet is one of the most widely used mediums for communication in modern society and it has become an everyday necessity for many. It is therefore of utmost importance that it remains as secure as possible. SSL and TLS are the backbones of internet security and an integral part of these technologies are the certificates used. Certificate authorities (CAs) can issue certificates that validate that domains are who they claim to be. If a user trusts a CA they can in turn also trust domains that have been validated by them. CAs can in turn trust other CAs and this, in turn, creates a chain of trust called a certificate chain. In this thesis, the structure of these certificate chains is analysed and a longitudinal dataset is created. The analysis looks at how the certificate chains have changed over time and puts extra focus on the domains of big tech companies. The dataset created can also be used for further analysis in the future and will be a useful tool in the examination of historical certificate chains. Our findings show that the certificate chains of the domains studied do change over time; both their structure and the lengths of them vary noticeably. Most of the observed domains show a decrease in average chain length between the years of 2013 and 2020 and the structure of the chains vary significantly over the years. certificate authorities CA certificate chains certificates certificate validation HTTPS network security internet security PKI Project Sonar SSL TLS X.509 Computer Sciences Datavetenskap (datalogi)
27	RESEARCH AND IMPLEMENTATION OF MOBILE BANK BASED ON SSL Meihong, Li, Qishan, Zhang, Jun, Wang 10 1900 (has links) International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, Nevada / SSL protocol is one industrial standard to protect data transferred securely on Internet. Firstly SSL is analyzed, according to its characteristics, one solution plan on mobile bank based on SSL is proposed and presented, in which GPRS technology is adopted and elliptic curve algorithm is used for the session key, finally several functional modules of mobile bank are designed in details and its security is analyzed. SSL Mobile Bank GPRS Elliptic Curve Cryptography Certificate
28	Double Loss: The Economics of Death Falkner, Amber 01 January 2016 (has links) This paper analyzes the deathcare services industry in terms of its economic impact on young widows. I examine the financial impact of a husband’s sudden death by studying funeral services purchased on an atneed basis. Then, I assess how prolonged death due to illness alters the bereavement process of and financial impacts on young widows. I find that the mode of death is a predictor of the cost of the deathcare services incurred by the newly widowed. Death Casket Deathcare Death Certificate
29	Contribuição para apuração e evidenciação dos resultados das instituições de ensino superior com certificado de entidade beneficente de assistência social. / Contribution to verifying and disclosing the income obtained through the Higher Education Institutions with a Philanthropy Certificate. Lima, Emanoel Marcos 28 July 2003 (has links) O objetivo deste trabalho é contribuir com o aperfeiçoamento das informações contábeis para a gestão das Instituições de Ensino Superior com Certificado de Entidade Beneficente de Assistência Social - IESCEBAS, por meio da proposição de um modelo de apuração e evidenciação do resultado com o Certificado de Entidade Beneficente de Assistência Social. O estudo desenvolve-se a partir da análise dos seguintes aspectos: caracterização e definição de uma IESCEBAS, processo de gestão e sistemas de informações com base numa abordagem sistêmica. Os gestores, governo e sociedade necessitam de informações úteis e confiáveis sobre os resultados com o CEBAS para a tomada de decisões. Porém, conforme se constatou pela pesquisa de campo realizada por meio de questionários e análises das demonstrações contábeis, que a prática adotada pelas instituições objeto de estudo e também a norma editada pelo Conselho Federal de Contabilidade, não são adequadas para fornecer informações que subsidiem os gestores, governo e sociedade na tomada de decisões. Ao discorrer sobre os conceitos de receitas, custos, ativos, passivos e custo de oportunidade, conclui-se que o CEBAS gera impactos patrimoniais e econômicos que devem ser apurados e evidenciados pela contabilidade. Contudo, verificou-se pela análise dos resultados da pesquisa de campo, que não existe clareza quanto aos procedimentos contábeis e à legislação aplicáveis na apuração e evidenciação desses impactos pela contabilidade. A partir desta constatação, é proposto um modelo de apuração e evidenciação dos resultados com o certificado das IESCEBAS, de modo a subsidiar os gestores, governo e sociedade na tomada de decisões. Ao final, o modelo proposto é aplicado ao caso de duas IESCEBAS, com a finalidade de verificar sua utilidade. / This study aims to contribute to the improvement of accounting information for administering Higher Education Institutions with a Philanthropy Certificate - IESCEBAS, through the proposal of a model for verifying and disclosing the income obtained through the Philanthropy Certificate. The study is based on the analysis of the following aspects: characterization and definition of an IESCEBAS, management process and information systems on the basis of a systemic approach. The managers, government and society need useful and trustworthy information about the results obtained through the Philanthropy Certificate with a view to decision-making. Nevertheless, as we observed from the field research held by means of questionnaires and from the analysis of the financial statements, the practice adopted by the institutions in this study as well as the norm issued by the Brazilian Federal Accounting Council are not adequate to supply information that assists the managers, government and society in decision-making. Our discussion of the revenues, costs, assets, liabilities and opportunity cost concepts leads us to the conclusion that the Philanthropy Certificate generates equity and economic impacts that have to be verified and disclosed by accounting. However, we observed from the analysis of the field research results that there are uncertainties with respect to the accounting procedures and legislation that should be applied in the verification and disclosure of these impacts by accounting. On the basis of this observation, we propose a model for verifying and disclosing the income obtained through the Philanthropy Certificate, so as to assist the managers, government and society in making decisions. Finally, the proposed model is applied to two IESCEBAS, with a view to verifying its usefulness. Beneficência e Custo de Oportunidade Certificado Certificate philanthropy and opportunity cost
30	Improving Routing Security Using a Decentralized Public Key Distribution Algorithm Goold, Jeremy C. 13 April 2005 (has links) Today's society has developed a reliance on networking infrastructures. Health, financial, and many other institutions deploy mission critical and even life critical applications on local networks and the global Internet. The security of this infrastructure has been called into question over the last decade. In particular, the protocols directing traffic through the network have been found to be vulnerable. One such protocol is the Open Shortest Path First (OSPF) protocol. This thesis proposes a security extension to OSPF containing a decentralized certificate authentication scheme (DecentCA) that eliminates the single point of failure/attack present in current OSPF security extensions. An analysis of the security of the DecentCA is performed. Furthermore, an implementation of DecentCA in the Quagga routing software suite is accomplished. computer routing protocols security OSPF certificate authority decentralized Computer Sciences

Search results