Privacy Preservation and Data Security on Internet Using Mutual Ssl
It is essential to maintain a ratio between privacy protection and knowledge discovery. Internet users depend daily on SSL/HTPS for secure communication on internet.
Over the years, many attacks on the certificate trust model it uses have been evolved. Mutual SSL authentication shared verification alludes to two parties validating each other through checking the digital certificate so that both sides are guaranteed of the other’s identity.
In technical terms, it alludes to a client (web program or client application) authenticate themselves to the server (server application) and that server likewise confirming itself to the client through checking the general public key certificate issued by trusted Certificate Authorities (CA). Since confirmation depends on computerized Certificate, certification authorities, for example, Verisign or Microsoft Declaration Server are a critical part of mutual authentication process.
From an abnormal state perspective, the way toward authenticating and setting up an encrypted channel using certificate-based mutual SSL authentication.
Keywords
- Peter Burkholder, “SSL Man-in-the-Middle Attacks”, SANS Institute InfoSec Reading, 2003.
- Michael Howard, “Man-in-the-Middle Attack to the HTTPS Protocol”,IEEE computer society, 2009
- Lakshminarayanan A.1, Jianying Zhou. Flexi Cert: merging X.509 identity certificates and attribute certificates. Proceedings. 14th International Workshop on Database and Expert Systems Applications, 2003.
- F. Stumpf, “Leveraging attestation techniques for trust establishment in distributed systems,” Ph.D. dissertation,Department of Computer Science, Technische Universitat Darmstadt, 2010.
- Wang K., Fung B. C. M.: Anonymization for Sequential Releases. ACM KDD Conference, 2006.
- Xiao X., Tao Y. Personalized Privacy Preservation. ACM SIGMOD Conference, 2006.
- Xiao X., Tao Y. Anatomy: Simple and Effective Privacy Preservation. VLDB Conference, pp. 139-150, 2006.
- Yao G., Feng D.: A new k-anonymous message transmission protocol. International Workshop on Informat ion Secur i t y Applications, 2004.
- Schoeman, F.D.: Philosophical Dimensions of Privacy: An Anthology. Cambridge University Press. (1984)
- Parshotam, Rupinder Cheema and Aayush Gulati “Improving the Secure Socket Layer by Modifying the RSA Algorithm” International Journal of Computer Science, Engineering andApplications (IJCSEA) 2, 2012.
- H. Ot rok, R. Haraty, and A. N. El Kassar,”Improving the Secure Socket Layer Protocol by modifying its Authentication functions” 2006.
- A. O. Freier, P.Karlton and P.C.Kocher,”The SSL Protocol,version 3.0".
- C. Jackson, D. R. Simon, D. S. Tan, and A. Barth. An evaluation of extended validation and picture-in-picture phishing attacks. In USEC, 2007.
- C. Jackson and A. Barth. ForceHTTPS: Protecting high-security web sites from network attacks. In WWW, 2008.
- Swati Gupta, Saru Dhir ,An Enhanced Approach to Use SSL for End to End Security, Amity School of Engineering and Technology Amity University, Noida.
- Kefei Cheng, Meng Gao, Ruijie Guo, Analysis and Research on HTTPS Hijacking Attacks, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing.
- Arthur Goldberg, Robert Buff, Andrew Schmitt Arthur Goldberg, Robert Buff, Andrew Schmitt, A COMPARISON OF HTTP AND HTTPS PERFORMANCE, Computer Science Department Courant Institute of Mathematical Science.
- LI Wei, XIANG Shuyue, CHEN Shuangbao, Improvement Method of SSL Protocol Identity Authentication based on the Attribute Cer tificate, International Conference on Computer Science and Ser vice System,2012
- Norazah Abd Aziz, Nur Izura Udzir and Ramlan Mahmod,Performance Analysis for Extended TLS with Mutual Attestation for Platform Integrity Assurance,IEEE,2014.
Abstract Views: 208
PDF Views: 9