Leak in OpenSSL

2021 ◽  
Vol 7 (1) ◽  
pp. 1-6
Author(s):  
Jason Yapri ◽  
Rinkel Hananto
Keyword(s):  
Unethical Behavior ◽  
Credit Card ◽  
Transport Layer ◽  
The Internet ◽  
Secure Socket Layer ◽  
Collaborative Project ◽  
Low Level ◽  
Transport Layer Security ◽  
Confidential Data ◽  
The World

The term “hacker” has been spread around the world and has always been considered as a threat when we use the internet. We often hear hackers deface websites’ contents and break into system to steal private and confidential information, such as account’s username and password, credit card numbers and others. This is definitely an unethical behavior of irresponsible people who mostly aims to gain profit. However the term hacker, on the contrary actually originates from an expert computer technicians who tries to access the system to debug and fix security problems of the system. Nowadays there are dozens of websites out there and some of those websites have low level of security. Hacker can easily break through their system and steal their private confidential data but just because these websites have low level security, that doesn’t mean that it is ethical to break into someone’s system and read their data. It goes the same when someone entering other people’s house because the door was left open by the owner. As web development grows rapidly, security has become an essential part to make the website more secure and reliable. This is when a group of people decided to make a collaborative project on the implementation of SSL (Secure Socket Layer) and TLS (Transport Layer Security) that is available to be used by everyone. This project is called as OpenSSl and has been used by most of the websites in the internet today. What if this OpenSSL, which has been trusted and implemented by 2/3rd of the websites all around the world can be breached? Definitely it will attract dozens of hackers all around the world to do something unimaginably dangerous.

TLS, SSL, and SET

2008 ◽  
pp. 300-333
Author(s):  
Manuel Mogollon
Keyword(s):  
Credit Card ◽  
Web Server ◽  
Point Of View ◽  
Transport Layer ◽  
The Internet ◽  
Secure Socket Layer ◽  
End User ◽  
Credit Card Number ◽  
Transport Layer Security ◽  
Commercial Transaction

In an Internet commercial transaction, the secure Web server and the buyer’s computer authenticate each other and encipher the data transmitted using transport layer security (TLS) or secure socket layer (SSL) protocols. When a purchase is made online using a credit card, does the customer’s bank need to know what was purchased? Not really. Does the seller need to know the customer’s credit card number? Actually, the answer is no. The responses to these questions were the main premises of the secure electronic transaction (SET). In the late 1990’s, SET was approved as the credit card standard, but it failed to be accepted because of its cost and the problems regarding distribution of end-user certificates. However, SET is explained in this chapter as an ideal protocol, from the point of view of certificates, digital signatures, and cryptography for securing credit card transactions over the Internet.

A REVIEW ON OVERVIEW OF ETHICAL HACKING

2021 ◽  
Vol 6 (4) ◽  
Author(s):  
Vaishnavi Bhagwat Savant ◽  
Rupali D. Kasar ◽  
Priti B. Savant
Keyword(s):  
Cloud Computing ◽  
Credit Card ◽  
Dark Side ◽  
The Internet ◽  
The People ◽  
The World ◽  
Private Citizens ◽  
E Mail

The explosive growth of the Internet has brought many good things such as E-commercebanking, E-mail, cloud computing, but there is also a dark side such as Hacking, Backdoors, Trapdoors etc. Hacking is the first big problem faced by Governments, companies, and private citizens around the world. Hacking means reading email’s of someone, stealing passwords, stealing credit card numbers etc. An ethical hacker is one who can help the people who are suffered by this hackings. This paper describes about Ethical hackers, it’s types and phases of hacking

scholarly journals The Arithmetic Of elliptic Curve for Prime Curve Secp-384r1 Using One Variable Polynomial Division for Security of Transport Layer Protocol

2019 ◽  
Vol 8 (2) ◽  
pp. 4770-4774
Keyword(s):  
Elliptic Curve ◽  
Transport Layer ◽  
Mathematical Function ◽  
Secure Socket Layer ◽  
Prime Field ◽  
Security Services ◽  
Transport Layer Security ◽  
Digital Signature Algorithm ◽  
Ssl Protocol ◽  
Transport Layer Protocol

In this paper, we present a new method for solving multivariate polynomial elliptic curve equations over a finite field. The arithmetic of elliptic curve is implemented using the mathematical function trace of finite fields. We explain the approach which is based on one variable polynomial division. This is achieved by identifying the plane p with the extension of and transforming elliptic curve equations as well as line equations arising in point addition or point doubling into one variable polynomial. Hence the intersection of the line with the curve is analogous to the roots of the division between these polynomials. Hence this is the different way of computing arithmetic of elliptic curve.Transport layer security provides endto-end security services for applications that use a reliable transport layer protocol such as TCP. Two Protocols are dominant today for providing security at the transport layer, the secure socket layer (SSL) protocol and transport layer security (TLS) protocol. One of the goals of these protocols is to provide server and client authentication, data confidentiality and data integrity. The above goals are achieved by establishing the keys between server and client, the algorithm is called elliptic curve digital signature algorithm (ECDSA) and elliptic curve DiffieHellman (ECDH). These algorithms are implemented using standard for efficient cryptography(SEC) prime field elliptic curve secp-384r1 currently specified in NSA Suite B Cryptography. The algorithm is verified on elliptic curve secp384r1and is shown to be adaptable to perform computation

Ancaman Keamanan pada Transport Layer Security

2016 ◽  
Vol 7 (2) ◽  
pp. 70-75
Author(s):  
Muhamad Fadhli ◽  
Fityan Ali Munshi ◽  
Taufik Adi Wicaksono
Keyword(s):  
Web Security ◽  
Transport Layer ◽  
Secure Socket Layer ◽  
Transfer Layer ◽  
The Public ◽  
Transport Layer Security ◽  
Public Networks ◽  
Index Terms ◽  
In Transit

Secure Socket Layer (SSL) also known as Transfer Layer Security (TLS) is de facto standard for web security. It provides confidentiality and integrity of information in transit across the public networks using their powerful cipher suites but it still contains some loopholes or flaws in its foundation. In this paper we discuss TLS standard along with various attacks found in recent years, such as BEAST, CRIME, BREACH, Lucky 13, and their proposed mitigation. Index Terms— Attack, Compression, Mitigation, Security, TLS.

Introduction to OpenFlow

2018 ◽  
pp. 52-71 ◽  
Author(s):  
Mohit Kumar Jaiswal
Keyword(s):  
Control Mechanism ◽  
Internal Flow ◽  
Transport Layer ◽  
Secure Socket Layer ◽  
Transport Layer Security ◽  
Flow Table ◽  
Network Switch ◽  
Sdn Controller ◽  
Ethernet Switch

The SDN controller is interfaced with the hardware of the network (i.e., with switches and routers) using OpenFlow. Basically, OpenFlow is an open interface used for configuring the forwarding tables of network switch according to the desired path derived by the SDN controller. OpenFlow enables more innovation in controller platforms and applications, and describes a solution for each frame or packet flow. OpenFlow is based on an ethernet switch with an internal flow-table and a standardized interface to add and remove flow entries of forwarding table of the system. The control mechanism from each one of the switch and router up to SDN controller are encrypted with the transport layer security (TLS) and secure socket layer (SSL) OpenFlow protocols to provide the additional security inside the network.

scholarly journals PDoT

2021 ◽  
Vol 2 (1) ◽  
pp. 1-22
Author(s):  
Yoshimichi Nakatsuka ◽  
Andrew Paverd ◽  
Gene Tsudik
Keyword(s):  
Transport Layer ◽  
Security And Privacy ◽  
The Internet ◽  
Domain Name System ◽  
Proof Of Concept ◽  
Remote Attestation ◽  
Domain Name ◽  
Transport Layer Security ◽  
Execution Environment ◽  
Trusted Execution Environment

Security and privacy of the Internet Domain Name System (DNS) have been longstanding concerns. Recently, there is a trend to protect DNS traffic using Transport Layer Security (TLS). However, at least two major issues remain: (1) How do clients authenticate DNS-over-TLS endpoints in a scalable and extensible manner? and (2) How can clients trust endpoints to behave as expected? In this article, we propose a novel Private DNS-over-TLS (PDoT) architecture. PDoT includes a DNS Recursive Resolver (RecRes) that operates within a Trusted Execution Environment. Using Remote Attestation , DNS clients can authenticate and receive strong assurance of trustworthiness of PDoT RecRes. We provide an open source proof-of-concept implementation of PDoT and experimentally demonstrate that its latency and throughput match that of the popular Unbound DNS-over-TLS resolver.

scholarly journals Web servers energy efficiency under HTTP/2

2016 ◽  
Author(s):  
Varun Sapra ◽  
Abram Hindle
Keyword(s):  
Energy Efficiency ◽  
Power Consumption ◽  
Task Force ◽  
Transport Layer ◽  
The Internet ◽  
Internet Communication ◽  
Web Servers ◽  
Trip Time ◽  
Transport Layer Security ◽  
Web Experience

Server energy consumption has been a subject of research for more than a decade now. With Internet scaling rapidly all over the world, more servers are being added continuously. With global warming and financial cost associated with running servers, it has now become a more pressing concern to optimize the power consumption of these servers while still not affecting the performance. The optimization that can be carried out at the hardware level has its limits and therefore the onus comes on to the software developers as well to optimize their web interacting services and use protocols that are more efficient. Recently, Internet Engineering Task Force (IETF) formalized the specification for the successor of HTTP/1.1 protocol. Named HTTP/2, it has been projected to overcome all the limitations of HTTP/1.1 protocol for which web services developers have to optimize their applications. Understandably, HTTP/2 has been drawing a lot of interest from users, web administrators to big organizations. With HTTP/2 as the future of the Internet communication and servers acting as the backbone of the Internet, we are interested in knowing if HTTP/2 will provide energy efficiency benefits to servers or it will just improve users web experience. In this paper, we evaluate the energy efficiency of two web servers while they communicate over HTTP/1.1 and HTTP/2 protocol. We also investigate how Transport layer security (TLS) affects the power consumption of the servers. In our tests, we have introduced HTTP/2 features one by one so that readers can see for themselves what benefits the HTTP/2 over HTTP/1.1. Our study suggests that multiplexing and Round Trip time (RTT) are the biggest factors helping HTTP/2 achieve its design goals. We conclude that even with huge TLS associated cost with HTTP/2, on high latency networks it can help servers to be more energy efficient while improving their performance as well.

Sign in / Sign up

Export Citation Format

Share Document