NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • Tagged with
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 1 to 1 of 1 (0.021 seconds)

Spelling suggestions: "subject:"onecan"" "subject:"onecolor""

1

Characterization of clients-side revocation checks and their security-performance tradeoffs / Karaktärisering av upphävningskontroll av certifikat från klientens sida och deras för- och nackdelar mellan säkerhet och prestanda

Gärdin, Christoffer, Shnouda, George January 2021 (has links)
There are several different methods for checking whether certificates on the web have been revoked, timely discovery of revoked certificates are important to ensure security when authentication within the HTTPS protocol is used. These methods have both advantages and disadvantages as they can contribute to security but at the same time worsen performance on the web browsers. This thesis examines these methods in more detail to identify the pros and cons and whether it is possible to find a good tradeoff between security and performance. This is important as a user is exposed to major security flaws if the integrity of a domain cannot be verified. Our analysis includes to which extent OCSP and CRL are used, how much OCSP affects the browser Firefox's performance, and how many web servers implement methods to verify revoked certificates, such as OCSP staple and must-staple. We also compare web browsers own lists of revoked certificates and look for patterns and differences between them. The analysis shows that OCSP and CRL have largely been replaced by other methods of verifying revoked certificates such as OneCRL and CRLSet. It turned out that OneCRL and CRLSet only cover a small fraction of the total number of certificates available. Often, it takes several weeks for certificates to appear in these lists after being revoked. We also found that OCSP's impact on the web pages performance is minimal. We concluded that the existing methods for verifying revocation statuses are inadequately used by CAs, web browsers and web servers, which poses a major security risks for users. Many certificates are not checked at all. However, we believe that it is possible to increase the security without reducing performance if CAs, web browsers and web servers can collaborate in the development of improving and combining current methods for checking revoked certificates.
security
performance
onecrl
crlset
OCSP
crl
OCSP-staple
transparency
Computer Sciences
Datavetenskap (datalogi)

Page generated in 0.0234 seconds