Towards a Secure Development Environment for Collaborative Applications

2019 ◽  
Vol 15 (1) ◽  
pp. 1-20
Author(s):  
Shyam P. Joy ◽  
Priya Chandran
Keyword(s):  
Secure Communication ◽  
Transport Layer ◽  
Security Requirements ◽  
Secure Socket Layer ◽  
Forward Secrecy ◽  
Development Environment ◽  
Group Key ◽  
Security Services ◽  
Collaborative Applications ◽  
Secure Network

Collaborative applications use the security services offered by secure socket layer / transport layer security (SSL/TLS) to implement authentication and confidentiality. Since SSL/TLS establishes a secure communication between two participants, for a secure network of n (> 2) participants, at least n(n-1)/2 secure communication channels have to be established. Whereas, a group key agreement (GKA) protocol allows the participants to compute a common secret group key as a function of the secrets of participants, and thereby remove the n(n-1)/2 lower bound on the channel requirement. Partial forward secrecy is a property of the GKA protocol which assesses the secrecy of the group key, when the secrets are compromised. Collaborative applications have different security requirements. Hence, the Spread Toolkit offers a set of GKA protocols, so that the designers can choose the most appropriate one. In this article, given a set of GKA protocols, a method is proposed to select the best among them, with respect to partial forward secrecy.

A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations

2020 ◽  
pp. 1-26
Author(s):  
Qinwen Hu ◽  
Muhammad Rizwan Asghar ◽  
Nevil Brownlee
Keyword(s):  
Secure Communication ◽  
Large Scale ◽  
Transport Layer ◽  
Security Level ◽  
Secure Socket Layer ◽  
Security Issues ◽  
Large Scale Analysis ◽  
Government Websites ◽  
Encrypted Communication ◽  
Specific Implementation

HTTPS refers to an application-specific implementation that runs HyperText Transfer Protocol (HTTP) on top of Secure Socket Layer (SSL) or Transport Layer Security (TLS). HTTPS is used to provide encrypted communication and secure identification of web servers and clients, for different purposes such as online banking and e-commerce. However, many HTTPS vulnerabilities have been disclosed in recent years. Although many studies have pointed out that these vulnerabilities can lead to serious consequences, domain administrators seem to ignore them. In this study, we evaluate the HTTPS security level of Alexa’s top 1 million domains from two perspectives. First, we explore which popular sites are still affected by those well-known security issues. Our results show that less than 0.1% of HTTPS-enabled servers in the measured domains are still vulnerable to known attacks including Rivest Cipher 4 (RC4), Compression Ratio Info-Leak Mass Exploitation (CRIME), Padding Oracle On Downgraded Legacy Encryption (POODLE), Factoring RSA Export Keys (FREAK), Logjam, and Decrypting Rivest–Shamir–Adleman (RSA) using Obsolete and Weakened eNcryption (DROWN). Second, we assess the security level of the digital certificates used by each measured HTTPS domain. Our results highlight that less than 0.52% domains use the expired certificate, 0.42% HTTPS certificates contain different hostnames, and 2.59% HTTPS domains use a self-signed certificate. The domains we investigate in our study cover 5 regions (including ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC) and 61 different categories such as online shopping websites, banking websites, educational websites, and government websites. Although our results show that the problem still exists, we find that changes have been taking place when HTTPS vulnerabilities were discovered. Through this three-year study, we found that more attention has been paid to the use and configuration of HTTPS. For example, more and more domains begin to enable the HTTPS protocol to ensure a secure communication channel between users and websites. From the first measurement, we observed that many domains are still using TLS 1.0 and 1.1, SSL 2.0, and SSL 3.0 protocols to support user clients that use outdated systems. As the previous studies revealed security risks of using these protocols, in the subsequent studies, we found that the majority of domains updated their TLS protocol on time. Our 2020 results suggest that most HTTPS domains use the TLS 1.2 protocol and show that some HTTPS domains are still vulnerable to the existing known attacks. As academics and industry professionals continue to disclose attacks against HTTPS and recommend the secure configuration of HTTPS, we found that the number of vulnerable domain is gradually decreasing every year.

scholarly journals Drone Secure Communication Protocol for Future Sensitive Applications in Military Zone

Sensors ◽  
2021 ◽  
Vol 21 (6) ◽  
pp. 2057
Author(s):  
Yongho Ko ◽  
Jiyoon Kim ◽  
Daniel Gerbi Duguma ◽  
Philip Virgil Astillo ◽  
Ilsun You ◽  
...  
Keyword(s):  
Performance Evaluation ◽  
Secure Communication ◽  
Communication Protocol ◽  
Denial Of Service ◽  
Mutual Authentication ◽  
Information Leakage ◽  
Security Protocol ◽  
Security Requirements ◽  
Forward Secrecy ◽  
Perfect Forward Secrecy

Unmanned Aerial Vehicle (UAV) plays a paramount role in various fields, such as military, aerospace, reconnaissance, agriculture, and many more. The development and implementation of these devices have become vital in terms of usability and reachability. Unfortunately, as they become widespread and their demand grows, they are becoming more and more vulnerable to several security attacks, including, but not limited to, jamming, information leakage, and spoofing. In order to cope with such attacks and security threats, a proper design of robust security protocols is indispensable. Although several pieces of research have been carried out with this regard, there are still research gaps, particularly concerning UAV-to-UAV secure communication, support for perfect forward secrecy, and provision of non-repudiation. Especially in a military scenario, it is essential to solve these gaps. In this paper, we studied the security prerequisites of the UAV communication protocol, specifically in the military setting. More importantly, a security protocol (with two sub-protocols), that serves in securing the communication between UAVs, and between a UAV and a Ground Control Station, is proposed. This protocol, apart from the common security requirements, achieves perfect forward secrecy and non-repudiation, which are essential to a secure military communication. The proposed protocol is formally and thoroughly verified by using the BAN-logic (Burrow-Abadi-Needham logic) and Scyther tool, followed by performance evaluation and implementation of the protocol on a real UAV. From the security and performance evaluation, it is indicated that the proposed protocol is superior compared to other related protocols while meeting confidentiality, integrity, mutual authentication, non-repudiation, perfect forward secrecy, perfect backward secrecy, response to DoS (Denial of Service) attacks, man-in-the-middle protection, and D2D (Drone-to-Drone) security.

scholarly journals The Arithmetic Of elliptic Curve for Prime Curve Secp-384r1 Using One Variable Polynomial Division for Security of Transport Layer Protocol

2019 ◽  
Vol 8 (2) ◽  
pp. 4770-4774
Keyword(s):  
Elliptic Curve ◽  
Transport Layer ◽  
Mathematical Function ◽  
Secure Socket Layer ◽  
Prime Field ◽  
Security Services ◽  
Transport Layer Security ◽  
Digital Signature Algorithm ◽  
Ssl Protocol ◽  
Transport Layer Protocol

In this paper, we present a new method for solving multivariate polynomial elliptic curve equations over a finite field. The arithmetic of elliptic curve is implemented using the mathematical function trace of finite fields. We explain the approach which is based on one variable polynomial division. This is achieved by identifying the plane p with the extension of and transforming elliptic curve equations as well as line equations arising in point addition or point doubling into one variable polynomial. Hence the intersection of the line with the curve is analogous to the roots of the division between these polynomials. Hence this is the different way of computing arithmetic of elliptic curve.Transport layer security provides endto-end security services for applications that use a reliable transport layer protocol such as TCP. Two Protocols are dominant today for providing security at the transport layer, the secure socket layer (SSL) protocol and transport layer security (TLS) protocol. One of the goals of these protocols is to provide server and client authentication, data confidentiality and data integrity. The above goals are achieved by establishing the keys between server and client, the algorithm is called elliptic curve digital signature algorithm (ECDSA) and elliptic curve DiffieHellman (ECDH). These algorithms are implemented using standard for efficient cryptography(SEC) prime field elliptic curve secp-384r1 currently specified in NSA Suite B Cryptography. The algorithm is verified on elliptic curve secp384r1and is shown to be adaptable to perform computation

Using a WWW-based Mail User Agent for Secure Electronic Mail Service for Health Care Users

1998 ◽  
Vol 37 (03) ◽  
pp. 247-253 ◽  
Author(s):  
K. Ohe ◽  
S. Kaihara ◽  
T. Kiuchi
Keyword(s):  
Information Exchange ◽  
Electronic Mail ◽  
Medical Professionals ◽  
Secure Socket Layer ◽  
User Agent ◽  
Mail Server ◽  
Hypertext Transfer Protocol ◽  
Secure Network ◽  
Mail Service ◽  
Mail System

AbstractWWW-based user interface is presented for secure electronic mail service for healthcare users. Using this method, communications between an electronic mail (WWW) server and users (WWW browsers) can be performed securely using Secure Socket Layer protocol-based Hypertext Transfer Protocol (SSL-HTIP). The mail can be encrypted, signed, and sent to the recipients and vice versa on the remote WWW server. The merit of this method is that many healthcare users can use a secure electronic mail system easily and immediately, because SSL-compatible WWW browsers are widely used and this system can be made available simply by installing a WWW-based mail user agent on a mail server. We implemented a WWWbased mail user agent which is compatible with PEM-based secure mail and made it available to about 16,000 healthcare users. We believe this approach is effective in facilitating secure network-based information exchange among medical professionals.

scholarly journals Cryptanalysis of a Group Key Establishment Protocol

Symmetry ◽  
2021 ◽  
Vol 13 (2) ◽  
pp. 332
Author(s):  
Jorge Martínez Carracedo ◽  
Adriana Suárez Corona
Keyword(s):  
Forward Secrecy ◽  
Key Establishment ◽  
Group Key ◽  
Active Attack ◽  
Group Key Establishment

In this paper, we analyze the security of a group key establishment scheme proposed by López-Ramos et al. This proposal aims at allowing a group of users to agree on a common key. We present several attacks against the security of the proposed protocol. In particular, an active attack is presented, and it is also proved that the protocol does not provide forward secrecy.

scholarly journals Enhanced ID-Based Authentication Scheme Using OTP in Smart Grid AMI Environment

2014 ◽  
Vol 2014 ◽  
pp. 1-8
Author(s):  
Sang-Soo Yeo ◽  
Dae-il Park ◽  
Young-Ae Jung
Keyword(s):  
Smart Grid ◽  
Good Choice ◽  
Authentication Scheme ◽  
Security Requirements ◽  
Smart Devices ◽  
Smart Meter ◽  
Forward Secrecy ◽  
Hardware Specification ◽  
At Home

This paper presents the vulnerabilities analyses of KL scheme which is an ID-based authentication scheme for AMI network attached SCADA in smart grid and proposes a security-enhanced authentication scheme which satisfies forward secrecy as well as security requirements introduced in KL scheme and also other existing schemes. The proposed scheme uses MDMS which is the supervising system located in an electrical company as a time-synchronizing server in order to synchronize smart devices at home and conducts authentication between smart meter and smart devices using a new secret value generated by an OTP generator every session. The proposed scheme has forward secrecy, so it increases overall security, but its communication and computation overhead reduce its performance slightly, comparing the existing schemes. Nonetheless, hardware specification and communication bandwidth of smart devices will have better conditions continuously, so the proposed scheme would be a good choice for secure AMI environment.

SEACON

2011 ◽  
pp. 309-331
Author(s):  
Surya B. Yadav
Keyword(s):  
Integrated Approach ◽  
Security Requirements ◽  
Network Systems ◽  
Analysis And Design ◽  
Systems Analysis And Design ◽  
Secure Networks ◽  
Secure Network ◽  
Business Requirements ◽  
Level Process ◽  
Process Location

The extent methods largely ignore the importance of integrating security requirements with business requirements and providing built-in steps for dealing with these requirements seamlessly. To address this problem, a new approach to secure network analysis and design is presented. The proposed method, called the SEACON method, provides an integrated approach to use existing principles of information systems analysis and design with the unique requirements of distributed secure network systems. We introduce several concepts including security adequacy level, process-location-security matrix, datalocation- security matrix, and secure location model to provide built-in mechanisms to capture security needs and use them seamlessly throughout the steps of analyzing and designing secure networks. This method is illustrated and compared to other secure network design methods. The SEACON method is found to be a useful and effective method.

Applied Cryptography in E-mail Services and Web Services

2011 ◽  
pp. 130-145
Author(s):  
Lei Chen ◽  
Wen-Chen Hu ◽  
Ming Yang ◽  
Lei Zhang
Keyword(s):  
Web Services ◽  
Communication Networks ◽  
Secure Communication ◽  
Transport Layer ◽  
Public Key ◽  
Applied Cryptography ◽  
Public Networks ◽  
Trust System ◽  
Security Standards ◽  
E Mail

E-mail services are the method of sending and receiving electronic messages over communication networks. Web services on the other hand provide a channel of accessing interlinked hypermeida via the World Wide Web. As these two methods of network communications turn into the most popular services over the Internet, applied cryptography and secure authentication protocols become indispensable in securing confidential data over public networks. In this chapter, we first review a number of cryptographic ciphers widely used in secure communication protocols. We then discuss and compare the popular trust system Web of Trust, the certificate standard X.509, and the standard for public key systems Public Key Infrastructure (PKI). Two secure e-mail standards, OpenPGP and S/MIME, are examined and compared. The de facto standard cryptographic protocol for e-commerce, Secure Socket Layer (SSL) / Transport Layer Security (TLS), and XML Security Standards for secure web services are also discussed.

Sign in / Sign up

Export Citation Format

Share Document