Improved TLS protocol for platform integrity assurance using mutual attestation
Normally, secure communication between client-server applications is established using secure channel technologies such as Transport Layer Security (TLS). TLS is a cryptographic protocol which ensures secure transmission of data and authenticity of communication at each endpoint platform. However, t...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English |
| Published: |
2014
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/50054/1/FSKTM%202014%204RR_organized.pdf http://psasir.upm.edu.my/id/eprint/50054/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Putra Malaysia |
| Language: | English English |
| id |
my.upm.eprints.50054 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.500542024-09-03T04:44:44Z http://psasir.upm.edu.my/id/eprint/50054/ Improved TLS protocol for platform integrity assurance using mutual attestation Abd Aziz, Norazah Normally, secure communication between client-server applications is established using secure channel technologies such as Transport Layer Security (TLS). TLS is a cryptographic protocol which ensures secure transmission of data and authenticity of communication at each endpoint platform. However, the protocol does not provide any trustworthiness assurance of the involved endpoint. So, they are not able to handle the security risks due to potential malicious software or any third parties who may penetrate the platform. Furthermore, there is no mechanism for a computing platform to address the trustworthiness of platform integrity such as free from any malware or spyware. Remote attestation is an authentication technique proposed by the Trusted Computing Group (TCG) which enables the verification of the trusted environment of platforms and assuring the information is accurate. To incorporate this method in web services framework in order to guarantee the trustworthiness and security of web-based applications, a new framework called TrustWeb is proposed. The Trust-Web framework integrates the remote attestation into TLS protocol to provide integrity information of the involved endpoint platforms. The framework improves TLS protocol with mutual attestation (MA) mechanism, named TLS+MA which can help to address the weaknesses of transferring sensitive computations, and a practical way to solve the remote trust issue at the client-server environment. In this thesis, we study the foundations of the credibility of the TLS+MA protocol and TrustWeb approach before we describe the work of designing and building a framework prototype in which attestation mechanism is integrated into the Mozilla Firefox browser and Apache web server. We analyse the security of our protocol using Automated Validation of Internet Security Protocols and Applications (AVISPA)to show that it meets the security goals. Analysis on TLS+MA protocol shows that it is resistant against replay and collusion attacks. For performance analysis, we also compared the TLS+MA with previous protocol. The results show that our protocol only incurs 11.2% of performance overhead in secure connection, which lower than the previous protocol. Despite that, our protocol is 50% more efficient. 2014-07 Thesis NonPeerReviewed text en http://psasir.upm.edu.my/id/eprint/50054/1/FSKTM%202014%204RR_organized.pdf Abd Aziz, Norazah (2014) Improved TLS protocol for platform integrity assurance using mutual attestation. Masters thesis, Universiti Putra Malaysia. Computer network protocols Anomaly detection (Computer security) English |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| language |
English English |
| topic |
Computer network protocols Anomaly detection (Computer security) |
| spellingShingle |
Computer network protocols Anomaly detection (Computer security) Abd Aziz, Norazah Improved TLS protocol for platform integrity assurance using mutual attestation |
| description |
Normally, secure communication between client-server applications is established using secure channel technologies such as Transport Layer Security (TLS). TLS is a cryptographic protocol which ensures secure transmission of data and authenticity of communication at each endpoint platform. However, the protocol does not provide any trustworthiness assurance of the involved endpoint. So, they are not able to handle the security risks due to potential malicious software or any third parties who may penetrate the platform. Furthermore, there is no mechanism for a computing platform to address the trustworthiness of platform integrity such as free from any malware or spyware. Remote attestation is an authentication technique proposed by the Trusted Computing Group (TCG) which enables the verification of the trusted environment of platforms and assuring the information is accurate. To incorporate this method in web services framework in order to guarantee the trustworthiness and security of web-based applications, a new framework called TrustWeb is proposed. The Trust-Web framework integrates the remote attestation into TLS protocol to provide integrity information of the involved endpoint platforms. The framework improves TLS protocol with mutual attestation (MA) mechanism, named TLS+MA which can help to address the weaknesses of transferring sensitive computations, and a practical way to solve the remote trust issue at the client-server environment. In this thesis, we study the foundations of the credibility of the TLS+MA protocol and TrustWeb approach before we describe the work of designing and building a framework prototype in which attestation mechanism is integrated into the Mozilla Firefox browser and Apache web server. We analyse the security of our protocol using Automated Validation of Internet Security Protocols and Applications (AVISPA)to show that it meets the security goals. Analysis on TLS+MA protocol shows that it is resistant against replay and collusion attacks. For performance analysis, we also compared the TLS+MA with previous protocol. The results show that our protocol only incurs 11.2% of performance overhead in secure connection, which lower than the previous protocol. Despite that, our protocol is 50% more efficient. |
| format |
Thesis |
| author |
Abd Aziz, Norazah |
| author_facet |
Abd Aziz, Norazah |
| author_sort |
Abd Aziz, Norazah |
| title |
Improved TLS protocol for platform integrity assurance using mutual attestation |
| title_short |
Improved TLS protocol for platform integrity assurance using mutual attestation |
| title_full |
Improved TLS protocol for platform integrity assurance using mutual attestation |
| title_fullStr |
Improved TLS protocol for platform integrity assurance using mutual attestation |
| title_full_unstemmed |
Improved TLS protocol for platform integrity assurance using mutual attestation |
| title_sort |
improved tls protocol for platform integrity assurance using mutual attestation |
| publishDate |
2014 |
| url |
http://psasir.upm.edu.my/id/eprint/50054/1/FSKTM%202014%204RR_organized.pdf http://psasir.upm.edu.my/id/eprint/50054/ |
| _version_ |
1811685918891835392 |