Relevant bibliographies by topics / Certificats SSL/TLS

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Book chapters
  4. Conference papers

Academic literature on the topic 'Certificats SSL/TLS'

Author: Grafiati
Published: 23 September 2022
Last updated: 19 July 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Certificats SSL/TLS.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Certificats SSL/TLS"

1

Lapshichyov, Vitaly V. "TLS Certificates of the Tor Network and Their Distinctive Features." International Journal of Systems and Software Security and Protection 10, no. 2 (2019): 20–43. http://dx.doi.org/10.4018/ijsssp.2019070102.

Full text
Abstract:
This article presents the results of an experimental study of the properties of SSL/TLS certificates of an anonymous Tor network, based on which it is concluded that there are several features that differ from other SSL/TLS certificates. At present, in the scientific literature and in the documentation of U.S. National Security Agency, and the U.K. Government Communications Headquarters devoted to the identification of Tor network traffic, two signs of SSL/TLS certificates are indicated - the name of the certificate subject, as well as the port of the certificate transmission and network connection. The results of an experimental study allow the authors to state with a high degree of probability that Tor network certificates can be identified in the data stream between the client and server of the specified network by their size, which is between 400 and 600 bytes. The list of features of the Tor network certificates is intended to develop software or add-ons to existing ones, which is used to block access of Internet users to Darknet resources or to limit the use of the Tor anonymous network service. Based on data on the distinguishing features of Tor network certificates, an algorithm is proposed for blocking access to the Internet for users of the Tor Bundle.
APA, Harvard, Vancouver, ISO, and other styles
2

Mohit, Thodupunuri. "The Right Way to Manage SSL/TLS Certificates in Modern Applications and Infrastructure." European Journal of Advances in Engineering and Technology 11, no. 3 (2024): 30–37. https://doi.org/10.5281/zenodo.15607021.

Full text
Abstract:
SSL/TLS certificates are foundational to securing modern application and infrastructure communications. Yet despite their ubiquity, poor certificate management remains a leading cause of service disruptions, security breaches, and compliance failures. As systems become more distributed—spanning containerized workloads, service meshes, and hybrid clouds—the challenge of managing certificate lifecycles grows exponentially. Static provisioning, hardcoded secrets, and manual renewals no longer scale in environments demanding agility and automation. This article explores best practices for securely managing TLS certificates across both infrastructure and application layers. Topics include secure secret storage, automated issuance and renewal, runtime injection strategies, and integration with CI/CD pipelines. We also examine mutual TLS for east-west traffic, monitoring strategies for expiration and revocation, and tools supporting short-lived, identity-bound certificates. Drawing from industry standards and operational patterns, we present a technical guide for building resilient, scalable certificate management strategies that align with modern deployment models and evolving security requirements.
APA, Harvard, Vancouver, ISO, and other styles
3

Foppe, Lucas, Jeremy Martin, Travis Mayberry, Erik C. Rye, and Lamont Brown. "Exploiting TLS Client Authentication for Widespread User Tracking." Proceedings on Privacy Enhancing Technologies 2018, no. 4 (2018): 51–63. http://dx.doi.org/10.1515/popets-2018-0031.

Full text
Abstract:
Abstract TLS, and SSL before it, has long supported the option for clients to authenticate to servers using their own certificates, but this capability has not been widely used. However, with the development of its Push Notification Service, Apple has deployed this technology on millions of devices for the first time. Wachs et al. [42] determined iOS client certificates could be used by passive network adversaries to track individual devices across the internet. Subsequently, Apple has patched their software to fix this vulnerability. We show these countermeasures are not effective by demonstrating three novel active attacks against TLS Client Certificate Authentication that are successful despite the defenses. Additionally, we show these attacks work against all known instances of TLS Client Certificate Authentication, including smart cards like those widely deployed by the Estonian government as part of their Digital ID program. Our attacks include in-path man-in-the-middle versions as well as a more powerful on-path attack that can be carried out without full network control.
APA, Harvard, Vancouver, ISO, and other styles
4

Xing, Qianqian, Xiaofeng Wang, Xinyue Xu, et al. "BRT: An Efficient and Scalable Blockchain-Based Revocation Transparency System for TLS Connections." Sensors 23, no. 21 (2023): 8816. http://dx.doi.org/10.3390/s23218816.

Full text
Abstract:
Log-based public key infrastructure(PKI) refers to a robust class of CA-attack-resilient PKI that enhance transparency and accountability in the certificate revocation and issuance process by compelling certificate authorities (CAs) to submit revocations to publicly and verifiably accessible logs. However, log-based PKIs suffer from a reliance on centralized and consistent sources of information, rendering them susceptible to split-world attacks, and they regrettably fail to provide adequate incentives for recording or monitoring CA behavior. Blockchain-based PKIs address these limitations by enabling decentralized log audits through automated financial incentives. However, they continue to face challenges in developing a scalable revocation mechanism suited for lightweight clients. In this paper, we introduce BRT, a scalable blockchain-based system for certificate and revocation transparency. It serves to log, audit, and validate the status of certificates within the transport layer security (TLS)/secure sockets layer(SSL) PKI domain. We designed an audit-on-chain framework, coupled with an off-chain storage/computation system, to enhance the efficiency of BRT when operating in a blockchain environment. By implementing a blockchain-based prototype, we demonstrate that BRT achieves storage-efficient log recording with a peak compression rate reaching 8%, cost-effective log updates for large-scale certificates, and near-instantaneous revocation checks for users.
APA, Harvard, Vancouver, ISO, and other styles
5

Park, Jun-Cheol. "Cookie-Based Identification of the Public Keys of TLS/SSL Certificates." Journal of Korean Institute of Communications and Information Sciences 41, no. 1 (2016): 101–3. http://dx.doi.org/10.7840/kics.2015.41.1.101.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Cueva Hurtado, Mario E., and Diego Javier Alvarado Sarango. "Análisis de Certificados SSL/TLS gratuitos y su implementación como Mecanismo de seguridad en Servidores de Aplicación." Enfoque UTE 8, no. 1 (2017): 273–86. http://dx.doi.org/10.29019/enfoqueute.v8n1.128.

Full text
Abstract:
La seguridad en la capa de aplicación (SSL), proporciona la confidencialidad, integridad y autenticidad de los datos, entre dos aplicaciones que se comunican entre sí. El presente artículo es el resultado de haber implementado certificados SSL / TLS gratuitos en servidores de aplicación, determinando las características relevantes que debe tener un certificado SSL/TLS, la Autoridad certificadora que lo emita. Se realiza un análisis de las vulnerabilidades en los servidores web y se establece un canal cifrado de comunicaciones con el fin de proteger de ataques como hombre en el medio, phising y mantener la integridad de la información que es trasmitida entre el cliente y servidor.
APA, Harvard, Vancouver, ISO, and other styles
7

Lapshichyov, Vitaly V., and Oleg B. Makarevich. "Detection and identification method of the tor bundle use." Informatization and communication, no. 3 (May 5, 2020): 17–20. http://dx.doi.org/10.34219/2078-8320-2020-11-3-17-20.

Full text
Abstract:
This paper presents the result of author’s research aimed at developing a detecting and identifying method of the Tor Bundle use in data transmission networks, in particular, on the Internet. Based on these characteristics, an algorithm has been developed that allows legitimate blocking of user access to a global network by a popular anonymizer. The subject of the study was an SSL/TLS encryption certificate, which is transmitted by the Tor network server to the user of the Tor Bundle and which contains the set of data necessary for its identification during the implementation of the TLS “handshake”. In the course of the study of the certificates features, several distinguishing features were identified, namely: the name of the subject and issuer of the certificate, which is a random set of letters and numbers; port used when connecting to an anonymous network; certificate size. Based on the data received, a method is proposed that allows the provider’s server to block the connection during which a certificate with certain characteristics is transmitted.
APA, Harvard, Vancouver, ISO, and other styles
8

Tian, Cong, Chu Chen, Zhenhua Duan, and Liang Zhao. "Differential Testing of Certificate Validation in SSL/TLS Implementations." ACM Transactions on Software Engineering and Methodology 28, no. 4 (2019): 1–37. http://dx.doi.org/10.1145/3355048.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Martynenkov, I. V. "THE MAIN STAGES OF DEVELOPMENT OF THE CRYPTOGRAPHIC PROTOCOLS SSL/TLS AND IPsec." Prikladnaya Diskretnaya Matematika, no. 51 (2021): 31–67. http://dx.doi.org/10.17223/20710410/51/2.

Full text
Abstract:
The paper discusses the main stages of development of cryptographic protocols from SSL 2.0 (Secure Socket Layer) to TLS 1.3 (Transport Layer Security), which ensure the protection of transport layer data in the OSI model. A brief description of the modification of the RuTLS protocol based on TLS 1.3 and their main differences is given. The development of IPsec, which provides cryptographic protection of communications at the network level of the OSI model, is considered using examples of the development of the three most commonly used protocols. These include IKE (Internet Key Exchange), AH (Authentication Header), and ESP (Encapsulation Security Payload). For the SSL/TLS and IPsec specifications, the basic handshake protocols and the main stages of their development are considered. The described handshakes include primary cryptographic information exchange cycles in the form of identifiers of interaction participants, one-time numbers, lists of supported cryptographic combinations. Authentication of participants based on certificates, shared symmetric keys, data exchange for establishing a shared Diffie — Hellman secret, development of key material for secret keys of communication sessions, message authentication, and other cryptographic parameters are presented. For different versions of SSL/TLS and IPsec, the logical structures of application data cryptographic protection functions are described.
APA, Harvard, Vancouver, ISO, and other styles
10

Park, Hun Myoung. "The Pitfalls of the Certificate-Based User Authentication Scheme on Korean Public Websites." Journal of Cases on Information Technology 26, no. 1 (2024): 1–19. http://dx.doi.org/10.4018/jcit.355015.

Full text
Abstract:
The Korean government has employed a certificate-based user authentication scheme powered by Internet Explorer and ActiveX plug-ins for the past two decades. Users must obtain accredited digital certificates, install all required plug-ins on their machines, and undergo all user authentication procedures. Most clients mistakenly take a series of authentication procedures for granted and unwittingly make copies of security code cards, store accredited digital certificates on hard disks, and mechanically click “Yes” or “OK”. Public websites lack cross-platform and cross-browser compatibility and discriminate against those who do not use Windows. The government should require public organizations to provide at least a password-based n-factor authentication scheme over SSL/TLS and should reform institutional arrangements so that service providers take primary responsibility for online transactions. This “Galapagos e-government” case illustrates the importance of global technology standards and web accessibility.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Certificats SSL/TLS"

1

Traore, Mohamed. "Analyse des biais de RNG pour les mécanismes cryptographiques et applications industrielles." Thesis, Université Grenoble Alpes, 2022. http://www.theses.fr/2022GRALM013.

Full text
Abstract:
Dans ce travail, nous analysons des certificats SSL/TLS X.509 (utilisant le chiffrement RSA et provenant de centaines de millions de matériels connectés) à la recherche d'anomalies et étendons notamment les travaux de Hastings, Fried et Heninger (2016). Notre étude a été réalisée sur trois bases de données provenant de l'EFF (2010-2011), de l'ANSSI (2011-2017) et de Rapid7 (2017-2021). Plusieurs vulnérabilités affectant des matériels de fabricants connus furent détectées : modules de petites tailles (strictement inférieures à 1024 bits), modules redondants (utilisés par plusieurs entités), certificats invalides mais toujours en usage, modules vulnérables à l'attaque ROCA ainsi que des modules dits «PGCD-vulnérables» (c'est-à-dire des modules ayant des facteurs communs). Pour la base de données de Rapid7, dénombrant près de 600 millions de certificats (et incluant ceux des matériels récents), nous avons identifié 1,550,382 certificats dont les modules sont PGCD-vulnérables, soit 0.27% du nombre total. Cela a permis de factoriser 14,765 modules de 2048 bits ce qui, à notre connaissance, n'a jamais été fait.En analysant certains modules PGCD-vulnérables, on a pu rétro-concevoir de façon partielle le générateur de modules (de 512 bits) utilisé par certaines familles de pare-feux, ce qui a permis la factorisation instantanée de 42 modules de 512 bits, correspondant aux certificats provenant de 8,817 adresses IPv4.Après avoir constaté que la plupart des modules factorisés avaient été générés par la bibliothèque OpenSSL, on a analysé les codes sources et les méthodes en charge du processus de génération de clefs RSA de plusieurs versions de cette bibliothèque (couvrant la période 2005 à 2021). À travers des expérimentations sur des plateformes à base de processeurs ARM, où l'on s'est mis quasiment dans les mêmes conditions que les matériels vulnérables identifiés, on a réussi à remonter aux causes de la PGCD-vulnérabilité<br>In this work, we analyze X.509 SSL/TLS certificates (using RSA encryption and from hundreds of millions of connected devices) looking for anomalies and notably extend the work of Hastings, Fried and Heninger (2016). Our study was carried out on three databases from EFF (2010-2011), ANSSI (2011-2017) and Rapid7 (2017-2021). Several vulnerabilities affecting devices from well-known manufacturers were detected: small moduli (strictly less than 1024 bits), redundant moduli (used by several entities), invalid certificates but still in use, moduli vulnerable to the ROCA attack as well as so-called “GCD-vulnerable” moduli (i.e. moduli having common factors). For the Rapid7 database, counting nearly 600 million certificates (and including those for recent devices), we have identified 1,550,382 certificates whose moduli are GCD-vulnerable, that is 0.27% of the total number. This made it possible to factor 14,765 moduli of 2048 bits which, to our knowledge, has never been done.By analyzing certain GCD-vulnerable moduli, we were able to partially reverse-engineer the modulus generator (of 512 bits) used by certain families of firewalls, which allowed the instantaneous factorization of 42 moduli of 512 bits, corresponding certificates from 8,817 IPv4 addresses.After noting that most of the factored moduli had been generated by the OpenSSL library, we analyzed the source codes and the methods in charge of the RSA key generation process of several versions of this library (covering the period 2005 to 2021). Through experiments on platforms based on ARM processors, where we put ourselves in almost the same conditions as the vulnerable devices identified, we managed to trace the causes of the PGCD-vulnerability
APA, Harvard, Vancouver, ISO, and other styles
2

Boinapally, Kashyap. "Security Certificate Renewal Management." Thesis, Blekinge Tekniska Högskola, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-18453.

Full text
Abstract:
Context. An SSL encrypted client-server communication is necessary to maintain the security and privacy of the communication. For an SSL encryption to work, there should be a security certificate which has a certain expiry period. Periodic renewal of the certificate after its expiry is a waste of time and an effort on part of the company. Objectives. In this study, a new system has been developed and implemented, which sends a certificate during prior communication and does not wait for the certificate to expire. Automating the process to a certain extent was done to not compromise the security of the system and to speed up the process and reduce the downtime. Methods. Experiments have been conducted to test the new system and compare it to the old system. The experiments were conducted to analyze the packets and the downtime occurring from certificate renewal. Results. The results of the experiments show that there is a significant reduction in downtime. This was achieved due to the implementation of the new system and semi-automation Conclusions. The system has been implemented, and it greatly reduces the downtime occurring due to the expiry of the security certificates. Semi-Automation has been done to not hamper the security and make the system robust.
APA, Harvard, Vancouver, ISO, and other styles
3

Bruhner, Carl Magnus, and Oscar Linnarsson. "Relay Racing with X.509 Mayflies : An Analysis of Certificate Replacements and Validity Periods in HTTPS Certificate Logs." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-167063.

Full text
Abstract:
Certificates are the foundation of secure communication over the internet as of today. While certificates can be issued with long validity periods, there is always a risk of having them compromised during their lifetime. A good practice is therefore to use shorter validity periods. However, this limits the certificate lifetime and gives less flexibility in the timing of certificate replacements. In this thesis, we use publicly available network logs from Rapid7's Project Sonar to provide an overview of the current state of certificate usage behavior. Specifically, we look at the Let's Encrypt mass revocation event in March 2020, where millions of certificates were revoked with just five days notice. In general, we show how this kind of datasets can be used, and as a deeper exploration we analyze certificate validity, lifetime and use of certificates with overlapping validity periods, as well as discuss how our findings relate to industry standard and current security trends. Specifically, we isolate automated certificate services such as Let's Encrypt and cPanel to see how their certificates differ in characteristics from other certificates in general. Based on our findings, we propose a set of rules to help improve the trust in certificate usage and strengthen security online, introducing an Always secure policy aligning certificate validity with revocation time limits in order to replace revocation requirements and overcoming the fact that mobile devices today ignore this very important security feature. To round things off, we provide some ideas for further research based on our findings and what we see possible with datasets such as the one researched in this thesis.
APA, Harvard, Vancouver, ISO, and other styles
4

Gustafsson, Josef. "Certificate Transparency in Theory and Practice." Thesis, Linköpings universitet, Databas och informationsteknik, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-125855.

Full text
Abstract:
Certificate Transparency provides auditability to the widely used X.509 Public Key Infrastructure (PKIX) authentication in Transport Layer Security (TLS) protocol. Transparency logs issue signed promises of inclusions to be used together with certificates for authentication of TLS servers. Google Chrome enforces the use of Certificate Transparency for validation of Extended Validation (EV) certificates. This thesis proposes a methodology for asserting correct operation and presents a survey of active Logs. An experimental Monitor has been implemented as part of the thesis. Varying Log usage patterns and metadata about Log operation are presented, and Logs are categorized based on characteristics and usage. A case of mis-issuance by Symantec is presented to show the effectiveness of Certificate Transparency.
APA, Harvard, Vancouver, ISO, and other styles
5

Klasson, Sebastian, and Nina Lindström. "Longitudinal analysis of the certificate chains of big tech company domains." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-178396.

Full text
Abstract:
The internet is one of the most widely used mediums for communication in modern society and it has become an everyday necessity for many. It is therefore of utmost importance that it remains as secure as possible. SSL and TLS are the backbones of internet security and an integral part of these technologies are the certificates used. Certificate authorities (CAs) can issue certificates that validate that domains are who they claim to be. If a user trusts a CA they can in turn also trust domains that have been validated by them. CAs can in turn trust other CAs and this, in turn, creates a chain of trust called a certificate chain. In this thesis, the structure of these certificate chains is analysed and a longitudinal dataset is created. The analysis looks at how the certificate chains have changed over time and puts extra focus on the domains of big tech companies. The dataset created can also be used for further analysis in the future and will be a useful tool in the examination of historical certificate chains. Our findings show that the certificate chains of the domains studied do change over time; both their structure and the lengths of them vary noticeably. Most of the observed domains show a decrease in average chain length between the years of 2013 and 2020 and the structure of the chains vary significantly over the years.
APA, Harvard, Vancouver, ISO, and other styles
6

Petersson, Jakob. "Analysis of Methods for Chained Connections with Mutual Authentication Using TLS." Thesis, Linköpings universitet, Informationskodning, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-119455.

Full text
Abstract:
TLS is a vital protocol used to secure communication over networks and it provides an end- to-end encrypted channel between two directly communicating parties. In certain situations it is not possible, or desirable, to establish direct connections from a client to a server, as for example when connecting to a server located on a secure network behind a gateway. In these cases chained connections are required. Mutual authentication and end-to-end encryption are important capabilities in a high assur- ance environment. These are provided by TLS, but there are no known solutions for chained connections. This thesis explores multiple methods that provides the functionality for chained connec- tions using TLS in a high assurance environment with trusted servers and a public key in- frastructure. A number of methods are formally described and analysed according to multi- ple criteria reflecting both functionality and security requirements. Furthermore, the most promising method is implemented and tested in order to verify that the method is viable in a real-life environment. The proposed solution modifies the TLS protocol through the use of an extension which allows for the distinction between direct and chained connections. The extension which also allows for specifying the structure of chained connections is used in the implementation of a method that creates chained connections by layering TLS connections inside each other. Testing demonstrates that the overhead of the method is negligible and that the method is a viable solution for creating chained connections with mutual authentication using TLS.
APA, Harvard, Vancouver, ISO, and other styles
7

Klepáčková, Karolína. "Aplikace pro Android na bezpečnostní monitorování komunikace." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2019. http://www.nusl.cz/ntk/nusl-399203.

Full text
Abstract:
This diploma thesis is focused on implementation of application for security monitoring of network communication of other applications in mobile device with Android platform. Provides users information about security risks that may harm his/her privacy or device. It uses a local VPN to tunnel all data sent to the wireless network. These can be linked to an application that has sent them because the Android kernel is derived from the Linux kernel and can be used to retrieve information about established network connections and the application identifier associated with the connection. This mapping allows to get more information about an app that is potentially dangerous for your mobile device.
APA, Harvard, Vancouver, ISO, and other styles
8

Rapp, Axel. "Web site security maturity of the European Union and its member states : A survey study on the compliance with best practices of DNSSEC, HSTS, HTTPS, TLS-version, and certificate validation types." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-20127.

Full text
Abstract:
With e-governance steadily growing, citizen-to-state communication via Web sites is as well, placing enormous trust in the protocols designed to handle this communication in a secure manner. Since breaching any of the protocols enabling Web site communication could yield benefits to a malicious attacker and bring harm to end-users, the battle between hackers and information security professionals is ongoing and never-ending. This phenomenon is the main reason why it is of importance to adhere to the latest best practices established by specialized independent organizations. Best practice compliance is important for any organization, but maybe most of all for our governing authorities, which we should hold to the highest standard possible due to the nature of their societal responsibility to protect the public. This report aims to, by conducting a quantitative survey, study the Web sites of the governments and government agencies of the member states of the European Union, as well as Web sites controlled by the European Union to assess to what degree their domains comply with the current best practices of DNSSEC, HSTS, HTTPS, SSL/TLS, and certificate validation types. The findings presented in this paper show that there are significant differences in compliance level between the different parameters measured, where HTTPS best practice deployment was the highest (96%) and HSTS best practice deployment was the lowest (3%). Further, when comparing the average best practice compliance by country, Denmark and the Netherlands performed the best, while Cyprus had the lowest average.
APA, Harvard, Vancouver, ISO, and other styles
9

O'Neill, Mark Thomas. "The Security Layer." BYU ScholarsArchive, 2019. https://scholarsarchive.byu.edu/etd/7761.

Full text
Abstract:
Transport Layer Security (TLS) is a vital component to the security ecosystem and the most popular security protocol used on the Internet today. Despite the strengths of the protocol, numerous vulnerabilities result from its improper use in practice. Some of these vulnerabilities arise from weaknesses in authentication, from the rigidity of the trusted authority system to the complexities of client certificates. Others result from the misuse of TLS by developers, who misuse complicated TLS libraries, improperly validate server certificates, employ outdated cipher suites, or deploy other features insecurely. To make matters worse, system administrators and users are powerless to fix these issues, and lack the ability to properly control how their own machines communicate securely online. In this dissertation we argue that the problems described are the result of an improper placement of security responsibilities. We show that by placing TLS services in the operating system, both new and existing applications can be automatically secured, developers can easily use TLS without intimate knowledge of security, and security settings can be controlled by administrators. This is demonstrated through three explorations that provide TLS features through the operating system. First, we describe and assess TrustBase, a service that repairs and strengthens certificate-based authentication for TLS connections. TrustBase uses traffic interception and a policy engine to provide administrators fine-tuned control over the trust decisions made by all applications on their systems. Second, we introduce and evaluate the Secure Socket API (SSA), which provides TLS as an operating system service through the native POSIX socket API. The SSA enables developers to use modern TLS securely, with as little as one line of code, and also allows custom tailoring of security settings by administrators. Finally, we further explore a modern approach to TLS client authentication, leveraging the operating system to provide a generic platform for strong authentication that supports easy deployment of client authentication features and protects user privacy. We conclude with a discussion of the reasons for the success of our efforts, and note avenues for future work that leverage the principles exhibited in this work, both in and beyond TLS.
APA, Harvard, Vancouver, ISO, and other styles
10

Slavík, Petr. "Laboratorní úloha infrastruktury veřejných klíčů." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2009. http://www.nusl.cz/ntk/nusl-217981.

Full text
Abstract:
The aim of this thesis is to study and describe the theme of Public Key Infrastructure (PKI). Within the scope of minute PKI characterization there is a gradual depiction of particular structural elements, which are above all represented by cryptographic operations (asymetric and symetric cryptography, hash function and digital signature); then, there are also individual PKI subjects that are dealt with, like eg. certification authority, certificates, security protocols, secure heap etc. Last but not least there are a few complete Public Key Infrastructure implementation solutions described (OpenSSL, Microsft CA). The practical part of the thesis, a lab exercise, gives potential students the knowledge of installing OpenSSL system based certification authority. The next task educate students how to secure web server with certificate signed with own CA and also how to secure web server users‘ access control through certificates signed by the previously installed CA.
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "Certificats SSL/TLS"

1

Hughes, Lawrence E. "SSL and TLS." In Pro Active Directory Certificate Services. Apress, 2022. http://dx.doi.org/10.1007/978-1-4842-7486-6_11.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Aravind, S., K. Indra Gandhi, R. Prasanna, and V. Rishith Kumar. "Policy-Based Verification and Enforcement for Generation of SSL/TLS Certificates." In Smart Innovation, Systems and Technologies. Springer Nature Singapore, 2025. https://doi.org/10.1007/978-981-96-0147-9_1.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Fiedler, Arno, and Christoph Thiel. "The need of European White Knights for the TLS/SSL Certificate System." In ISSE 2014 Securing Electronic Business Processes. Springer Fachmedien Wiesbaden, 2014. http://dx.doi.org/10.1007/978-3-658-06708-3_13.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Mogollon, Manuel. "TLS, SSL, and SET." In Cryptography and Security Services. IGI Global, 2008. http://dx.doi.org/10.4018/978-1-59904-837-6.ch012.

Full text
Abstract:
In an Internet commercial transaction, the secure Web server and the buyer’s computer authenticate each other and encipher the data transmitted using transport layer security (TLS) or secure socket layer (SSL) protocols. When a purchase is made online using a credit card, does the customer’s bank need to know what was purchased? Not really. Does the seller need to know the customer’s credit card number? Actually, the answer is no. The responses to these questions were the main premises of the secure electronic transaction (SET). In the late 1990’s, SET was approved as the credit card standard, but it failed to be accepted because of its cost and the problems regarding distribution of end-user certificates. However, SET is explained in this chapter as an ideal protocol, from the point of view of certificates, digital signatures, and cryptography for securing credit card transactions over the Internet.
APA, Harvard, Vancouver, ISO, and other styles
5

"Creating a Network of Trust Using X.509 Certificates." In Implementing SSL/TLS Using Cryptography and PKI. Wiley Publishing, Inc., 2011. http://dx.doi.org/10.1002/9781118255797.ch5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Chen, Lei, Wen-Chen Hu, Ming Yang, and Lei Zhang. "Applied Cryptography in E-mail Services and Web Services." In Applied Cryptography for Cyber Security and Defense. IGI Global, 2011. http://dx.doi.org/10.4018/978-1-61520-783-1.ch005.

Full text
Abstract:
E-mail services are the method of sending and receiving electronic messages over communication networks. Web services on the other hand provide a channel of accessing interlinked hypermeida via the World Wide Web. As these two methods of network communications turn into the most popular services over the Internet, applied cryptography and secure authentication protocols become indispensable in securing confidential data over public networks. In this chapter, we first review a number of cryptographic ciphers widely used in secure communication protocols. We then discuss and compare the popular trust system Web of Trust, the certificate standard X.509, and the standard for public key systems Public Key Infrastructure (PKI). Two secure e-mail standards, OpenPGP and S/MIME, are examined and compared. The de facto standard cryptographic protocol for e-commerce, Secure Socket Layer (SSL) / Transport Layer Security (TLS), and XML Security Standards for secure web services are also discussed.
APA, Harvard, Vancouver, ISO, and other styles
7

Kaur, Kashish Preet, Sunil K. Singh, Sudhakar Kumar, et al. "Advanced Tools and Technologies for Phishing Prevention." In Critical Phishing Defense Strategies and Digital Asset Protection. IGI Global, 2025. https://doi.org/10.4018/979-8-3693-8784-9.ch009.

Full text
Abstract:
Phishing attacks are a major cybersecurity threat, exploiting human vulnerabilities by manipulating trust to access sensitive information. As phishing tactics evolve, the demand for advanced anti-phishing technologies has surged. This paper examines key measures such as email filters, SSL/TLS certificates, DNS-based authentication, multi-factor authentication, and URL filtering to protect against phishing. Advanced methods like machine learning, AI-driven analysis, and real-time threat detection have improved phishing prevention. It also discusses browser-based, cloud-based, and email security tools for mitigating risks. The paper highlights challenges such as evolving tactics, email filtering limitations, and user negligence, emphasizing the need for ongoing innovation in strategies. Future trends like AI, biometrics, and deep learning for threat intelligence are explored, showing potential to enhance phishing defense. A holistic approach integrating technology, protocols, and user awareness is advocated to combat phishing effectively at both individual and organizational levels.
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Certificats SSL/TLS"

1

Petrica, Gabriel, Ionutdaniel Barbu, Sabinadaniela Axinte, Ioan Bacivarov, and Ioan cosmin Mihai. "E-LEARNING PLATFORMS IDENTITY USING DIGITAL CERTIFICATES." In eLSE 2017. Carol I National Defence University Publishing House, 2017. http://dx.doi.org/10.12753/2066-026x-17-228.

Full text
Abstract:
To ensure the identity of a website, SSL digital certificates are used together with HTTPS secured protocol; these two items provide both the server authentication to the user and an encrypted communication channel intended to prevent interception of information exchanged between the user and that website through the Web browser. The current tendency, supported by the major competitors in the market, The Chromium Projects (since December 2014) and Mozilla Foundation (since April 2015), is to impose HTTPS protocol as the default, worldwide used protocol by the Web servers. The paper analyzes the steps followed for creating / obtaining different types of digital certificates and how to configure the Web server to use the secure protocols HTTPS and SSL/TLS so the access to a website will be done in a secure way. As a case study, a Moodle platform was installed on a XAMPP open-source package (locally hosted) and respectively on a Web domain hosted at a specialized provider of Internet services. The identity of this e-learning platform is approached from the perspective of three types of digital certificates. The first type of tested digital certificate is the self-signed one (it doesn't provide a real level of trust and is designed for personal use or in a company intranet). Next, a digital certificate issued by a Certificate Authority will be installed, ensuring the identity and validation of the Web domain. Finally, will be presented the digital certificate issued by Let's Encrypt, a Certificate Authority providing free, trusted digital certificates (in compliance with X.509 standard), automatically obtained by a process that uses the protocol ACME (Automated Certificate Management Environment).The authors present for each type of installed digital certificate, but also for the default case (the Web server is not configured to use a digital certificate), how the Web browsers display the identity of the e-learning platform and what information are available to describe its identity.
APA, Harvard, Vancouver, ISO, and other styles
2

Manolache, Florin B., and Octavian Rusu. "Automated SSL/TLS Certificate Distribution System." In 2021 20th RoEduNet Conference: Networking in Education and Research (RoEduNet). IEEE, 2021. http://dx.doi.org/10.1109/roedunet54112.2021.9637722.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Gallersdorfer, Ulrich, and Florian Matthes. "TeSC: TLS/SSL-Certificate Endorsed Smart Contracts." In 2021 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS). IEEE, 2021. http://dx.doi.org/10.1109/dapps52256.2021.00016.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Escarrone, Thiago, Diego Kreutz, and Maurício Fiorenza. "Uma Primeira Analise do Ecosistema HTTPS no Brasil." In XVII Escola Regional de Redes de Computadores. Sociedade Brasileira de Computação - SBC, 2019. http://dx.doi.org/10.5753/errc.2019.9226.

Full text
Abstract:
O HTTPS (SSL/TLS) é essencial para garantir a segurança (e.g. confidencialidade dos dados) das comunicações que utilizam o protocolo HTTP na Internet. Entretanto, apesar da crescente adoção do HTTPS, muitos sites ainda não implementam da maneira correta os certificados digitais. Neste trabalho é presentado um primeiro levantamento sobre o estado do ecossistema SSL/TLS no Brasil. Para a análise, foram selecionados 44 sites de instituições financeiras e governamentais, incluindo o governo federal e governos estaduais. Os resultados apontam que a maioria dos sites utilizam ou suportam versões antigas do SSL ou do TLS, que contém vulnerabilidades conhecidas e passíveis de exploração por agentes maliciosos.
APA, Harvard, Vancouver, ISO, and other styles
5

Matsumoto, Stephanos, and Raphael M. Reischuk. "Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS." In Workshop on Security of Emerging Networking Technologies. Internet Society, 2015. http://dx.doi.org/10.14722/sent.2015.23009.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Chen, Yuting, and Zhendong Su. "Guided differential testing of certificate validation in SSL/TLS implementations." In ESEC/FSE'15: Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering. ACM, 2015. http://dx.doi.org/10.1145/2786805.2786835.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Chen, Chu, Cong Tian, Zhenhua Duan, and Liang Zhao. "RFC-directed differential testing of certificate validation in SSL/TLS implementations." In ICSE '18: 40th International Conference on Software Engineering. ACM, 2018. http://dx.doi.org/10.1145/3180155.3180226.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Fu, Peipei, Zhen Li, Gang Xiong, Zigang Cao, and Cuicui Kang. "SSL/TLS Security Exploration Through X.509 Certificate’s Life Cycle Measurement." In 2018 IEEE Symposium on Computers and Communications (ISCC). IEEE, 2018. http://dx.doi.org/10.1109/iscc.2018.8538533.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Chen, Chu, Pinghong Ren, Zhenhua Duan, Cong Tian, Xu Lu, and Bin Yu. "SBDT: Search-Based Differential Testing of Certificate Parsers in SSL/TLS Implementations." In ISSTA '23: 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. ACM, 2023. http://dx.doi.org/10.1145/3597926.3598110.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Brubaker, Chad, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, and Vitaly Shmatikov. "Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations." In 2014 IEEE Symposium on Security and Privacy (SP). IEEE, 2014. http://dx.doi.org/10.1109/sp.2014.15.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Certificats SSL/TLS' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography