THE MAIN STAGES OF DEVELOPMENT OF THE CRYPTOGRAPHIC PROTOCOLS SSL/TLS AND IPsec

2021 ◽  
pp. 31-67
Author(s):  
I. V. Martynenkov ◽  
Keyword(s):  
Information Exchange ◽  
Data Exchange ◽  
Cryptographic Protocols ◽  
Transport Layer ◽  
Secure Socket Layer ◽  
Stages Of Development ◽  
Diffie Hellman ◽  
Secret Keys ◽  
Application Data ◽  
Osi Model

The paper discusses the main stages of development of cryptographic protocols from SSL 2.0 (Secure Socket Layer) to TLS 1.3 (Transport Layer Security), which ensure the protection of transport layer data in the OSI model. A brief description of the modification of the RuTLS protocol based on TLS 1.3 and their main differences is given. The development of IPsec, which provides cryptographic protection of communications at the network level of the OSI model, is considered using examples of the development of the three most commonly used protocols. These include IKE (Internet Key Exchange), AH (Authentication Header), and ESP (Encapsulation Security Payload). For the SSL/TLS and IPsec specifications, the basic handshake protocols and the main stages of their development are considered. The described handshakes include primary cryptographic information exchange cycles in the form of identifiers of interaction participants, one-time numbers, lists of supported cryptographic combinations. Authentication of participants based on certificates, shared symmetric keys, data exchange for establishing a shared Diffie — Hellman secret, development of key material for secret keys of communication sessions, message authentication, and other cryptographic parameters are presented. For different versions of SSL/TLS and IPsec, the logical structures of application data cryptographic protection functions are described.

Using a WWW-based Mail User Agent for Secure Electronic Mail Service for Health Care Users

1998 ◽  
Vol 37 (03) ◽  
pp. 247-253 ◽  
Author(s):  
K. Ohe ◽  
S. Kaihara ◽  
T. Kiuchi
Keyword(s):  
Information Exchange ◽  
Electronic Mail ◽  
Medical Professionals ◽  
Secure Socket Layer ◽  
User Agent ◽  
Mail Server ◽  
Hypertext Transfer Protocol ◽  
Secure Network ◽  
Mail Service ◽  
Mail System

AbstractWWW-based user interface is presented for secure electronic mail service for healthcare users. Using this method, communications between an electronic mail (WWW) server and users (WWW browsers) can be performed securely using Secure Socket Layer protocol-based Hypertext Transfer Protocol (SSL-HTIP). The mail can be encrypted, signed, and sent to the recipients and vice versa on the remote WWW server. The merit of this method is that many healthcare users can use a secure electronic mail system easily and immediately, because SSL-compatible WWW browsers are widely used and this system can be made available simply by installing a WWW-based mail user agent on a mail server. We implemented a WWWbased mail user agent which is compatible with PEM-based secure mail and made it available to about 16,000 healthcare users. We believe this approach is effective in facilitating secure network-based information exchange among medical professionals.

Implementasi Keamanan pada Transaksi Data Menggunakan Sertifikat Digital X.509

2017 ◽  
Vol 8 (1) ◽  
pp. 1-10
Author(s):  
Is Mardianto ◽  
Kuswandi Kuswandi
Keyword(s):  
Mobile Phone ◽  
Web Service ◽  
Data Exchange ◽  
User Authentication ◽  
Digital Certificate ◽  
Security Issues ◽  
Diffie Hellman ◽  
Digital Certificates ◽  
Mobile Phone Applications ◽  
Secure Hash Algorithm

Security issues have become a major issue on the Internet. One of the security methods that are widely used today is to implement a digital certificate. Digital certificates have evolved over time, one of which is the X.509 digital certificate. Digital certificates have been widely used as authentication applications, web network authentication and other authentication systems that require digital certificates. This research is carried out by implementing an X.509 digital certificate technology as a mobile web service with its client. Secure Hash Algorithm (SHA), Diffie-Hellman, and Advanced Encryption Standard (AES) are used to secure the data exchange transaction between the web service and mobile phone. SHA algorithm will be used for user authentication, Diffie-Hellman algorithm will be used for public key exchange and AES algorithms will be used for symmetric cryptography data. The results of the application of digital certificates, the SHA algorithm, Diffie-Hellman, and AES in mobile phone applications, provide security application running on web service. Index Terms—Digital Certificate, X.509, SHA, Diffie Hellman, AES

A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations

2020 ◽  
pp. 1-26
Author(s):  
Qinwen Hu ◽  
Muhammad Rizwan Asghar ◽  
Nevil Brownlee
Keyword(s):  
Secure Communication ◽  
Large Scale ◽  
Transport Layer ◽  
Security Level ◽  
Secure Socket Layer ◽  
Security Issues ◽  
Large Scale Analysis ◽  
Government Websites ◽  
Encrypted Communication ◽  
Specific Implementation

HTTPS refers to an application-specific implementation that runs HyperText Transfer Protocol (HTTP) on top of Secure Socket Layer (SSL) or Transport Layer Security (TLS). HTTPS is used to provide encrypted communication and secure identification of web servers and clients, for different purposes such as online banking and e-commerce. However, many HTTPS vulnerabilities have been disclosed in recent years. Although many studies have pointed out that these vulnerabilities can lead to serious consequences, domain administrators seem to ignore them. In this study, we evaluate the HTTPS security level of Alexa’s top 1 million domains from two perspectives. First, we explore which popular sites are still affected by those well-known security issues. Our results show that less than 0.1% of HTTPS-enabled servers in the measured domains are still vulnerable to known attacks including Rivest Cipher 4 (RC4), Compression Ratio Info-Leak Mass Exploitation (CRIME), Padding Oracle On Downgraded Legacy Encryption (POODLE), Factoring RSA Export Keys (FREAK), Logjam, and Decrypting Rivest–Shamir–Adleman (RSA) using Obsolete and Weakened eNcryption (DROWN). Second, we assess the security level of the digital certificates used by each measured HTTPS domain. Our results highlight that less than 0.52% domains use the expired certificate, 0.42% HTTPS certificates contain different hostnames, and 2.59% HTTPS domains use a self-signed certificate. The domains we investigate in our study cover 5 regions (including ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC) and 61 different categories such as online shopping websites, banking websites, educational websites, and government websites. Although our results show that the problem still exists, we find that changes have been taking place when HTTPS vulnerabilities were discovered. Through this three-year study, we found that more attention has been paid to the use and configuration of HTTPS. For example, more and more domains begin to enable the HTTPS protocol to ensure a secure communication channel between users and websites. From the first measurement, we observed that many domains are still using TLS 1.0 and 1.1, SSL 2.0, and SSL 3.0 protocols to support user clients that use outdated systems. As the previous studies revealed security risks of using these protocols, in the subsequent studies, we found that the majority of domains updated their TLS protocol on time. Our 2020 results suggest that most HTTPS domains use the TLS 1.2 protocol and show that some HTTPS domains are still vulnerable to the existing known attacks. As academics and industry professionals continue to disclose attacks against HTTPS and recommend the secure configuration of HTTPS, we found that the number of vulnerable domain is gradually decreasing every year.

scholarly journals Maturity assessment of Kenya’s health information system interoperability readiness

2021 ◽  
Vol 28 (1) ◽  
pp. e100241
Author(s):  
Job Nyangena ◽  
Rohini Rajgopal ◽  
Elizabeth Adhiambo Ombech ◽  
Enock Oloo ◽  
Humphrey Luchetu ◽  
...  
Keyword(s):  
Health Information ◽  
Information Exchange ◽  
Working Group ◽  
Data Exchange ◽  
Enterprise Architecture ◽  
Health Information Exchange ◽  
Digital Health ◽  
Health Information System ◽  
Maturity Level ◽  
Technical Standards

BackgroundThe use of digital technology in healthcare promises to improve quality of care and reduce costs over time. This promise will be difficult to attain without interoperability: facilitating seamless health information exchange between the deployed digital health information systems (HIS).ObjectiveTo determine the maturity readiness of the interoperability capacity of Kenya’s HIS.MethodsWe used the HIS Interoperability Maturity Toolkit, developed by MEASURE Evaluation and the Health Data Collaborative’s Digital Health and Interoperability Working Group. The assessment was undertaken by eHealth stakeholder representatives primarily from the Ministry of Health’s Digital Health Technical Working Group. The toolkit focused on three major domains: leadership and governance, human resources and technology.ResultsMost domains are at the lowest two levels of maturity: nascent or emerging. At the nascent level, HIS activities happen by chance or represent isolated, ad hoc efforts. An emerging maturity level characterises a system with defined HIS processes and structures. However, such processes are not systematically documented and lack ongoing monitoring mechanisms.ConclusionNone of the domains had a maturity level greater than level 2 (emerging). The subdomains of governance structures for HIS, defined national enterprise architecture for HIS, defined technical standards for data exchange, nationwide communication network infrastructure, and capacity for operations and maintenance of hardware attained higher maturity levels. These findings are similar to those from interoperability maturity assessments done in Ghana and Uganda.

scholarly journals Secure Audio-Visual Data Exchange for Android In-Vehicle Ecosystems

2021 ◽  
Vol 11 (19) ◽  
pp. 9276
Author(s):  
Alfred Anistoroaei ◽  
Adriana Berdich ◽  
Patricia Iosif ◽  
Bogdan Groza
Keyword(s):  
Data Exchange ◽  
Key Exchange ◽  
Visual Data ◽  
Security Applications ◽  
Diffie Hellman ◽  
Audio Data ◽  
Diffie Hellman Key Exchange ◽  
Visual Domain ◽  
Audio Video ◽  
Acoustic Domain

Mobile device pairing inside vehicles is a ubiquitous task which requires easy to use and secure solutions. In this work we exploit the audio-video domain for pairing devices inside vehicles. In principle, we rely on the widely used elliptical curve version of the Diffie-Hellman key-exchange protocol and extract the session keys from the acoustic domain as well as from the visual domain by using the head unit display. The need for merging the audio-visual domains first stems from the fact that in-vehicle head units generally do not have a camera so they cannot use visual data from smartphones, however, they are equipped with microphones and can use them to collect audio data. Acoustic channels are less reliable as they are more prone to errors due to environmental noise. However, this noise can be also exploited in a positive way to extract secure seeds from the environment and audio channels are harder to intercept from the outside. On the other hand, visual channels are more reliable but can be more easily spotted by outsiders, so they are more vulnerable for security applications. Fortunately, mixing these two types of channels results in a solution that is both more reliable and secure for performing a key exchange.

scholarly journals Nova Genesis - An Advanced Architecture for Internet of Things

2020 ◽  
Vol 9 (1) ◽  
pp. 1661-1666
Keyword(s):  
Information Exchange ◽  
Data Exchange ◽  
Service Oriented Architecture ◽  
Future Internet ◽  
Limiting Factor ◽  
Efficient Storage ◽  
Efficient Data ◽  
Service Oriented ◽  
New Applications ◽  
Control Management

The Internet has become the most important medium for information exchange and the core communication environment for business relations as well as for social interactions. The current internet architecture itself might become the limiting factor of Internet growth and deployment of new applications including 5G and future internet. Architectural limitations of internet include weak security, lack of efficient storage and caching, data distribution and traceability issues, lack of interoperability and so on. The proposed system overcomes these limitations by an alternate architecture for internet called NovaGenesis. This architecture integrates the concepts of Information Centric Networking (ICN), Service Oriented Architecture (SOA), network caching and name based routing. ICN evolve internet from a host-centric model to a content-centric model through efficient data exchange, storage and processing. SOA enables software-control/management of network devices based on service requirements. Network caching improves performance in terms of throughput, network traffic and retrieval delay. Name based routing is for discovering and delivering of data. The framework proposed increases the scalability and reliability of the delivery of IoT data for services.

Sustainability of Public Key Cryptosystem in Quantum Computing Paradigm

2018 ◽  
pp. 563-588
Author(s):  
Krishna Asawa ◽  
Akanksha Bhardwaj
Keyword(s):  
Quantum Computing ◽  
Secure Communication ◽  
Prime Numbers ◽  
Cryptographic Protocols ◽  
Public Key ◽  
Quantum Computers ◽  
New Paradigm ◽  
Public Key Cryptosystems ◽  
Computing Paradigm ◽  
Diffie Hellman

With the emergence of technological revolution to host services over Internet, secure communication over World Wide Web becomes critical. Cryptographic protocols are being in practice to secure the data transmission over network. Researchers use complex mathematical problem, number theory, prime numbers etc. to develop such cryptographic protocols. RSA and Diffie Hellman public key crypto systems have proven to be secure due to the difficulty of factoring the product of two large primes or computing discrete logarithms respectively. With the advent of quantum computers a new paradigm shift on public key cryptography may be on horizon. Since superposition of the qubits and entanglement behavior exhibited by quantum computers could hold the potential to render most modern encryption useless. The aim of this chapter is to analyze the implications of quantum computing power on current public key cryptosystems and to show how these cryptosystems can be restructured to sustain in the new computing paradigm.

Model-based Validation of Business Processes

2012 ◽  
pp. 165-183 ◽  
Author(s):  
Alireza Pourshahid ◽  
Liam Peyton ◽  
Sepideh Ghanavati ◽  
Daniel Amyot ◽  
Pengfei Chen ◽  
...  
Keyword(s):  
Data Warehouse ◽  
Business Process ◽  
Information Exchange ◽  
Customer Value ◽  
Data Exchange ◽  
Business Processes ◽  
Business Strategies ◽  
Legal Compliance ◽  
Critical Elements ◽  
Model Based

Validation should be done in the context of understanding how a business process is intended to contribute to the business strategies of an organization. Validation can take place along a variety of dimensions including legal compliance, financial cost, customer value, and service quality. A business process modeling tool cannot anticipate all the ways in which a business process might need to be validated. However, it can provide a framework for extending model elements to represent context for a business process. It can also support information exchange to facilitate validation with other tools and systems. This chapter demonstrates a model-based approach to validation using a hospital approval process for accessing patient data in a data warehouse. An extensible meta-model, a flexible data exchange layer, and linkage between business processes and enterprise context are shown to be the critical elements in model-based business process validation.

Sign in / Sign up

Export Citation Format

Share Document