The Arithmetic Of elliptic Curve for Prime Curve Secp-384r1 Using One Variable Polynomial Division for Security of Transport Layer Protocol

In this paper, we present a new method for solving multivariate polynomial elliptic curve equations over a finite field. The arithmetic of elliptic curve is implemented using the mathematical function trace of finite fields. We explain the approach which is based on one variable polynomial division. This is achieved by identifying the plane p with the extension of and transforming elliptic curve equations as well as line equations arising in point addition or point doubling into one variable polynomial. Hence the intersection of the line with the curve is analogous to the roots of the division between these polynomials. Hence this is the different way of computing arithmetic of elliptic curve.Transport layer security provides endto-end security services for applications that use a reliable transport layer protocol such as TCP. Two Protocols are dominant today for providing security at the transport layer, the secure socket layer (SSL) protocol and transport layer security (TLS) protocol. One of the goals of these protocols is to provide server and client authentication, data confidentiality and data integrity. The above goals are achieved by establishing the keys between server and client, the algorithm is called elliptic curve digital signature algorithm (ECDSA) and elliptic curve DiffieHellman (ECDH). These algorithms are implemented using standard for efficient cryptography(SEC) prime field elliptic curve secp-384r1 currently specified in NSA Suite B Cryptography. The algorithm is verified on elliptic curve secp384r1and is shown to be adaptable to perform computation

Download Full-text

Man in The Middle Attacks Against SSL/TLS: Mitigation and Defeat

Journal of Cyber Security and Mobility ◽

10.13052/jcsm2245-1439.933 ◽

2020 ◽

Author(s):

Muneer Alwazzeh ◽

Sameer Karaman ◽

Mohammad Nur Shamma

Keyword(s):

Elliptic Curve ◽

Key Agreement ◽

Transport Layer ◽

Secret Key ◽

Transport Layer Security ◽

Digital Signature Algorithm ◽

Public Keys ◽

Man In The Middle ◽

Symmetric Key ◽

Security Network

Network security and related issues have been discussed thoroughly in this paper, especially at transport layer security network protocol, which concern with confidentiality, integrity, availability, authentication, and accountability. To mitigate and defeat Man-in-the-middle-attacks, we have proposed a new model which consists of sender and receiver systems and utilizes a combination of blowfish (BF) and Advanced Encryption Standard (AES) algorithms, symmetric key agreement to distribute public keys, Elliptic Curve Cryptography (ECC) to create secret key, and then Diffe Hellman (DH) for key exchange. Both SHA-256 hashing and Elliptic Curve Digital Signature Algorithm (ECDSA) have been applied for integrity, and authentication, respectively.

Download Full-text

- Secure Socket Layer/Transport Layer Security (SSL/TLS) Protocols for Transport Layer Security

Introduction to Computer Networks and Cybersecurity ◽

10.1201/9781466572140-32 ◽

2016 ◽

pp. 1056-1099

Keyword(s):

Transport Layer ◽

Secure Socket Layer ◽

Transport Layer Security

Download Full-text

Transport Layer Security (TLS)/Secure Socket Layer (SSL)

Cyber-Sicherheit ◽

10.1007/978-3-658-25398-1_11 ◽

2019 ◽

pp. 407-438

Author(s):

Norbert Pohlmann

Keyword(s):

Transport Layer ◽

Secure Socket Layer ◽

Transport Layer Security

Download Full-text

TLS, SSL, and SET

Cryptography and Security Services ◽

10.4018/978-1-59904-837-6.ch012 ◽

2008 ◽

pp. 300-333

Author(s):

Manuel Mogollon

Keyword(s):

Credit Card ◽

Web Server ◽

Point Of View ◽

Transport Layer ◽

The Internet ◽

Secure Socket Layer ◽

End User ◽

Credit Card Number ◽

Transport Layer Security ◽

Commercial Transaction

In an Internet commercial transaction, the secure Web server and the buyer’s computer authenticate each other and encipher the data transmitted using transport layer security (TLS) or secure socket layer (SSL) protocols. When a purchase is made online using a credit card, does the customer’s bank need to know what was purchased? Not really. Does the seller need to know the customer’s credit card number? Actually, the answer is no. The responses to these questions were the main premises of the secure electronic transaction (SET). In the late 1990’s, SET was approved as the credit card standard, but it failed to be accepted because of its cost and the problems regarding distribution of end-user certificates. However, SET is explained in this chapter as an ideal protocol, from the point of view of certificates, digital signatures, and cryptography for securing credit card transactions over the Internet.

Download Full-text

Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier

10.17487/rfc8422 ◽

2018 ◽

Cited By ~ 8

Author(s):

Y. Nir ◽

S. Josefsson ◽

M. Pegourie-Gonnard

Keyword(s):

Elliptic Curve ◽

Elliptic Curve Cryptography ◽

Transport Layer ◽

Transport Layer Security

Download Full-text

Ancaman Keamanan pada Transport Layer Security

Jurnal ULTIMA Computing ◽

10.31937/sk.v7i2.234 ◽

2016 ◽

Vol 7 (2) ◽

pp. 70-75

Author(s):

Muhamad Fadhli ◽

Fityan Ali Munshi ◽

Taufik Adi Wicaksono

Keyword(s):

Web Security ◽

Transport Layer ◽

Secure Socket Layer ◽

Transfer Layer ◽

The Public ◽

Transport Layer Security ◽

Public Networks ◽

Index Terms ◽

In Transit

Secure Socket Layer (SSL) also known as Transfer Layer Security (TLS) is de facto standard for web security. It provides confidentiality and integrity of information in transit across the public networks using their powerful cipher suites but it still contains some loopholes or flaws in its foundation. In this paper we discuss TLS standard along with various attacks found in recent years, such as BEAST, CRIME, BREACH, Lucky 13, and their proposed mitigation. Index Terms— Attack, Compression, Mitigation, Security, TLS.

Download Full-text

Towards a Secure Development Environment for Collaborative Applications

International Journal of e-Collaboration ◽

10.4018/ijec.2019010101 ◽

2019 ◽

Vol 15 (1) ◽

pp. 1-20

Author(s):

Shyam P. Joy ◽

Priya Chandran

Keyword(s):

Secure Communication ◽

Transport Layer ◽

Security Requirements ◽

Secure Socket Layer ◽

Forward Secrecy ◽

Development Environment ◽

Group Key ◽

Security Services ◽

Collaborative Applications ◽

Secure Network

Collaborative applications use the security services offered by secure socket layer / transport layer security (SSL/TLS) to implement authentication and confidentiality. Since SSL/TLS establishes a secure communication between two participants, for a secure network of n (> 2) participants, at least n(n-1)/2 secure communication channels have to be established. Whereas, a group key agreement (GKA) protocol allows the participants to compute a common secret group key as a function of the secrets of participants, and thereby remove the n(n-1)/2 lower bound on the channel requirement. Partial forward secrecy is a property of the GKA protocol which assesses the secrecy of the group key, when the secrets are compromised. Collaborative applications have different security requirements. Hence, the Spread Toolkit offers a set of GKA protocols, so that the designers can choose the most appropriate one. In this article, given a set of GKA protocols, a method is proposed to select the best among them, with respect to partial forward secrecy.

Download Full-text

Introduction to OpenFlow

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Innovations in Software-Defined Networking and Network Functions Virtualization ◽

10.4018/978-1-5225-3640-6.ch003 ◽

2018 ◽

pp. 52-71 ◽

Cited By ~ 1

Author(s):

Mohit Kumar Jaiswal

Keyword(s):

Control Mechanism ◽

Internal Flow ◽

Transport Layer ◽

Secure Socket Layer ◽

Transport Layer Security ◽

Flow Table ◽

Network Switch ◽

Sdn Controller ◽

Ethernet Switch

The SDN controller is interfaced with the hardware of the network (i.e., with switches and routers) using OpenFlow. Basically, OpenFlow is an open interface used for configuring the forwarding tables of network switch according to the desired path derived by the SDN controller. OpenFlow enables more innovation in controller platforms and applications, and describes a solution for each frame or packet flow. OpenFlow is based on an ethernet switch with an internal flow-table and a standardized interface to add and remove flow entries of forwarding table of the system. The control mechanism from each one of the switch and router up to SDN controller are encrypted with the transport layer security (TLS) and secure socket layer (SSL) OpenFlow protocols to provide the additional security inside the network.

Download Full-text

Leak in OpenSSL

Journal of Applied Information, Communication and Technology ◽

10.33555/ejaict.v7i1.70 ◽

2021 ◽

Vol 7 (1) ◽

pp. 1-6

Author(s):

Jason Yapri ◽

Rinkel Hananto

Keyword(s):

Unethical Behavior ◽

Credit Card ◽

Transport Layer ◽

The Internet ◽

Secure Socket Layer ◽

Collaborative Project ◽

Low Level ◽

Transport Layer Security ◽

Confidential Data ◽

The World

The term “hacker” has been spread around the world and has always been considered as a threat when we use the internet. We often hear hackers deface websites’ contents and break into system to steal private and confidential information, such as account’s username and password, credit card numbers and others. This is definitely an unethical behavior of irresponsible people who mostly aims to gain profit. However the term hacker, on the contrary actually originates from an expert computer technicians who tries to access the system to debug and fix security problems of the system. Nowadays there are dozens of websites out there and some of those websites have low level of security. Hacker can easily break through their system and steal their private confidential data but just because these websites have low level security, that doesn’t mean that it is ethical to break into someone’s system and read their data. It goes the same when someone entering other people’s house because the door was left open by the owner. As web development grows rapidly, security has become an essential part to make the website more secure and reliable. This is when a group of people decided to make a collaborative project on the implementation of SSL (Secure Socket Layer) and TLS (Transport Layer Security) that is available to be used by everyone. This project is called as OpenSSl and has been used by most of the websites in the internet today. What if this OpenSSL, which has been trusted and implemented by 2/3rd of the websites all around the world can be breached? Definitely it will attract dozens of hackers all around the world to do something unimaginably dangerous.

Download Full-text

Survey on the Web Services Security Specifications

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.655-657.1809 ◽

2013 ◽

Vol 655-657 ◽

pp. 1809-1814

Author(s):

Xiao Fen Zhang ◽

Yi Hou ◽

Jia Lin Ma

Keyword(s):

Web Services ◽

Transport Layer ◽

Secure Socket Layer ◽

Transport Layer Security ◽

Xml Encryption ◽

Xml Signature ◽

Web Services Security ◽

The Web

Web Services security specifications include SSL/TLS (Secure Socket Layer/Transport Layer Security), XML Encryption, XML Signature, WS-Security specification family, PKI-related specifications etc. SSL/TLS are implemented in non-XML frameworks at the transport level, and others are implemented in XML frameworks at the application level. These specifications can satisfy the different requirements of Web Services security (confidentiality, integrity, authenticity, authorization, authentication and nonrepudiation). XML-based specifications are propitious to the integration and interoperability of Web Services security. SSL/TLS is sufficient for the basic generic security of internal Web Services projects. WS-Security is probably overkill, especially with the heavy XML processing that is involved in WS-Security.

Download Full-text