UPM Institutional Repository

Improved TLS protocol for platform integrity assurance using mutual attestation


Citation

Abd Aziz, Norazah (2014) Improved TLS protocol for platform integrity assurance using mutual attestation. Masters thesis, Universiti Putra Malaysia.

Abstract

Normally, secure communication between client-server applications is established using secure channel technologies such as Transport Layer Security (TLS). TLS is a cryptographic protocol which ensures secure transmission of data and authenticity of communication at each endpoint platform. However, the protocol does not provide any trustworthiness assurance of the involved endpoint. So, they are not able to handle the security risks due to potential malicious software or any third parties who may penetrate the platform. Furthermore, there is no mechanism for a computing platform to address the trustworthiness of platform integrity such as free from any malware or spyware. Remote attestation is an authentication technique proposed by the Trusted Computing Group (TCG) which enables the verification of the trusted environment of platforms and assuring the information is accurate. To incorporate this method in web services framework in order to guarantee the trustworthiness and security of web-based applications, a new framework called TrustWeb is proposed. The Trust-Web framework integrates the remote attestation into TLS protocol to provide integrity information of the involved endpoint platforms. The framework improves TLS protocol with mutual attestation (MA) mechanism, named TLS+MA which can help to address the weaknesses of transferring sensitive computations, and a practical way to solve the remote trust issue at the client-server environment. In this thesis, we study the foundations of the credibility of the TLS+MA protocol and TrustWeb approach before we describe the work of designing and building a framework prototype in which attestation mechanism is integrated into the Mozilla Firefox browser and Apache web server. We analyse the security of our protocol using Automated Validation of Internet Security Protocols and Applications (AVISPA)to show that it meets the security goals. Analysis on TLS+MA protocol shows that it is resistant against replay and collusion attacks. For performance analysis, we also compared the TLS+MA with previous protocol. The results show that our protocol only incurs 11.2% of performance overhead in secure connection, which lower than the previous protocol. Despite that, our protocol is 50% more efficient.


Download File

[img]
Preview
 PDF
FSKTM 2014 4RR.pdf
Download (895kB) | Preview

Additional Metadata

Item Type: Thesis (Masters)
Subject: Computer network protocols
Subject: Anomaly detection (Computer security)
Call Number: FSKTM 2014 4
Chairman Supervisor: Associate Professor Nur Izura Udzir, PhD
Divisions: Faculty of Computer Science and Information Technology
Depositing User: Haridan Mohd Jais
Date Deposited: 03 Mar 2017 04:36
Last Modified: 03 Mar 2017 04:36
URI: http://psasir.upm.edu.my/id/eprint/50054
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item