Design of an enhancement for SSL-TLS protocols

《Design of an enhancement for SSL-TLS protocols》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、computers&security25(2006)297–306availableatwww.sciencedirect.comjournalhomepage:www.elsevier.com/locate/coseDesignofanenhancementforSSL/TLSprotocolsaab,AshrafElgohary,TarekS.Sobh,M.Zaki*aInformationSystemDepartment,EgyptianArmedForces,Cairo,EgyptbComputerandSystemEngineeringDepartment,FacultyofEn

2、gineering,Al-AzharUniversity,NasrCity,Cairo,EgyptarticleinfoabstractArticlehistory:WhenstudyingtheTransportLayerSecurity(TLS)Protocol,itisnoticedthatthemosttime-Received26September2004consumingphaseisthehandshakingprocessbetweentheclientandtheserver,sinceRevised28December2005manymessagesshouldbese

3、ntuntilsuccessfulnegotiationisdoneandasecuresessionAccepted15February2006iscreated.Thegoalofthisworkistodesignasecuritymanagementsystem(SMS)toimprovethehandshakingprocessbymakinguseofTLSclient-sidesessioncaching,andKeywords:allowingtrusteduserstosharesessionswithothers,aswellasgivingtheclientanopt

4、ionSecurityprotocolstocreatehisownprivatesessionwiththeserverevenwhenthereisnotrusteddigitalcer-SSL/TLStificatefromacertificateauthority(CA)tolinkthem.Accordingtoourexperimentalsetup,Sessionmanagementtheuseoftheproposeddesignhasimprovedtheperformanceby3.5timesrelativetotheSessionsharinghandshakingof

5、traditionalTLS.Client-sidecachingª2006ElsevierLtd.Allrightsreserved.1.Introductionauthenticityshouldberealizedtoprotectinformationtransferacrossnetworklinks.SecurityofdataintransitovertheInternethasbecomeincreas-Thereareanumberofsecurityprotocolsavailableforse-inglyimportantbecauseofthesteadilygro

6、wingdatavolume.curingcommunicationsontheInternetandthemostrelevantNowadays,everyuserofapublicnetworksendsvarioustypessecurityprotocolstothisworkare:ofdatathatrangefrome-mailtocreditcarddetailsdailyandhewouldlikesuchdatatobeprotectedwhenbeingintransitIPSec(IPSecurityProtocol)canauthenticatehostson

7、eitheroverapublicnetwork.Tothisend,apracticalSSLprotocolhassideofthecommunication.IPSecensuresthatthelow-levelbeenadoptedfortheprotectionofdataintransitthatencom-IPpacketsthatarecontinuouslytransferredbetweencom-