Related papers: TLS hardening
Forward Secrecy (FS) is a security property in key-exchange algorithms which guarantees that a compromise in the secrecy of a long-term private-key does not compromise the secrecy of past session keys. With a growing awareness of long-term…
The Domain Name System (DNS) serves as the backbone of the Internet, primarily translating domain names to IP addresses. Over time, various enhancements have been introduced to strengthen the integrity of DNS. Among these, DNSSEC stands out…
This paper presents the results of a series of penetration tests performed on the OpenStack Essex Cloud Management Software. Several different types of penetration tests were performed including network protocol and command line fuzzing,…
We describe TrustBase, an architecture that provides certificate-based authentication as an operating system service. TrustBase enforces best practices for certificate validation for all applications and transparently enables existing…
Information-Centric Networking is a promising networking paradigm that overcomes many of the limitations of current networking architectures. Various research efforts investigate solutions for securing ICN. Nevertheless, most of these…
In recent times, many protocols have been proposed to provide security for various information and communication systems. Such protocols must be tested for their functional correctness before they are used in practice. Application of formal…
The emergence of quantum computing poses a formidable security challenge to network protocols traditionally safeguarded by classical cryptographic algorithms. This paper provides an exhaustive analysis of vulnerabilities introduced by…
Blockchain platforms and smart contracts are vulnerable to security breaches. Security breaches of smart contracts have led to huge financial losses in terms of cryptocurrencies and tokens. In this paper, we present a systematic survey of…
The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are the foundation of network security. The certificate verification in SSL/TLS implementations is vital and may become the weak link in the whole network…
Self-supervised learning (SSL) is a prevalent approach for encoding data representations. Using a pre-trained SSL image encoder and subsequently training a downstream classifier, impressive performance can be achieved on various tasks with…
The domain name system (DNS) that maps alphabetic names to numeric Internet Protocol (IP) addresses plays a foundational role for Internet communications. By default, DNS queries and responses are exchanged in unencrypted plaintext, and…
Secure Shell (SSH) protocol requires all implementations to support public key authentication method ("publickey") for authentication purposes, so web applications which provide a SSH client over the web browser need to support "publickey".…
Authentication in TLS is predominately carried out with X.509 digital certificates issued by certificate authorities (CA). The centralized nature of current public key infrastructures, however, comes along with severe risks, such as single…
The Internet has many backbone components on top of which the whole world is connected. It is important to make these components, like Border Gateway Protocol (BGP), Domain Name System (DNS), and Public Key Infrastructure (PKI), secure and…
When it comes to security in the modern world, things have improved a lot since the early 2000s. Hypertext Transfer Protocol Secure (HTTPS) and Transport Layer Security (TLS) have made the transfer of our data across the internet much safer…
The use of passwords and the need to protect passwords are not going away. The majority of websites that require authentication continue to support password authentication. Even high-security applications such as Internet Banking portals,…
Over the years, with the advancement of technology, Web technology has many improvements. In the early days, the web was one-way communication, and only the customer was able to see the content of the site and could not enter information.…
X.509 certificate parsing and validation is a critical task which has shown consistent lack of effectiveness, with practical attacks being reported with a steady rate during the last 10 years. In this work we analyze the X.509 standard and…
Similarly to elsewhere on the Internet, practical security in the Internet of Things (IoT) is achieved by combining an array of mechanisms, at work at all layers of the protocol stack, in system software, and in hardware. Standard protocols…
Malware abuses TLS to encrypt its malicious traffic, preventing examination by content signatures and deep packet inspection. Network detection of malicious TLS flows is an important, but challenging, problem. Prior works have proposed…