A comprehensive study on security attacks on SSL/TLS protocol

Sirohi, Preeti; Agarwal, Amit; Tyagi, Sapna

doi:10.1109/ngct.2016.7877537

Cited by 19 publications

(7 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, they suffer from flexibility and manageability issues due to the use of Public Key Infrastructure (PKI) [17,18]. In addition, many security vulnerabilities were found in such protocols [19,20]. Thus, it is essential to find an alternative.…”

Section: Related Workmentioning

confidence: 99%

A group key-based lightweight Mutual Authentication and Key Agreement (MAKA) protocol for multi-server environment

Roy

Bhattacharya

2021

J Supercomput

View full text Add to dashboard Cite

Use of Internet-of-Things (IoT)-based wireless applications has been exponentially increased nowadays and likely to accelerate in near future. Thus, a large volume of traffic needs to be managed at the application server. In such scenario, the traditional single-server architecture shows serious performance bottleneck and needs to be replaced by multiple servers. In addition, several security and design vulnerabilities may arise while accessing application data through various resource-constraint mobile devices. Thus, ensuring entity authentication, application data confidentiality and energy-efficient computations are essential. In this article, we introduce a group key-based lightweight Mutual Authentication and Key Agreement (MAKA) protocol for multi-server environment. The proposed protocol is designed using lowcost cryptographic primitives (such as hash function and symmetric key encryption/ decryption) to address energy-efficiency requirements of the resource-constraint mobile devices. It reduces computational burden of the registration center by distributing the traffic load into a group of servers. Additionally, registration center needs not to maintain one-to-one communication with its users whenever a new server is added to the system. The protocol achieves various security and design properties which are verified both formally and informally. Finally, we compare our protocol with others to show its applicability in real-life implementations.

show abstract

Section: Related Workmentioning

confidence: 99%

A group key-based lightweight Mutual Authentication and Key Agreement (MAKA) protocol for multi-server environment

Roy

Bhattacharya

2021

J Supercomput

View full text Add to dashboard Cite

show abstract

“…The evolution of cipher suites from the simple adapted cipher suite is depicted in Fig. 3 [18]. For their hidden session key encryption, SSL and TLS used the RSA algorithm when they first began protecting the web browser and web server.…”

Section: Analysis Of Cipher Suitesmentioning

confidence: 99%

Secure and Light Weight Elliptic Curve Cipher Suites in SSL/TLS

Arunkumar¹,

Kousalya²

2022

Computer Systems Science and Engineering

View full text Add to dashboard Cite

In the current circumstance, e-commerce through an online banking system plays a significant role. Customers may either buy goods from E-Commerce websites or use online banking to move money to other accounts. When a user participates in these types of behaviors, their sensitive information is sent to an untrustworthy network. As a consequence, when transmitting data from an internal browser to an external E-commerce web server using the cryptographic protocol SSL/TLS, the E-commerce web server ensures the security of the user's data. The user should be pleased with the confidentiality, authentication, and authenticity properties of the SSL/TLS on both the user's web browser and the remote E-commerce web server. E-Commerce web servers should choose the best SSL/TLS cipher suites for negotiating the user in order to attain such optimistic scenarios, as the cipher suite used in SSL/TLS plays an important role in securing E-Commerce web servers. The paper primarily focuses on analyzing the SSL/TLS cipher and elliptic curves. The paper also recommends the best elliptic curve cipher suites for E-Commerce and online banking servers, based on their power consumption, handshake execution time, and key exchange and signature verification time.

show abstract

“…This creates a scenario where the port remains open until the connection times out, when another fabricated SYN request is received. This overwhelms the target system's resources and prevents legitimate users from establishing connections [117][118][119][120][121]. Although UDP does not need a handshake to establish a connection, which in itself creates a vulnerability for attacks that overwhelm the connections with large volumes of bogus traffic.…”

Section: Transport (Layer 4)mentioning

confidence: 99%

A Survey of Protocol-Level Challenges and Solutions for Distributed Energy Resource Cyber-Physical Security

et al. 2018

View full text Add to dashboard Cite

The increasing proliferation of distributed energy resources (DERs) on the smart grid has made distributed solar and wind two key contributors to the expanding attack surface of the network; however, there is a lack of proper understanding and enforcement of DER communications security requirements. With vendors employing proprietary methods to mitigate hosts of attacks, the literature currently lacks a clear organization of the protocol-level vulnerabilities, attacks, and solutions mapped to each layer of the logical model such as the OSI stack. To bridge this gap and pave the way for future research by the authors in determining key DER security requirements, this paper conducts a comprehensive review of the key vulnerabilities, attacks, and potential solutions for solar and wind DERs at the protocol level. In doing so, this paper serves as a starting point for utilities, vendors, aggregators, and other industry stakeholders to develop a clear understanding of the DER security challenges and solutions, which are key precursors to comprehending security requirements.

show abstract

A comprehensive study on security attacks on SSL/TLS protocol

Cited by 19 publications

References 5 publications

A group key-based lightweight Mutual Authentication and Key Agreement (MAKA) protocol for multi-server environment

A group key-based lightweight Mutual Authentication and Key Agreement (MAKA) protocol for multi-server environment

Secure and Light Weight Elliptic Curve Cipher Suites in SSL/TLS

A Survey of Protocol-Level Challenges and Solutions for Distributed Energy Resource Cyber-Physical Security

Contact Info

Product

Resources

About