Analysis of free SSL/TLS Certificates and their implementation as Security Mechanism in Application Servers.

  • Mario E. Cueva Hurtado Universidad Nacional de Loja
  • Diego Javier Alvarado Sarango Universidad Nacional de Loja
Keywords: Security, Certificates SSL/TLS, Certifying Authority, Vulnerabilities, X.509, Kali Linux.

Abstract

Security in the application layer (SSL), provides the confidentiality, integrity, and authenticity of the data, between two applications that communicate with each other. This article is the result of having implemented Free SSL / TLS Certificates in application servers, determining the relevant characteristics that must have a SSL/TLS certificate, the Certifying Authority generate it. A vulnerability analysis is developed in application servers and encrypted communications channel is established to protect against attacks such as man in the middle, phishing and maintaining the integrity of information that is transmitted between the client and server.

Downloads

Download data is not yet available.

References

Clark, J., & Van Oorschot, P. C. (2013). SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. Proceedings - IEEE Symposium on Security and Privacy, 511–525. http://doi.org/10.1109/SP.2013.41
Durumeric, Z., & Kasten, J. (2013). Analysis of the HTTPS certificate ecosystem. Proceedings of the 2013 …, 291–304. http://doi.org/10.1145/2504730.2504755
Enrique, M., Hurtado, C., Javier, D., Sarango, A., Gustavo, R., Díaz, F., & Torres, H. (n.d.). Revisión Sistemática de Certificados SSL / TLS como Mecanismo de Seguridad en Servidores de Aplicación. http://doi.org/978-9978-389-32-4
Kitchenham, B. (2004). Procedures for performing systematic reviews. Keele, UK, Keele University, 33(TR/SE-0401), 28. http://doi.org/10.1.1.122.3308
Markovi, M. (2007). Data protection techniques, cryptographic protocols and PKI systems in modern computer networks. 2007 IWSSIP and EC-SIPMCS - Proc. 2007 14th Int. Workshop on Systems, Signals and Image Processing, and 6th EURASIP Conf. Focused on Speech and Image Processing, Multimedia Communications and Services, 13–24. http://doi.org/10.1109/IWSSIP.2007.4381086
Mu, F., Zhang, J., Du, J., & Lin, J. (2011). Application of the Secure Transport SSL Protocol in Network Communication. http://doi.org/10.1109/ISCID.2011.25
Ordean, M., & Giurgiu, M. (2010). Implementation of a security layer for the SSL/TLS protocol. 2010 9th International Symposium on Electronics and Telecommunications, ISETC’10 - Conference Proceedings, 209–212. http://doi.org/10.1109/ISETC.2010.5679350
Riffo, M. A. (2008). Vulnerabilidades de las Redes TCP/IP y Principales Mecanismos de Seguridad. In Vitro, 3(2), 1–23. Retrieved from http://www.ncbi.nlm.nih.gov.myaccess.library.utoronto.ca/pubmed/11720961
Subías, M. P. (n.d.). Desfalcos por “Phishing,” 25–26. Retrieved from http://www.notariado.org/liferay/c/document_library/get_file?folderId=12092&name=DLFE-10678.pdf
Wagner, D., & Schneier, B. (1996). Analysis of the SSL 3.0 protocol. Proceedings of the 2nd Conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2, 4. http://doi.org/10.1.1.29.9990
Published
2017-02-24
How to Cite
Cueva Hurtado, M. E., & Alvarado Sarango, D. J. (2017). Analysis of free SSL/TLS Certificates and their implementation as Security Mechanism in Application Servers. Enfoque UTE, 8(1), pp. 273 - 286. https://doi.org/https://doi.org/10.29019/enfoqueute.v8n1.128
Section
General Engineering