Performance analysis for extended TLS with mutual attestation for platform integrity assurance
Title | Performance analysis for extended TLS with mutual attestation for platform integrity assurance |
Publication Type | Conference Paper |
Year of Publication | 2014 |
Authors | Abd Aziz, N., Udzir, N.I., Mahmod, R. |
Conference Name | Cyber Technology in Automation, Control, and Intelligent Systems (CYBER), 2014 IEEE 4th Annual International Conference on |
Date Published | June |
Keywords | Apache Web server, Browsers, client-server environment, endpoint platforms, extended TLS, Internet connectivity, Mozilla Firefox browser, mutual attestation mechanism, platform integrity assurance, principal component analysis, Protocols, remote attestation, security, SSL-TLS protocol, Trusted Computing, trusted computing group, trustworthiness, Web browsers, Web servers, Web service security, web services, Web-based application |
Abstract | A web service is a web-based application connected via the internet connectivity. The common web-based applications are deployed using web browsers and web servers. However, the security of Web Service is a major concern issues since it is not widely studied and integrated in the design stage of Web Service standard. They are add-on modules rather a well-defined solutions in standards. So, various web services security solutions have been defined in order to protect interaction over a network. Remote attestation is an authentication technique proposed by the Trusted Computing Group (TCG) which enables the verification of the trusted environment of platforms and assuring the information is accurate. To incorporate this method in web services framework in order to guarantee the trustworthiness and security of web-based applications, a new framework called TrustWeb is proposed. The TrustWeb framework integrates the remote attestation into SSL/TLS protocol to provide integrity information of the involved endpoint platforms. The framework enhances TLS protocol with mutual attestation mechanism which can help to address the weaknesses of transferring sensitive computations, and a practical way to solve the remote trust issue at the client-server environment. In this paper, we describe the work of designing and building a framework prototype in which attestation mechanism is integrated into the Mozilla Firefox browser and Apache web server. We also present framework solution to show improvement in the efficiency level. |
URL | https://ieeexplore.ieee.org/document/6917428 |
DOI | 10.1109/CYBER.2014.6917428 |
Citation Key | 6917428 |
- Remote Attestation
- Web-based application
- web services
- Web service security
- Web servers
- Web browsers
- trustworthiness
- trusted computing group
- Trusted Computing
- SSL-TLS protocol
- security
- Apache Web server
- Protocols
- principal component analysis
- platform integrity assurance
- mutual attestation mechanism
- Mozilla Firefox browser
- Internet connectivity
- extended TLS
- endpoint platforms
- client-server environment
- Browsers