Analysis of free SSL/TLS Certificates and their implementation as Security Mechanism in Application Servers.
DOI:
https://doi.org/10.29019/enfoqueute.v8n1.128Keywords:
Security, Certificates SSL/TLS, Certifying Authority, Vulnerabilities, X.509, Kali Linux.Abstract
Security in the application layer (SSL), provides the confidentiality, integrity, and authenticity of the data, between two applications that communicate with each other. This article is the result of having implemented Free SSL / TLS Certificates in application servers, determining the relevant characteristics that must have a SSL/TLS certificate, the Certifying Authority generate it. A vulnerability analysis is developed in application servers and encrypted communications channel is established to protect against attacks such as man in the middle, phishing and maintaining the integrity of information that is transmitted between the client and server.
Downloads
Download data is not yet available.
References
Clark, J., & Van Oorschot, P. C. (2013). SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. Proceedings - IEEE Symposium on Security and Privacy, 511–525. http://doi.org/10.1109/SP.2013.41
Durumeric, Z., & Kasten, J. (2013). Analysis of the HTTPS certificate ecosystem. Proceedings of the 2013 …, 291–304. http://doi.org/10.1145/2504730.2504755
Enrique, M., Hurtado, C., Javier, D., Sarango, A., Gustavo, R., Díaz, F., & Torres, H. (n.d.). Revisión Sistemática de Certificados SSL / TLS como Mecanismo de Seguridad en Servidores de Aplicación. http://doi.org/978-9978-389-32-4
Kitchenham, B. (2004). Procedures for performing systematic reviews. Keele, UK, Keele University, 33(TR/SE-0401), 28. http://doi.org/10.1.1.122.3308
Markovi, M. (2007). Data protection techniques, cryptographic protocols and PKI systems in modern computer networks. 2007 IWSSIP and EC-SIPMCS - Proc. 2007 14th Int. Workshop on Systems, Signals and Image Processing, and 6th EURASIP Conf. Focused on Speech and Image Processing, Multimedia Communications and Services, 13–24. http://doi.org/10.1109/IWSSIP.2007.4381086
Mu, F., Zhang, J., Du, J., & Lin, J. (2011). Application of the Secure Transport SSL Protocol in Network Communication. http://doi.org/10.1109/ISCID.2011.25
Ordean, M., & Giurgiu, M. (2010). Implementation of a security layer for the SSL/TLS protocol. 2010 9th International Symposium on Electronics and Telecommunications, ISETC’10 - Conference Proceedings, 209–212. http://doi.org/10.1109/ISETC.2010.5679350
Riffo, M. A. (2008). Vulnerabilidades de las Redes TCP/IP y Principales Mecanismos de Seguridad. In Vitro, 3(2), 1–23. Retrieved from http://www.ncbi.nlm.nih.gov.myaccess.library.utoronto.ca/pubmed/11720961
Subías, M. P. (n.d.). Desfalcos por “Phishing,” 25–26. Retrieved from http://www.notariado.org/liferay/c/document_library/get_file?folderId=12092&name=DLFE-10678.pdf
Wagner, D., & Schneier, B. (1996). Analysis of the SSL 3.0 protocol. Proceedings of the 2nd Conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2, 4. http://doi.org/10.1.1.29.9990
Durumeric, Z., & Kasten, J. (2013). Analysis of the HTTPS certificate ecosystem. Proceedings of the 2013 …, 291–304. http://doi.org/10.1145/2504730.2504755
Enrique, M., Hurtado, C., Javier, D., Sarango, A., Gustavo, R., Díaz, F., & Torres, H. (n.d.). Revisión Sistemática de Certificados SSL / TLS como Mecanismo de Seguridad en Servidores de Aplicación. http://doi.org/978-9978-389-32-4
Kitchenham, B. (2004). Procedures for performing systematic reviews. Keele, UK, Keele University, 33(TR/SE-0401), 28. http://doi.org/10.1.1.122.3308
Markovi, M. (2007). Data protection techniques, cryptographic protocols and PKI systems in modern computer networks. 2007 IWSSIP and EC-SIPMCS - Proc. 2007 14th Int. Workshop on Systems, Signals and Image Processing, and 6th EURASIP Conf. Focused on Speech and Image Processing, Multimedia Communications and Services, 13–24. http://doi.org/10.1109/IWSSIP.2007.4381086
Mu, F., Zhang, J., Du, J., & Lin, J. (2011). Application of the Secure Transport SSL Protocol in Network Communication. http://doi.org/10.1109/ISCID.2011.25
Ordean, M., & Giurgiu, M. (2010). Implementation of a security layer for the SSL/TLS protocol. 2010 9th International Symposium on Electronics and Telecommunications, ISETC’10 - Conference Proceedings, 209–212. http://doi.org/10.1109/ISETC.2010.5679350
Riffo, M. A. (2008). Vulnerabilidades de las Redes TCP/IP y Principales Mecanismos de Seguridad. In Vitro, 3(2), 1–23. Retrieved from http://www.ncbi.nlm.nih.gov.myaccess.library.utoronto.ca/pubmed/11720961
Subías, M. P. (n.d.). Desfalcos por “Phishing,” 25–26. Retrieved from http://www.notariado.org/liferay/c/document_library/get_file?folderId=12092&name=DLFE-10678.pdf
Wagner, D., & Schneier, B. (1996). Analysis of the SSL 3.0 protocol. Proceedings of the 2nd Conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2, 4. http://doi.org/10.1.1.29.9990
Downloads
Published
2017-02-24
Issue
Section
Miscellaneous
License
The authors retain all copyrights ©.
- The authors retain their trademark and patent rights, as well as rights to any process or procedure described in the article.
- The authors retain the right to share, copy, distribute, perform, and publicly communicate the article published in Enfoque UTE (for example, post it in an institutional repository or publish it in a book), provided that acknowledgment of its initial publication in Enfoque UTE is given.
- The authors retain the right to publish their work at a later date, to use the article or any part of it (for example, a compilation of their work, lecture notes, a thesis, or for a book), provided that they indicate the source of publication (authors of the work, journal, volume, issue, and date).
How to Cite
Analysis of free SSL/TLS Certificates and their implementation as Security Mechanism in Application Servers. (2017). Enfoque UTE, 8(1), pp. 273 - 286. https://doi.org/10.29019/enfoqueute.v8n1.128
