Global ETD Search

1	Seguridad en redes de computación ubicua: contribución a la validación de credenciales Hinarejos Campos, M. Francisca 30 June 2010 (has links) Technology progress in both user devices and networks allows communications anytime and anywhere. New communication environments offer a wide range of possibilities to users, but also generate new threats. For this reason, it is necessary to establish measures to find out who is establishing a communication and what actions is authorized to do. Currently proposed solutions in the literature are not completely adapted to the new features such as user mobility, network disconnections and constraints of devices and networks. Many of the existing proposals have focused in providing specific solutions to particular scenarios, but they do not consider a global heterogeneous scenario. Therefore, it is necessary to design security mechanisms able to adapt themselves to new scenarios. In this sense, digital certificates are a standardized and widely used solution. Digital certificates enable performing user authentication and authorization in a distributed way. The problem is that ubiquitous environments complicate the process of digital certificates validation. This complexity could result in a service being not accessible. The goal of this thesis is to contribute in making ubiquitous scenarios more secure. More specifically, the work proposes solutions for reducing the credential validation cost and for improving the availability of authentication and authorization services. In first place, we propose a solution for credential validation that works properly in environments with connection to on-line servers and also in environments where the connection to servers is sometimes not possible. In second place, we propose a cascade revocation system where the delegation is partially centralized. Delegation provides high flexibility to authorization systems, but adds complexity to the system. Our proposal reduces the burden on the verifier-side. In third place, we propose a revocation system for delegation chains based on prefix codes. This proposal deals with the problem of centralization of the previous proposal. In particular, the decentralized solution presented keeps the load reduction achieved in the partially centralized proposal, and also enables dynamic delegation and distribution of revocation data. While the user is connected, revocation data distribution can be done with a certificate revocation list. However, in scenarios where the connection can be lost temporally, this might not be possible. To address this issue, we have proposed a system in which users can perform the functions of revocation servers without being trusted entities. This will allow increasing the availability of validation service, and reduce resource consumption. Each proposal has been analyzed and compared with existing solutions to verify the improvements achieved. / El avance tecnológico tanto de los dispositivos de usuario como de las redes permite que se puedan establecer comunicaciones en cualquier momento y en cualquier lugar. Si bien estos entornos ofrecen un gran abanico de posibilidades a los usuarios, también es cierto que generan nuevas amenazas. Por este motivo, son necesarias medidas que permitan saber con quién se está estableciendo la comunicación y qué acciones se pueden autorizar. Las soluciones propuestas en la literatura no se adaptan completamente a las nuevas características de movilidad, desconexión y limitaciones tanto de los dispositivos como de las redes. De hecho, muchas de las propuestas existentes se han centrado en ofrecer soluciones concretas a escenarios particulares, sin tener en cuenta que el usuario puede entrar a formar parte de entornos heterogéneos. Por lo tanto, se hace necesario diseñar mecanismos de seguridad que conviviendo con los estándares vigentes, se adapten a los nuevos escenarios. En este sentido, los certificados digitales son una solución estandarizada y ampliamente extendida. Los certificados digitales permiten llevar a cabo tanto la autenticación como la autorización de un usuario de forma distribuida. Sin embargo, las características de los entornos ubicuos complican el proceso de validación de certificados. Esta complejidad podría llevar a que no se puediera acceder a los servicios. El objetivo de esta tesis es contribuir a aumentar la seguridad en entornos ubicuos. Más concretamente, se proporcionan soluciones para reducir la carga en la validación de credenciales y aumentar la disponibilidad de los servicios de autenticación y autorización. En primer lugar se propone un sistema de verificación de credenciales que se adapta para funcionar tanto en entornos con conexión a servidores on-line, como en sistemas off-line. Por otra parte, el proceso de delegación en sistemas de autorización, aporta una gran flexibilidad a estos entornos, pero a su vez añade complejidad al sistema. Para reducir esta carga sobre el verificador se propone un sistema de revocación en cascada con delegación centralizada. Sin embargo, esta centralización del servicio limita la escalabilidad y flexibilidad de la solución. Para dar solución a ese inconveniente, se ha propuesto un sistema de revocación en cadenas de delegación basado en códigos prefijo. Esta solución permite mantener la reducción de la carga en la validación lograda en la propuesta centralizada, y además, hace posible la delegación dinámica y la distribución de la información de revocación. Esta distribución puede realizarse a través de listas de revocación de credenciales. En redes con desconexión temporal esta información podría no estar accesible. Para solventarlo, se ha propuesto un sistema en el que los usuarios pueden realizar las funciones de servidores de revocación sin ser entidades de confianza. De esta forma se permite aumentar la disponibilidad del servicio de validación, y reducir el consumo de los recursos. Cada una de las propuestas realizadas se ha analizado para verificar las mejoras proporcionadas frente a las soluciones existentes. Para ello, se han evaluado de forma analítica, por simulación y/o implementación en función de cada caso. Los resultados del análisis verifican el funcionamiento esperado y muestran las mejoras de las propuestas frente a las soluciones existentes. PKI PMI Certificate validation Wireless security Access control Delegation Mobile segurity 004 621.3
2	Towards Efficient Certificate Revocation Status Validation in Vehicular Ad Hoc Networks with Data Mining Zhang, Qingwei 26 November 2012 (has links) Vehicular Ad hoc Networks (VANETs) are emerging as a promising approach to improving traffic safety and providing a wide range of wireless applications for drivers and passengers. To perform reliable and trusted vehicular communications, one prerequisite is to ensure a peer vehicle’s credibility by means of digital certificates validation from messages that are sent out by other vehicles. However, in vehicular communication systems, certificates validation is more time consuming than in traditional networks, due to the fact that each vehicle receives a large number of messages in a short period of time. Another issue that needs to be addressed is the unsuccessful delivery of information between vehicles and other entities on the road as a result of their high mobility rate. For these reasons, we need new solutions to accelerate the process of certificates validation. In this thesis, we propose a certificate revocation status validation scheme using the concept of clustering; based on data mining practices, which can meet the aforementioned requirements. We employ the technique of k -means clustering to boost the efficiency of certificates validation, thereby enhancing the security of a vehicular ad hoc network. Additionally, a comprehensive analysis of the security of the proposed scheme is presented. The analytical results demonstrate that this scheme can effectively improve the validation of certificates and thus secure the vehicular communication in vehicular networks. VANETs digital certificates Certificate Revocation List k-Means authentication certificate validation
3	Towards Efficient Certificate Revocation Status Validation in Vehicular Ad Hoc Networks with Data Mining Zhang, Qingwei January 2012 (has links) Vehicular Ad hoc Networks (VANETs) are emerging as a promising approach to improving traffic safety and providing a wide range of wireless applications for drivers and passengers. To perform reliable and trusted vehicular communications, one prerequisite is to ensure a peer vehicle’s credibility by means of digital certificates validation from messages that are sent out by other vehicles. However, in vehicular communication systems, certificates validation is more time consuming than in traditional networks, due to the fact that each vehicle receives a large number of messages in a short period of time. Another issue that needs to be addressed is the unsuccessful delivery of information between vehicles and other entities on the road as a result of their high mobility rate. For these reasons, we need new solutions to accelerate the process of certificates validation. In this thesis, we propose a certificate revocation status validation scheme using the concept of clustering; based on data mining practices, which can meet the aforementioned requirements. We employ the technique of k -means clustering to boost the efficiency of certificates validation, thereby enhancing the security of a vehicular ad hoc network. Additionally, a comprehensive analysis of the security of the proposed scheme is presented. The analytical results demonstrate that this scheme can effectively improve the validation of certificates and thus secure the vehicular communication in vehicular networks. VANETs digital certificates Certificate Revocation List k-Means authentication certificate validation
4	Analysis of Longitudinal Changes of Certificate Chains / Analysis of Longitudinal Changes of Certificate Chains Ringström, Marcus, Olivestam, Anton January 2022 (has links) Certificate validation is today a vital part of keeping communication secure over the internet. It allows secure daily communication for roughly 5 billion people using the internet. This is done by the help of Certificate Authorities, who use the technique of certificate validation chains for a more relentless validation and to widen the possibilities of secure communication. These chains have been in a changing process since the beginning, which has not been in a single direction. In this thesis, the changes in properties of the certificate chains are studied during the time period 2013 until 2021. The datasets of certificate chains are generated from the crt.sh database. The focus is put on finding changes in the length of the certificate chains and where in the chains these changes appear. Being able to understand and explain these changes is of great value in order to know about the further development of these chains and to predict the future direction that these chains might take. Based on the findings from the analysis of the chains included in the dataset, it was possible to conclude that the average length of the chains has increased over the time period. Though there have been special occasions in the industry-leading to decline in later years of the time period.The findings in this thesis indicates that what is important for the industry has changed. From having a focus on increasing the length to shift focus to shorten the length to provide better performance in terms of speed. Chain of trust certificate validation certificate chain certificate validation method Computer and Information Sciences Data- och informationsvetenskap
5	All Trust Is Local: Empowering Users’ Authentication Decisions on the Internet Kim, Tiffany Hyun-Jin 01 October 2012 (has links) No description available. Accountability Authentication Certificate Validation Infrastructures Deterrence Geographic Certificates Online Social Networks Proximity Public-Key Infrastructures Security Social Collateral Software Trust Establishment Usability Visualization Electrical and Computer Engineering
6	Web site security maturity of the European Union and its member states : A survey study on the compliance with best practices of DNSSEC, HSTS, HTTPS, TLS-version, and certificate validation types Rapp, Axel January 2021 (has links) With e-governance steadily growing, citizen-to-state communication via Web sites is as well, placing enormous trust in the protocols designed to handle this communication in a secure manner. Since breaching any of the protocols enabling Web site communication could yield benefits to a malicious attacker and bring harm to end-users, the battle between hackers and information security professionals is ongoing and never-ending. This phenomenon is the main reason why it is of importance to adhere to the latest best practices established by specialized independent organizations. Best practice compliance is important for any organization, but maybe most of all for our governing authorities, which we should hold to the highest standard possible due to the nature of their societal responsibility to protect the public. This report aims to, by conducting a quantitative survey, study the Web sites of the governments and government agencies of the member states of the European Union, as well as Web sites controlled by the European Union to assess to what degree their domains comply with the current best practices of DNSSEC, HSTS, HTTPS, SSL/TLS, and certificate validation types. The findings presented in this paper show that there are significant differences in compliance level between the different parameters measured, where HTTPS best practice deployment was the highest (96%) and HSTS best practice deployment was the lowest (3%). Further, when comparing the average best practice compliance by country, Denmark and the Netherlands performed the best, while Cyprus had the lowest average. Web site security information security e-governance best practice DNSSEC HSTS HTTPS SSL TLS certificate validation Information Systems, Social aspects
7	Longitudinal analysis of the certificate chains of big tech company domains / Longitudinell analys av certifikatkedjor till domäner tillhörande stora teknikföretag Klasson, Sebastian, Lindström, Nina January 2021 (has links) The internet is one of the most widely used mediums for communication in modern society and it has become an everyday necessity for many. It is therefore of utmost importance that it remains as secure as possible. SSL and TLS are the backbones of internet security and an integral part of these technologies are the certificates used. Certificate authorities (CAs) can issue certificates that validate that domains are who they claim to be. If a user trusts a CA they can in turn also trust domains that have been validated by them. CAs can in turn trust other CAs and this, in turn, creates a chain of trust called a certificate chain. In this thesis, the structure of these certificate chains is analysed and a longitudinal dataset is created. The analysis looks at how the certificate chains have changed over time and puts extra focus on the domains of big tech companies. The dataset created can also be used for further analysis in the future and will be a useful tool in the examination of historical certificate chains. Our findings show that the certificate chains of the domains studied do change over time; both their structure and the lengths of them vary noticeably. Most of the observed domains show a decrease in average chain length between the years of 2013 and 2020 and the structure of the chains vary significantly over the years. certificate authorities CA certificate chains certificates certificate validation HTTPS network security internet security PKI Project Sonar SSL TLS X.509 Computer Sciences Datavetenskap (datalogi)

1

Page generated in 0.153 seconds