The Experts below are selected from a list of 285 Experts worldwide ranked by ideXlab platform
Wang Hao - One of the best experts on this subject based on the ideXlab platform.
-
Efficient Wireless Transport Layer Security Handshake Protocol
Computer Engineering, 2011Co-Authors: Wang HaoAbstract:The existing Wireless Transport Layer Security(WTLS) handshake protocol requires to exchange Certificates between the client and the Server,thus causes considerable communication load.And it allows client to avoid verifying the revocation state of the Server Certificate,which is a security flaw.In order to solve these problems,this paper proposes an improved WTLS handshake protocol based on Trusted Certificate Verification Proxy(TCVP).It only exchanges Certificate identifier between the client and the Server,which reduces the message payload.Moreover,TCVP is introduced to verify the online status of Server Certificate and seals it in a security ticket.By checking the ticket,the client is able to determine if the Server Certificate is valid without verifying it by itself.
-
Identity-based improvement of wireless transport layer security handshake protocol
Journal of Computer Applications, 2011Co-Authors: Wang HaoAbstract:The Wireless Transport Layer Security(WTLS) handshake protocol was built based on digital Certificate mechanism.However,there exist several flaws in WTLS.For example,both the communication and computation overload are high.Moreover,it does not verify the Server Certificate on-line.In order to solve these issues,an improved WTLS handshake protocol based on Identity-based Cryptosystem(IBC) was proposed.It is constructed based on ID,and IDs are exchanged between Server and client instead of Certificates.Identity-based Encryption(IBE),Identity-based Signature(IBS) and Identity-based Authenticated Key Agreement(IBAKA) were adopted to implement security functions of encryption,signature and key agreement respectively.Sender's ID information was embedded into encryption key computation,which can be used to authenticate the source of message.The analysis on security and efficiency shows that the efficiency of wireless communication is improved without security loss.
Stefan Santesson - One of the best experts on this subject based on the ideXlab platform.
-
Transport Layer Security (TLS) Cached Information Extension
2016Co-Authors: Stefan Santesson, Hannes TschofenigAbstract:Transport Layer Security (TLS) handshakes often include fairly static information, such as the Server Certificate and a list of trusted certification authorities (CAs). This information can be of considerable size, particularly if the Server Certificate is bundled with a complete Certificate chain (i.e., the Certificates of intermediate CAs up to the root CA). This document defines an extension that allows a TLS client to inform a Server of cached information, thereby enabling the Server to omit already available information.
-
TLS Cached Certificates Extension
2009Co-Authors: Stefan SantessonAbstract:This document defines a Transport Layer Security (TLS) extension for cached Certificates. This extension allows the TLS client to inform a Server of a previously cached Server Certificate path, allowing the Server to omit sending an identified Certificate chain to the client during the TLS handshake protocol exchange.
Patricia Arias Cabarcos - One of the best experts on this subject based on the ideXlab platform.
-
dns dane collision based distributed and dynamic authentication for microservices in iot
Sensors, 2019Co-Authors: Daniel Diazsanchez, Andres Marinlopez, Florina Almenarez Mendoza, Patricia Arias CabarcosAbstract:IoT devices provide real-time data to a rich ecosystem of services and applications. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core networks. To alleviate the core of the network, other technologies like fog computing can be used. On the security side, designers of IoT low-cost devices and applications often reuse old versions of development frameworks and software components that contain vulnerabilities. Many Server applications today are designed using microservice architectures where components are easier to update. Thus, IoT can benefit from deploying microservices in the fog as it offers the required flexibility for the main players of ubiquitous computing: nomadic users. In such deployments, IoT devices need the dynamic instantiation of microservices. IoT microservices require Certificates so they can be accessed securely. Thus, every microservice instance may require a newly-created domain name and a Certificate. The DNS-based Authentication of Named Entities (DANE) extension to Domain Name System Security Extensions (DNSSEC) allows linking a Certificate to a given domain name. Thus, the combination of DNSSEC and DANE provides microservices’ clients with secure information regarding the domain name, IP address, and Server Certificate of a given microservice. However, IoT microservices may be short-lived since devices can move from one local fog to another, forcing DNSSEC Servers to sign zones whenever new changes occur. Considering DNSSEC and DANE were designed to cope with static services, coping with IoT dynamic microservice instantiation can throttle the scalability in the fog. To overcome this limitation, this article proposes a solution that modifies the DNSSEC/DANE signature mechanism using chameleon signatures and defining a new soft delegation scheme. Chameleon signatures are signatures computed over a chameleon hash, which have a property: a secret trapdoor function can be used to compute collisions to the hash. Since the hash is maintained, the signature does not have to be computed again. In the soft delegation schema, DNS Servers obtain a trapdoor that allows performing changes in a constrained zone without affecting normal DNS operation. In this way, a Server can receive this soft delegation and modify the DNS zone to cope with frequent changes such as microservice dynamic instantiation. Changes in the soft delegated zone are much faster and do not require the intervention of the DNS primary Servers of the zone.
-
DNS/DANE Collision-Based Distributed and Dynamic Authentication for Microservices in IoT †
Sensors (Basel Switzerland), 2019Co-Authors: Daniel Diaz-sanchez, Florina Almenarez Mendoza, Andrés Marín-lópez, Patricia Arias CabarcosAbstract:IoT devices provide real-time data to a rich ecosystem of services and applications. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core networks. To alleviate the core of the network, other technologies like fog computing can be used. On the security side, designers of IoT low-cost devices and applications often reuse old versions of development frameworks and software components that contain vulnerabilities. Many Server applications today are designed using microservice architectures where components are easier to update. Thus, IoT can benefit from deploying microservices in the fog as it offers the required flexibility for the main players of ubiquitous computing: nomadic users. In such deployments, IoT devices need the dynamic instantiation of microservices. IoT microservices require Certificates so they can be accessed securely. Thus, every microservice instance may require a newly-created domain name and a Certificate. The DNS-based Authentication of Named Entities (DANE) extension to Domain Name System Security Extensions (DNSSEC) allows linking a Certificate to a given domain name. Thus, the combination of DNSSEC and DANE provides microservices’ clients with secure information regarding the domain name, IP address, and Server Certificate of a given microservice. However, IoT microservices may be short-lived since devices can move from one local fog to another, forcing DNSSEC Servers to sign zones whenever new changes occur. Considering DNSSEC and DANE were designed to cope with static services, coping with IoT dynamic microservice instantiation can throttle the scalability in the fog. To overcome this limitation, this article proposes a solution that modifies the DNSSEC/DANE signature mechanism using chameleon signatures and defining a new soft delegation scheme. Chameleon signatures are signatures computed over a chameleon hash, which have a property: a secret trapdoor function can be used to compute collisions to the hash. Since the hash is maintained, the signature does not have to be computed again. In the soft delegation schema, DNS Servers obtain a trapdoor that allows performing changes in a constrained zone without affecting normal DNS operation. In this way, a Server can receive this soft delegation and modify the DNS zone to cope with frequent changes such as microservice dynamic instantiation. Changes in the soft delegated zone are much faster and do not require the intervention of the DNS primary Servers of the zone.
Song Yun-bo - One of the best experts on this subject based on the ideXlab platform.
-
Website tamper-resistant mechanism based on E-Key and Web page monitor
Journal of Chengdu University of Information Technology, 2009Co-Authors: Song Yun-boAbstract:The Web page tampered illegally brings an immeasurable social and economic loss on the enterprises.The tamper-resistant mechanism which monitors the changes of the Web page document and enhances the security of the operation with E-Key Certificate can be an effective way in reducing or even eliminating the negative effects of the enterprises.The specially designed Web page filtration can detect the tampered Web pages in time and removes them immediately,prevent the flow of the tampered information to the internet.The document change monitoring the procedure and management service procedure monitors the document changes and carries out the repair and restore in time.The twp-way authentication between the E-Key digital Certificate and the Server Certificate can be achieved through the terminal security control and the security of the whole management process is guaranteed.
-
Web Page Tamper-resistant Mechanism Based on File-filtering Driver and Event-triggering
Journal of Chongqing Institute of Technology, 2009Co-Authors: Song Yun-boAbstract:Web page tamper-resistant mechanism based on file-filtering driver and event-triggering monitors file attribute automatically with file attribute generated by using a single hash algorithm,and through the core of tampering with monitoring procedure,which is based on event-triggered approach.If file attribute changes,it deletes the file immediately,and copies the backup files to the monitoring file folder location simultaneously.At the same time,terminal security control,which is deployed in the backup Server,integrates USB-Key digital Certificate and Server Certificate into one,through the core of tampering with monitoring procedure and security management service procedure working together,and manages updates and backup of web Server and backup Server efficiently and safely.Security management service procedure monitors heartbeat packet sent by the core of tampering with monitoring procedure regularly,and carries out real-time monitoring and alarming.
Hannes Tschofenig - One of the best experts on this subject based on the ideXlab platform.
-
Transport Layer Security (TLS) Cached Information Extension
2016Co-Authors: Stefan Santesson, Hannes TschofenigAbstract:Transport Layer Security (TLS) handshakes often include fairly static information, such as the Server Certificate and a list of trusted certification authorities (CAs). This information can be of considerable size, particularly if the Server Certificate is bundled with a complete Certificate chain (i.e., the Certificates of intermediate CAs up to the root CA). This document defines an extension that allows a TLS client to inform a Server of cached information, thereby enabling the Server to omit already available information.
