The Experts below are selected from a list of 2334 Experts worldwide ranked by ideXlab platform
Seán Turner - One of the best experts on this subject based on the ideXlab platform.
-
Prohibiting secure sockets layer (SSL) Version 2.0
RFC6176, 2011Co-Authors: Seán TurnerAbstract:This document requires that when Transport layer Security (TLS)\n clients and servers establish connections, they never negotiate the\n use of secure sockets layer (SSL) version 2.0. This document updates\n the backward compatibility sections found in the Transport layer\n Security (TLS).
-
Prohibiting SSL Version 2.0
2010Co-Authors: Seán TurnerAbstract:This document requires that when TLS clients and servers establish connections that they never negotiate the use of secure sockets layer (SSL) version 2.0. This document updates the backward compatibility sections found in the Transport Security layer (TLS) Protocol, RFC 5246.
Eduardo B. Fernandez - One of the best experts on this subject based on the ideXlab platform.
-
cipher suite rollback a misuse pattern for the ssl tls client server authentication handshake protocol
PLoP '14 Proceedings of the 21st Conference on Pattern Languages of Programs, 2014Co-Authors: Ali Alkazimi, Eduardo B. FernandezAbstract:Transport layer Security (TLS) is a cryptographic protocol that provides a secure channel between a client and a server. TLS is the successor to the secure sockets layer (SSL) protocol. The secure connection prevents an attacker from eavesdropping an established client-server connection. It is used in most internet communications for enabling secure web browsing. The SSL/TLS security protocol is layered between the application protocol layer and the TCP/IP layer and includes as one of its sub-protocols the Handshake Protocol. We present here a misuse pattern for the SSL/TLS Handshake Protocol: the Cipher Suite Rollback, where the attacker intercepts the "ClientHello" message, replaces the CipherSuite (a list of encryption algorithms), with a weak or NULL-Cipher, and passes the intercepted message to the server which will now use a weaker cipher, allowing the attacker to gain access to the exchanged data between the client and the server.
-
Cipher suite rollback: a misuse pattern for the SSL/TLS client/server authentication handshake protocol
2014Co-Authors: Ali Alkazimi, Eduardo B. FernandezAbstract:Transport layer Security (TLS) is a cryptographic protocol that provides a secure channel between a client and a server. TLS is the successor to the secure sockets layer (SSL) protocol. The secure connection prevents an attacker from eavesdropping an established client-server connection. It is used in most internet communications for enabling secure web browsing. The SSL/TLS security protocol is layered between the application protocol layer and the TCP/IP layer and includes as one of its sub-protocols the Handshake Protocol. We present here a misuse pattern for the SSL/TLS Handshake Protocol: the Cipher Suite Rollback, where the attacker intercepts the "ClientHello" message, replaces the CipherSuite (a list of encryption algorithms), with a weak or NULL-Cipher, and passes the intercepted message to the server which will now use a weaker cipher, allowing the attacker to gain access to the exchanged data between the client and the server.
Umar Raza - One of the best experts on this subject based on the ideXlab platform.
-
ICFNDS - Malicious SSL Certificate Detection: A Step Towards Advanced Persistent Threat Defence
Proceedings of the International Conference on Future Networks and Distributed Systems - ICFNDS '17, 2017Co-Authors: Ibrahim Ghafir, Vaclav Prenosil, Mohammad Hammoudeh, Umar RazaAbstract:Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multistep attack. Within the APT life cycle, continuous communication between infected hosts and Command and Control (C&C) servers is maintained to instruct and guide the compromised machines. These communications are usually protected by secure sockets layer (SSL) encryption, making it difficult to identify if the traffic directed to sites is malicious. This paper presents a Malicious SSL certificate Detection (MSSLD) module, which aims at detecting the APT C&C communications based on a blacklist of malicious SSL certificates. This blacklist consists of two forms of SSL certificates, the SHA1 fingerprints and the serial & subject, that are associated with malware and malicious activities. In this detection module, the network traffic is processed and all secure connections are filtered. The SSL certificate of each secure connection is then matched with the SSL certificate blacklist. This module was experimentally evaluated and the results show successful detection of malicious SSL certificates.
-
malicious ssl certificate detection a step towards advanced persistent threat defence
International Conference on Future Networks, 2017Co-Authors: Ibrahim Ghafir, Vaclav Prenosil, Mohammad Hammoudeh, Umar RazaAbstract:Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multistep attack. Within the APT life cycle, continuous communication between infected hosts and Command and Control (C&C) servers is maintained to instruct and guide the compromised machines. These communications are usually protected by secure sockets layer (SSL) encryption, making it difficult to identify if the traffic directed to sites is malicious. This paper presents a Malicious SSL certificate Detection (MSSLD) module, which aims at detecting the APT C&C communications based on a blacklist of malicious SSL certificates. This blacklist consists of two forms of SSL certificates, the SHA1 fingerprints and the serial & subject, that are associated with malware and malicious activities. In this detection module, the network traffic is processed and all secure connections are filtered. The SSL certificate of each secure connection is then matched with the SSL certificate blacklist. This module was experimentally evaluated and the results show successful detection of malicious SSL certificates.
-
Malicious SSL Certificate Detection
Proceedings of the International Conference on Future Networks and Distributed Systems - ICFNDS '17, 2017Co-Authors: Ibrahim Ghafir, Liangxiu Han, Vaclav Prenosil, Mohammad Hammoudeh, Umar RazaAbstract:Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multistep attack. Within the APT life cycle, continuous communication between infected hosts and Command and Control (C&C) servers is maintained to instruct and guide the compromised machines. These communications are usually protected by secure sockets layer (SSL) encryption, making it difficult to identify if the traffic directed to sites is malicious. This paper presents a Malicious SSL certicate Detection (MSSLD) module, which aims at detecting the APT C&C communications based on a blacklist of malicious SSL certificates. This blacklist consists of two forms of SSL certificates, the SHA1 fingerprints and the serial & subject, that are associated with malware and malicious activities. In this detection module, the network traffic is processed and all secure connections are filtered. The SSL certificate of each secure connection is then matched with the SSL certificate blacklist. This module was experimentally evaluated and the results show successful detection of malicious SSL certificates.
Ali Alkazimi - One of the best experts on this subject based on the ideXlab platform.
-
cipher suite rollback a misuse pattern for the ssl tls client server authentication handshake protocol
PLoP '14 Proceedings of the 21st Conference on Pattern Languages of Programs, 2014Co-Authors: Ali Alkazimi, Eduardo B. FernandezAbstract:Transport layer Security (TLS) is a cryptographic protocol that provides a secure channel between a client and a server. TLS is the successor to the secure sockets layer (SSL) protocol. The secure connection prevents an attacker from eavesdropping an established client-server connection. It is used in most internet communications for enabling secure web browsing. The SSL/TLS security protocol is layered between the application protocol layer and the TCP/IP layer and includes as one of its sub-protocols the Handshake Protocol. We present here a misuse pattern for the SSL/TLS Handshake Protocol: the Cipher Suite Rollback, where the attacker intercepts the "ClientHello" message, replaces the CipherSuite (a list of encryption algorithms), with a weak or NULL-Cipher, and passes the intercepted message to the server which will now use a weaker cipher, allowing the attacker to gain access to the exchanged data between the client and the server.
-
Cipher suite rollback: a misuse pattern for the SSL/TLS client/server authentication handshake protocol
2014Co-Authors: Ali Alkazimi, Eduardo B. FernandezAbstract:Transport layer Security (TLS) is a cryptographic protocol that provides a secure channel between a client and a server. TLS is the successor to the secure sockets layer (SSL) protocol. The secure connection prevents an attacker from eavesdropping an established client-server connection. It is used in most internet communications for enabling secure web browsing. The SSL/TLS security protocol is layered between the application protocol layer and the TCP/IP layer and includes as one of its sub-protocols the Handshake Protocol. We present here a misuse pattern for the SSL/TLS Handshake Protocol: the Cipher Suite Rollback, where the attacker intercepts the "ClientHello" message, replaces the CipherSuite (a list of encryption algorithms), with a weak or NULL-Cipher, and passes the intercepted message to the server which will now use a weaker cipher, allowing the attacker to gain access to the exchanged data between the client and the server.
Ray Hunt - One of the best experts on this subject based on the ideXlab platform.
-
tutorial internet intranet firewall security policy architecture and transaction services
Computer Communications, 1998Co-Authors: Ray HuntAbstract:The development of Internet/Intranet security is of paramount importance to organisations that plan to gain the economic benefits from interconnection with the Internet. This paper commences by examining firewall policy, focusing on both network service access policy and firewall design policy. Various firewall architectures, ranging from simple packet filters through to screened subnets and proxy gateways, are then discussed. Finally, the various mechanisms by which transactions can be secured over the Internet/Intranet are covered. These include encrypted tunnelling, IPv6, point-to-point tunnelling protocol, secure sockets layer, secure electronic transactions and secure multipart Internet mail encoding.
-
Tutorial: Internet/Intranet firewall security-policy, architecture and transaction services
Computer Communications, 1998Co-Authors: Ray HuntAbstract:The development of Internet/Intranet security is of paramount importance to organisations that plan to gain the economic benefits from interconnection with the Internet. This paper commences by examining firewall policy, focusing on both network service access policy and firewall design policy. Various firewall architectures, ranging from simple packet filters through to screened subnets and proxy gateways, are then discussed. Finally, the various mechanisms by which transactions can be secured over the Internet/Intranet are covered. These include encrypted tunnelling, IPv6, point-to-point tunnelling protocol, secure sockets layer, secure electronic transactions and secure multipart Internet mail encoding.