Visible to the public Biblio

Filters: Keyword is TLS/SSL  [Clear All Filters]
2020-07-03
Yamauchi, Hiroaki, Nakao, Akihiro, Oguchi, Masato, Yamamoto, Shu, Yamaguchi, Saneyasu.  2019.  A Study on Service Identification Based on Server Name Indication Analysis. 2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW). :470—474.

Identifying services constituting traffic from given IP network flows is essential to various applications, such as the management of quality of service (QoS) and the prevention of security issues. Typical methods for achieving this objective include identifications based on IP addresses and port numbers. However, such methods are not sufficiently accurate and require improvement. Deep Packet Inspection (DPI) is one of the most promising methods for improving the accuracy of identification. In addition, many current IP flows are encrypted using Transport Layer Security (TLS). Hence, it is necessary for identification methods to analyze flows encrypted by TLS. For that reason, a service identification method based on DPI and n-gram that focuses only on the non-encrypted parts in the TLS session establishment was proposed. However, there is room for improvement in identification accuracy because this method analyzes all the non-encrypted parts including Random Values without protocol analyses. In this paper, we propose a method for identifying the service from given IP flows based on analysis of Server Name Indication (SNI). The proposed method clusters flow according to the value of SNI and identify services from the occurrences of all clusters. Our evaluations, which involve identifications of services on Google and Yahoo sites, demonstrate that the proposed method can identify services more accurately than the existing method.

2020-02-10
Nikolov, Neven, Nakov, Ognyan.  2019.  Research of Secure Communication of Esp32 IoT Embedded System to.NET Core Cloud Structure Using MQTTS SSL/TLS. 2019 IEEE XXVIII International Scientific Conference Electronics (ET). :1–4.

This paper studies and describes encrypted communication between IoT cloud and IoT embedded systems. It uses encrypted MQTTS protocol with SSL/TLS certificate. A JSON type data format is used between the cloud structure and the IoT device. The embedded system used in this experiment is Esp32 Wrover. The IoT embedded system measures temperature and humidity from a sensor DHT22. The architecture and software implementation of the experimental stage are also presented.

2018-09-05
Chaiphet, Chiraphat, Ngamsuriyaroj, Sudsanguan, Awad, Ahmed, Jacob, Betran, Gakos, Ioannis, Grajkowski, Wiktor.  2017.  Secure Enclave for TLS Web Server on Untrusted Environment. Proceedings of the 2017 the 7th International Conference on Communication and Network Security. :27–31.
Web servers use SSL/TLS to establish secure communication between clients and servers. The mechanism of SSL/TLS relies on a key pair to validate the server and to protect the confidentiality of the data. However, many websites are running on third-party servers or on cloud environments where website owners have no control over the physical servers or the software including the operating systems but still need to trust and store the private key on the servers. While it is common to store the encrypted key on the disk, the web server still need a decrypted key inside the memory during the operation. Thus, an adversary could obtain the private key residing on the web server's memory. In this paper, we propose a secure enclave for a web server running the high privilege code that handles the secret keys inside an encrypted memory area by utilizing Intel Software Guard Extension (SGX) whereas other components of the web server outside the trusted computing base are left intact. The experimental results show 19% to 38% implementation overhead depending on which cipher suite is used and how a session key is handled.