Analysis of free SSL/TLS Certificates and their implementation as Security Mechanism in Application Servers.

Authors

  • Mario E. Cueva Hurtado Universidad Nacional de Loja
  • Diego Javier Alvarado Sarango Universidad Nacional de Loja

DOI:

https://doi.org/10.29019/enfoqueute.v8n1.128

Keywords:

Security, Certificates SSL/TLS, Certifying Authority, Vulnerabilities, X.509, Kali Linux.

Abstract

Security in the application layer (SSL), provides the confidentiality, integrity, and authenticity of the data, between two applications that communicate with each other. This article is the result of having implemented Free SSL / TLS Certificates in application servers, determining the relevant characteristics that must have a SSL/TLS certificate, the Certifying Authority generate it. A vulnerability analysis is developed in application servers and encrypted communications channel is established to protect against attacks such as man in the middle, phishing and maintaining the integrity of information that is transmitted between the client and server.

Downloads

Download data is not yet available.

References

Clark, J., & Van Oorschot, P. C. (2013). SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. Proceedings - IEEE Symposium on Security and Privacy, 511–525. http://doi.org/10.1109/SP.2013.41
Durumeric, Z., & Kasten, J. (2013). Analysis of the HTTPS certificate ecosystem. Proceedings of the 2013 …, 291–304. http://doi.org/10.1145/2504730.2504755
Enrique, M., Hurtado, C., Javier, D., Sarango, A., Gustavo, R., Díaz, F., & Torres, H. (n.d.). Revisión Sistemática de Certificados SSL / TLS como Mecanismo de Seguridad en Servidores de Aplicación. http://doi.org/978-9978-389-32-4
Kitchenham, B. (2004). Procedures for performing systematic reviews. Keele, UK, Keele University, 33(TR/SE-0401), 28. http://doi.org/10.1.1.122.3308
Markovi, M. (2007). Data protection techniques, cryptographic protocols and PKI systems in modern computer networks. 2007 IWSSIP and EC-SIPMCS - Proc. 2007 14th Int. Workshop on Systems, Signals and Image Processing, and 6th EURASIP Conf. Focused on Speech and Image Processing, Multimedia Communications and Services, 13–24. http://doi.org/10.1109/IWSSIP.2007.4381086
Mu, F., Zhang, J., Du, J., & Lin, J. (2011). Application of the Secure Transport SSL Protocol in Network Communication. http://doi.org/10.1109/ISCID.2011.25
Ordean, M., & Giurgiu, M. (2010). Implementation of a security layer for the SSL/TLS protocol. 2010 9th International Symposium on Electronics and Telecommunications, ISETC’10 - Conference Proceedings, 209–212. http://doi.org/10.1109/ISETC.2010.5679350
Riffo, M. A. (2008). Vulnerabilidades de las Redes TCP/IP y Principales Mecanismos de Seguridad. In Vitro, 3(2), 1–23. Retrieved from http://www.ncbi.nlm.nih.gov.myaccess.library.utoronto.ca/pubmed/11720961
Subías, M. P. (n.d.). Desfalcos por “Phishing,” 25–26. Retrieved from http://www.notariado.org/liferay/c/document_library/get_file?folderId=12092&name=DLFE-10678.pdf
Wagner, D., & Schneier, B. (1996). Analysis of the SSL 3.0 protocol. Proceedings of the 2nd Conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2, 4. http://doi.org/10.1.1.29.9990

Downloads

Published

2017-02-24

How to Cite

Cueva Hurtado, M. E., & Alvarado Sarango, D. J. (2017). Analysis of free SSL/TLS Certificates and their implementation as Security Mechanism in Application Servers. Enfoque UTE, 8(1), pp. 273 – 286. https://doi.org/10.29019/enfoqueute.v8n1.128

Issue

Vol. 8 No. 1 (2017): INCISCOS 2016, Special Edition

Section

Miscellaneous

License

The articles and research published by the UTE University are carried out under the Open Access regime in electronic format.  This means that all content is freely available without charge to the user or his/her institution. Users are allowed to read, download, copy, distribute, print, search, or link to the full texts of the articles, or use them for any other lawful purpose, without asking prior permission from the publisher or the author. This is in accordance with the BOAI definition of open access. By submitting an article to any of the scientific journals of the UTE University, the author or authors accept these conditions.

The UTE applies the Creative Commons Attribution (CC-BY) license to articles in its scientific journals. Under this open access license, as an author you agree that anyone may reuse your article in whole or in part for any purpose, free of charge, including commercial purposes. Anyone can copy, distribute or reuse the content as long as the author and original source are correctly cited. This facilitates freedom of reuse and also ensures that content can be extracted without barriers for research needs.

 

This work is licensed under a Creative Commons Attribution 3.0 International (CC BY 3.0).

 

The Enfoque UTE journal guarantees and declares that authors always retain all copyrights and full publishing rights without restrictions [© The Author(s)]. Acknowledgment (BY): Any exploitation of the work is allowed, including a commercial purpose, as well as the creation of derivative works, the distribution of which is also allowed without any restriction.