Results 1 - 10 of 683

Automatic verification of the tls handshake protocol

by O Cuartero, O Pelayo - In SAC ’04: Proceedings of the 2004 ACM symposium on Applied computing
"... E-commerce is based on transactions between client and server agents. These transactions require a protocol that provides privacy and reliability between these two agents. A widely used protocol on e-commerce is Transport Layer Security (TLS). In this paper we present a way to use For-mal Methods to ..."
Abstract - Cited by 16 (3 self) - Add to MetaCart
to ensure the e-commerce properties of this protocol. Specifically we use a known tool for Model Check-ing (UPPAAL) to describe and analyze the behaviour of the protocol (by means of timed automata). Thus, with this tool we can make an automatic verification of TLS. Categories and Subject Descriptors

FORMAL VERIFICATION OF TLS HANDSHAKE AND EXTENSIONS FOR WIRELESS NETWORKS

by Llanos Tobarra, Diego Cazorla, O Cuartero, Gregorio Díaz
"... Transport Layer Security (TLS) is a security protocol widely used in e-commerce in recent years. This protocol has been extended in order to deal with clients connecting from mobile devices (PDAs, cellular phones) through a wireless network. The main goal of this paper is to prove, using model check ..."
Abstract - Add to MetaCart
Transport Layer Security (TLS) is a security protocol widely used in e-commerce in recent years. This protocol has been extended in order to deal with clients connecting from mobile devices (PDAs, cellular phones) through a wireless network. The main goal of this paper is to prove, using model

Handshake

by Amir Herzberg, Per Connection
"... Web users are increasingly victims of phishing, spoofing and malware attacks. In this article, we discuss existing and proposed defense mechanisms. We highlight the vulnerabilities of current defenses, and the challenges of validating and adopting new defenses. 1 SSL-based Logon Most web browsers an ..."
Abstract - Add to MetaCart
and servers support the Secure Socket Layer (SSL) protocol (or its standard version, the Transaction Layer Security (TLS) standard); see [R00]. SSL (and TLS) are advanced, public-key cryptographic protocols. Their main goal is it to protect the confidentiality of sensitive traffic against an eavesdropper, who

PRISM: A tool for automatic verification of probabilistic systems

by Andrew Hinton, Marta Kwiatkowska, Gethin Norman, David Parker - Proc. 12th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’06), volume 3920 of LNCS , 2006
"... Abstract. Probabilistic model checking is an automatic formal verification technique for analysing quantitative properties of systems which exhibit stochastic behaviour. PRISM is a probabilistic model checking tool which has already been successfully deployed in a wide range of application domains, ..."
Abstract - Cited by 282 (33 self) - Add to MetaCart
Abstract. Probabilistic model checking is an automatic formal verification technique for analysing quantitative properties of systems which exhibit stochastic behaviour. PRISM is a probabilistic model checking tool which has already been successfully deployed in a wide range of application domains

Protocol Verification as a Hardware Design Aid

by David L. Dill , Andreas J. Drexler, Alan J. Hu, C. Han Yang - IN IEEE INTERNATIONAL CONFERENCE ON COMPUTER DESIGN: VLSI IN COMPUTERS AND PROCESSORS , 1992
"... The role of automatic formal protocol verification in hardware design is considered. Principles are identified that maximize the benefits of protocol verification while minimizing the labor and computation required. A new protocol description language and verifier (both called Mur') are descri ..."
Abstract - Cited by 275 (27 self) - Add to MetaCart
The role of automatic formal protocol verification in hardware design is considered. Principles are identified that maximize the benefits of protocol verification while minimizing the labor and computation required. A new protocol description language and verifier (both called Mur

An Analysis of TLS Handshake Proxying

by Nick Sullivan , Douglas Stebila
"... Abstract-Content delivery networks (CDNs) are an essential component of modern website infrastructures: edge servers located closer to users cache content, increasing robustness and capacity while decreasing latency. However, this situation becomes complicated for HTTPS content that is to be delive ..."
Abstract - Add to MetaCart
that is to be delivered using the Transport Layer Security (TLS) protocol: the edge server must be able to carry out TLS handshakes for the cached domain. Most commercial CDNs require that the domain owner give their certificate's private key to the CDN's edge server or abandon caching of HTTPS content entirely

A Modular Security Analysis of the TLS Handshake Protocol

by P. Morrissey, N. P. Smart, B. Warinschi - Advances in Cryptology — Asiacrypt 2008, Volume 5350 of LNCS , 2008
"... We study the security of the widely deployed Secure Session Layer/Transport Layer Security (TLS) key agreement protocol. Our analysis identifies, justifies, and exploits the modularity present in the design of the protocol: the application keys offered to higher level applications are obtained from ..."
Abstract - Cited by 27 (0 self) - Add to MetaCart
We study the security of the widely deployed Secure Session Layer/Transport Layer Security (TLS) key agreement protocol. Our analysis identifies, justifies, and exploits the modularity present in the design of the protocol: the application keys offered to higher level applications are obtained from

Proving the TLS handshake secure (as it is

by Karthikeyan Bhargavan, Markulf Kohlweiss, Alfredo Pironti, Pierre-yves Strub - BFS + 13] Christina Brzuska, Marc Fischlin, Nigel , 2013
"... The TLS Internet Standard features a mixed bag of cryptographic algorithms and constructions, let-ting clients and servers negotiate their use for each run of the handshake. Although many ciphersuites are now well-understood in isolation, their composition remains problematic, and yet it is critical ..."
Abstract - Cited by 6 (3 self) - Add to MetaCart
to model multiple related instances of the handshake. We study the provable security of the TLS handshake, as it is implemented and deployed. To capture the details of the standard and its main extensions, we rely on miTLS, a verified reference implementation of the protocol. miTLS inter

Batching SSL/TLS Handshake Improved ⋆

by Fang Qi, Weijia Jia, Feng Bao, Yongdong Wu
"... Abstract. Secure socket layer (SSL) is the most popular protocol to secure Internet communications. Since SSL handshake requires a large amount of computational resource, batch RSA was proposed to speedup SSL session initialization. However, the batch method is impractical since it requires a multip ..."
Abstract - Add to MetaCart
Abstract. Secure socket layer (SSL) is the most popular protocol to secure Internet communications. Since SSL handshake requires a large amount of computational resource, batch RSA was proposed to speedup SSL session initialization. However, the batch method is impractical since it requires a

Secure Communication Protocol for ATM Using TLS Handshake

by Uday Pratap Singh, Mukul Pathak, Riidhei Malhotra
"... Financial service outlets such as ATMs are vulnerable to various attacks like shoulder surfing, data skimming, fake machines etc. Therefore these outlets are easy targets for attackers. In the current financial service transactions, there is no provision for users to verify genuineness of the financ ..."
Abstract - Add to MetaCart
dedicated communication channel for user authentication. Installing these outlets is therefore an expensive operation. In this work, we are providing Secure two way TLS Handshake Communication Protocol for financial services based on a smart card. By authenticating ATM, the user is ensured
Results 1 - 10 of 683