University Assignment: SSL PKI Threat Modeling and Ethical Discussion
VerifiedAdded on 2022/08/28
|11
|3232
|51
Report
AI Summary
This report delves into the intricacies of SSL PKI threat modeling, addressing crucial aspects of network security. It begins with an overview of the SSL PKI threat modeling approach, highlighting vulnerabilities and potential attack vectors. The report identifies and ranks major PKI security issues and ...
Running head: SSL PKI Threat Modelling & Ethical Considerations
SSL PKI Threat Modelling & Ethical Considerations
Name of the Student
Name of the University
Author Note
SSL PKI Threat Modelling & Ethical Considerations
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SSL PKI Threat Modelling & Ethical Considerations 1
Table of Contents
SSL PKI Threat modelling approach:........................................................................................2
PKI security issues/attacks:........................................................................................................3
SSL PKI Threats and Mitigation Plan:.......................................................................................5
Critical discussion on ethical and legal issues:..........................................................................7
References:.................................................................................................................................9
Table of Contents
SSL PKI Threat modelling approach:........................................................................................2
PKI security issues/attacks:........................................................................................................3
SSL PKI Threats and Mitigation Plan:.......................................................................................5
Critical discussion on ethical and legal issues:..........................................................................7
References:.................................................................................................................................9
2SSL PKI Threat Modelling & Ethical Considerations
SSL PKI Threat modelling approach:
The computer security has been the victim of the syndrome. Firstly, it was the
intrusion detection systems, then it was the firewalls then the VPNs and currently it is
certification authorities along with the public key infrastructure. An attractive business model
is provided by the attractive business model. The overall cost is almost nothing to think
about. The security is basically a chain this is only such strong as the link that is the weakest.
The security of a system that is CA based is made on the basis of many of the links as well as
the links are not all cryptographic. The SSL is very much easy for using however it is also
easy for using incorrectly. By gaining access to the source code changing the certification
process will be easier and hence wise this will ensure that there might be issues regarding the
certification process. The ecosystem that has been built on the basis of specifications, the
CAs and PKI, the implementations are full of traps. Each of the traps are very much easy for
using incorrectly. This is also easy to view the powerful role of CA that is included in the
PKI model. There are certain aspects that are presents. The attacks are namely Stuxnet, Duqu
and Flame. These are the listed malware that have affected the operational process. It is easy
to view powerful role which CA possess in model of PKI. Hacker who have access on CA
could use it for issuing fraudulent certificates and masquerade as website. Attacks such as
DigiNotar, Comodo, Digicert Malaysia and GlobalSign were direct consequences for the
certificate’s commoditization, where less, smaller competent organizations started in getting
bigger share in market of certificate authority. As for now, CA could issue any application’s
digital certificate, without needing consent from owner of the application. The problem with
certificates of Web application are simply not confined in being stored by application. While
access into traffic by the attackers is prevented by SSL, no built-in mechanisms are there
which allow prohibitive access into it by the third parties. As example, load balancers,
proxies, content delivery networks (CDNs) need accessing private key of the certificate for
SSL PKI Threat modelling approach:
The computer security has been the victim of the syndrome. Firstly, it was the
intrusion detection systems, then it was the firewalls then the VPNs and currently it is
certification authorities along with the public key infrastructure. An attractive business model
is provided by the attractive business model. The overall cost is almost nothing to think
about. The security is basically a chain this is only such strong as the link that is the weakest.
The security of a system that is CA based is made on the basis of many of the links as well as
the links are not all cryptographic. The SSL is very much easy for using however it is also
easy for using incorrectly. By gaining access to the source code changing the certification
process will be easier and hence wise this will ensure that there might be issues regarding the
certification process. The ecosystem that has been built on the basis of specifications, the
CAs and PKI, the implementations are full of traps. Each of the traps are very much easy for
using incorrectly. This is also easy to view the powerful role of CA that is included in the
PKI model. There are certain aspects that are presents. The attacks are namely Stuxnet, Duqu
and Flame. These are the listed malware that have affected the operational process. It is easy
to view powerful role which CA possess in model of PKI. Hacker who have access on CA
could use it for issuing fraudulent certificates and masquerade as website. Attacks such as
DigiNotar, Comodo, Digicert Malaysia and GlobalSign were direct consequences for the
certificate’s commoditization, where less, smaller competent organizations started in getting
bigger share in market of certificate authority. As for now, CA could issue any application’s
digital certificate, without needing consent from owner of the application. The problem with
certificates of Web application are simply not confined in being stored by application. While
access into traffic by the attackers is prevented by SSL, no built-in mechanisms are there
which allow prohibitive access into it by the third parties. As example, load balancers,
proxies, content delivery networks (CDNs) need accessing private key of the certificate for
3SSL PKI Threat Modelling & Ethical Considerations
accessing the data of the application [12]. Also firewall solutions of Web application and
prevention of data loss need same key access. As result, digital certificate is stored in several
locations. Such things open up extra attack points that imply larger success rate of the
attackers.
Online services also create few problems. Also the applications present the certificates
which attest to legitimacy before executing sensitive operations. Hence, certificates of code
signing are too prime target of distributers of malware. For instance, stolen certificate was
used by Stuxnet. Recently, stolen certificate was stolen by malware strain which belonged to
the government of Malaysia. The initial key that is considered in the process is the public key
and the other is the private key. In case the private key of a customer is stolen, the entire data
set that is present in the database of the PKI server could be stolen. This acts as one of the
major threat that might occur in the process. As for encryption component, big computational
burden is there while initiating SSL communication. Hence, resources that are protected by
SSL are the major candidates for the effective attacks of Denial of Service (DoS). Together
with computer resources’ increased consumption per session, multitude of the simple attacks
could be devised quite efficiently. Due to attacks of DoS, there is possibility to strengthen
applications by using protections of anti-DDos and anti-DoS.
PKI security issues/attacks:
There are 4 major threats that might occur in the operational process. The ranking is
provided as per the intensity and frequency of its occurrence.
Rank 1: Attacks against PKI
It have been seen that the entire data that are generated by the PKI are due to the
efforts provided by the CA organizations. The data that are provided by the employees of the
CA firm will be affecting the output of the project. It has been seen in the past that the
accessing the data of the application [12]. Also firewall solutions of Web application and
prevention of data loss need same key access. As result, digital certificate is stored in several
locations. Such things open up extra attack points that imply larger success rate of the
attackers.
Online services also create few problems. Also the applications present the certificates
which attest to legitimacy before executing sensitive operations. Hence, certificates of code
signing are too prime target of distributers of malware. For instance, stolen certificate was
used by Stuxnet. Recently, stolen certificate was stolen by malware strain which belonged to
the government of Malaysia. The initial key that is considered in the process is the public key
and the other is the private key. In case the private key of a customer is stolen, the entire data
set that is present in the database of the PKI server could be stolen. This acts as one of the
major threat that might occur in the process. As for encryption component, big computational
burden is there while initiating SSL communication. Hence, resources that are protected by
SSL are the major candidates for the effective attacks of Denial of Service (DoS). Together
with computer resources’ increased consumption per session, multitude of the simple attacks
could be devised quite efficiently. Due to attacks of DoS, there is possibility to strengthen
applications by using protections of anti-DDos and anti-DoS.
PKI security issues/attacks:
There are 4 major threats that might occur in the operational process. The ranking is
provided as per the intensity and frequency of its occurrence.
Rank 1: Attacks against PKI
It have been seen that the entire data that are generated by the PKI are due to the
efforts provided by the CA organizations. The data that are provided by the employees of the
CA firm will be affecting the output of the project. It has been seen in the past that the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4SSL PKI Threat Modelling & Ethical Considerations
attackers had targeted the data sets that are used by the CA firms to get the desired results and
this have led to legal as well as ethical issues as the certification process have been getting
affected in a negative manner. Validating this attack will be beneficial.
Rank 2: Theft of the issued website certificates
The major issue that is present in the operational process is that the web application
certificates are never confined with the proposing of the application stored certificates. It
have been observed that SSL have been preventing access of attackers to the traffic that is
being transacted. However there is an in built mechanism that will be ensuring that there will
be restrictive admittance of the third parties in the transaction process [10]. This is one major
area that makes the entire process vulnerable. This vulnerability increases the threat of the
entire process. Usage of proxies have been one of the main method that ensures that there are
still presence of entries in the operational process. This attack is needed to be validated.
Rank 3: Theft of the issues code signing certificates
It have been seen that the code services have been one of the main reason that ensures that
there is an entrance of the malware in the system. This entrance of the malware have been
acting as pone of the major issue that is faced in the processing. This is one of the major
aspect that can be considered for performing illegal as well as the unethical issues. By
gaining access to the source code changing the certification process will be easier and hence
wise this will ensure that there might be issues regarding the certification process. In case the
certification that is provided will not be having a reference set of work, it will be providing
illegal certifications. It have been seen that digital certification is stored in several sections.
This stealing of the certification ensures that the certification process management might be
getting affected in a negative manner. This attack will be validated.
Rank 4: Denial of Service Attack
attackers had targeted the data sets that are used by the CA firms to get the desired results and
this have led to legal as well as ethical issues as the certification process have been getting
affected in a negative manner. Validating this attack will be beneficial.
Rank 2: Theft of the issued website certificates
The major issue that is present in the operational process is that the web application
certificates are never confined with the proposing of the application stored certificates. It
have been observed that SSL have been preventing access of attackers to the traffic that is
being transacted. However there is an in built mechanism that will be ensuring that there will
be restrictive admittance of the third parties in the transaction process [10]. This is one major
area that makes the entire process vulnerable. This vulnerability increases the threat of the
entire process. Usage of proxies have been one of the main method that ensures that there are
still presence of entries in the operational process. This attack is needed to be validated.
Rank 3: Theft of the issues code signing certificates
It have been seen that the code services have been one of the main reason that ensures that
there is an entrance of the malware in the system. This entrance of the malware have been
acting as pone of the major issue that is faced in the processing. This is one of the major
aspect that can be considered for performing illegal as well as the unethical issues. By
gaining access to the source code changing the certification process will be easier and hence
wise this will ensure that there might be issues regarding the certification process. In case the
certification that is provided will not be having a reference set of work, it will be providing
illegal certifications. It have been seen that digital certification is stored in several sections.
This stealing of the certification ensures that the certification process management might be
getting affected in a negative manner. This attack will be validated.
Rank 4: Denial of Service Attack
5SSL PKI Threat Modelling & Ethical Considerations
This attack cans be considered as an important threat. The main reason of this threat is that
there is an existence of key pair that controls the entire data assessing process. This analysis
of the data assessing process includes the fact that better proposition of the computational
burden. It have been seen that in case there are more than one or several attacks being
imposed in the system, there is a blockage in the server. This restricts assessing of data even
to the genuine data assessors. This attack is needed to be adapted in a manner so that there is
a better processing of the business management as this attack is majorly due to the security
issue that is present.
SSL PKI Threats and Mitigation Plan:
The main process of eliminating this process is by implementing firewall. In case of
implementing the firewall, the issue assessment can be eliminated. This section ensures that
the entrance of the malware will be blocked [5]. This blocking of malware acts important in
the processing. Hence wise this will be benefitting the entire security system. One of the
common most refrains from the certificate authorities as well as the digital certificate industry
can never let anything to be happen to the private keys. However bad things can be happened
any where at any time. The electronic plans are not able to take places without the capacity of
identifying the machines and people electronically in a reliable way by utilizing the digital
certificates, the public key technology is the one of the secure most form for the identification
of protecting the electronic data. A PKI or public key infrastructure can offer a ranges of the
services which can reduce the risks that are related to security drastically with the help of
business procedure [2]. The secret key is nor used by certificate verification, only are the
public keys used. Hence, no secrets are there to protect. One or more public keys are not used
by it. If attacker could add personal public key in that list, he could then issue certificate of
his own that would be treated same as legitimate certificates. These legitimate certificates
could be matched by tem which they would have an attacker’s public key instead of correct
This attack cans be considered as an important threat. The main reason of this threat is that
there is an existence of key pair that controls the entire data assessing process. This analysis
of the data assessing process includes the fact that better proposition of the computational
burden. It have been seen that in case there are more than one or several attacks being
imposed in the system, there is a blockage in the server. This restricts assessing of data even
to the genuine data assessors. This attack is needed to be adapted in a manner so that there is
a better processing of the business management as this attack is majorly due to the security
issue that is present.
SSL PKI Threats and Mitigation Plan:
The main process of eliminating this process is by implementing firewall. In case of
implementing the firewall, the issue assessment can be eliminated. This section ensures that
the entrance of the malware will be blocked [5]. This blocking of malware acts important in
the processing. Hence wise this will be benefitting the entire security system. One of the
common most refrains from the certificate authorities as well as the digital certificate industry
can never let anything to be happen to the private keys. However bad things can be happened
any where at any time. The electronic plans are not able to take places without the capacity of
identifying the machines and people electronically in a reliable way by utilizing the digital
certificates, the public key technology is the one of the secure most form for the identification
of protecting the electronic data. A PKI or public key infrastructure can offer a ranges of the
services which can reduce the risks that are related to security drastically with the help of
business procedure [2]. The secret key is nor used by certificate verification, only are the
public keys used. Hence, no secrets are there to protect. One or more public keys are not used
by it. If attacker could add personal public key in that list, he could then issue certificate of
his own that would be treated same as legitimate certificates. These legitimate certificates
could be matched by tem which they would have an attacker’s public key instead of correct
6SSL PKI Threat Modelling & Ethical Considerations
one. It does not help in holding such root keys into root certificates. This certificate offers
same security and is self-signed.
Many of similar security considerations of validity of certificate exist for the
key compromise. If the attackers could steal private key, then they could impersonate device,
decrypt data and then read it and authenticate with a network. For providing meaningful
encryption and authentication, the keys should be protected in being compromised along with
revoking and also replacing them, which means storing keys within the devices in normal text
should be avoided [11]. These texts could be extracted easily. Instead, software solution
could be considered like hardware protection or encrypted key store in form of secure chip
that gives effective protection from the attackers. The main mitigation plan that can be
considered for this case is implementation of private and public key. In this section the entire
process is affected in a manner that robustness of the entire process increases. This increase
in the robustness helps in better assessment of the entrants. This entrants are considered to be
one of the major aspect that is to be considered. In case the decryption process is performed
in a proper manner the entire data security process can be performed in a better manner.
In the recent years, there have been several attacks taking place on the SSL and PKI
servers. There have been many issues that have been taking place. As for encryption
component, big computational burden is there while initiating SSL communication [6].
Hence, resources that are protected by SSL are the major candidates for the effective attacks
of Denial of Service (DoS). There are a few risks that have been present in the recent years.
However, there are mitigation plans as well. Henceforth are the several risks and mitigation
plans present. The major attack that is present in the operational process is namely Public
Key enabled malware. There are certain attacks that have been occurring, one of the major
issue that is present is Public Key Enabled Malware. There are certain aspects that are
presents [1]. The attacks are namely Stuxnet, Duqu and Flame. These are the listed malware
one. It does not help in holding such root keys into root certificates. This certificate offers
same security and is self-signed.
Many of similar security considerations of validity of certificate exist for the
key compromise. If the attackers could steal private key, then they could impersonate device,
decrypt data and then read it and authenticate with a network. For providing meaningful
encryption and authentication, the keys should be protected in being compromised along with
revoking and also replacing them, which means storing keys within the devices in normal text
should be avoided [11]. These texts could be extracted easily. Instead, software solution
could be considered like hardware protection or encrypted key store in form of secure chip
that gives effective protection from the attackers. The main mitigation plan that can be
considered for this case is implementation of private and public key. In this section the entire
process is affected in a manner that robustness of the entire process increases. This increase
in the robustness helps in better assessment of the entrants. This entrants are considered to be
one of the major aspect that is to be considered. In case the decryption process is performed
in a proper manner the entire data security process can be performed in a better manner.
In the recent years, there have been several attacks taking place on the SSL and PKI
servers. There have been many issues that have been taking place. As for encryption
component, big computational burden is there while initiating SSL communication [6].
Hence, resources that are protected by SSL are the major candidates for the effective attacks
of Denial of Service (DoS). There are a few risks that have been present in the recent years.
However, there are mitigation plans as well. Henceforth are the several risks and mitigation
plans present. The major attack that is present in the operational process is namely Public
Key enabled malware. There are certain attacks that have been occurring, one of the major
issue that is present is Public Key Enabled Malware. There are certain aspects that are
presents [1]. The attacks are namely Stuxnet, Duqu and Flame. These are the listed malware
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7SSL PKI Threat Modelling & Ethical Considerations
that have affected the operational process. These malware attacks have been one of the major
aspect that is to be considered. However, the attacks that have been made have been affecting
the security of the entire process. Attacks against algorithm have been one of the major attack
after the malware attack. In this case entire processing of the data management section is
affected in a negative manner. The attacks that affect the entire processing is namely Timing
attacks, short key lengths and Hash collections [8]. This is one of the major aspect that is to
be considered. In this process the entire terminology is based on altering the source code.
This source code is one of the major aspect that affects the data management process. In case
the source code is changed, the entire processing will be getting affected in a negative
manner.
Critical discussion on ethical and legal issues:
One of the major risks of PKI is facing in terms of security is the excess complexity
that the architecture possess. It can be considered that the number of moving parts present, it
seems easier for the attackers to find weaknesses. It can be stated that with each moving part
there is a requirement of exclusive security system. The components related to the public key
infrastructure is having responsibilities for the publication of the certificates as well as for the
revocation lists that are generated by CA. The users are able to obtain a revocation and digital
certificate list in force by checking the directories where other types of data are stored such as
name, email address, mobile number of the user [4]. Else the parts that are not having any
kind of security measures will be vulnerable to attacks. This might lead to the fact that the
data that are transacted via the PKI server getting accessed in an unauthorized manner. Here
lies the ethical issue that might affect the operational process the organizations that uses PKI
server [3]. This might also affect the authorization process. Invalid authorization might also
be performed in a manner that insists improper segmentation of digital certificates. This will
also be affecting the processing of the internet transaction. This is considered as one of the
that have affected the operational process. These malware attacks have been one of the major
aspect that is to be considered. However, the attacks that have been made have been affecting
the security of the entire process. Attacks against algorithm have been one of the major attack
after the malware attack. In this case entire processing of the data management section is
affected in a negative manner. The attacks that affect the entire processing is namely Timing
attacks, short key lengths and Hash collections [8]. This is one of the major aspect that is to
be considered. In this process the entire terminology is based on altering the source code.
This source code is one of the major aspect that affects the data management process. In case
the source code is changed, the entire processing will be getting affected in a negative
manner.
Critical discussion on ethical and legal issues:
One of the major risks of PKI is facing in terms of security is the excess complexity
that the architecture possess. It can be considered that the number of moving parts present, it
seems easier for the attackers to find weaknesses. It can be stated that with each moving part
there is a requirement of exclusive security system. The components related to the public key
infrastructure is having responsibilities for the publication of the certificates as well as for the
revocation lists that are generated by CA. The users are able to obtain a revocation and digital
certificate list in force by checking the directories where other types of data are stored such as
name, email address, mobile number of the user [4]. Else the parts that are not having any
kind of security measures will be vulnerable to attacks. This might lead to the fact that the
data that are transacted via the PKI server getting accessed in an unauthorized manner. Here
lies the ethical issue that might affect the operational process the organizations that uses PKI
server [3]. This might also affect the authorization process. Invalid authorization might also
be performed in a manner that insists improper segmentation of digital certificates. This will
also be affecting the processing of the internet transaction. This is considered as one of the
8SSL PKI Threat Modelling & Ethical Considerations
ethical aspect that can be considered. In case improper validation of the certificates are made
then the authentication process will be performed in a wrong manner. This is considered as
one of the major issue as this will be proposing a conflictive certification process [7]. In case
of breaching, another aspect that can be considered is that original data can be distorted and
this might be affecting the certification process. Certification process is also cross checked
and in case the certification process is not legalized due to improper transaction or distortion
in the transaction, legal issues might arise. Industry 4.0 is completely dependent on the digital
transaction and in case there is an issue in the certification process the entire process of data
management and operational segmentation, will be getting affected in a negative manner.
Private Key protection is another risk that is present in the operational process of the
PKI system. This is one of the major aspect that is to be considered. There are 2 major keys
that are to be considered for performing the entire transaction process. The initial key that is
considered in the process is the public key and the other is the private key. In case the private
key of a customer is stolen, the entire data set that is present in the database of the PKI server
could be stolen. This acts as one of the major threat that might occur in the process. After
stealing of the private key, it can be used for generating the fraud certificates that will be
affecting the operational process [9]. This acts as another ethical issue that might be affecting
the entire operational process. Illegal certifications will be provided as well. This acts as one
of the major issue. Another legal issue that might be faced in the process is that issuing of
certificates to unwitting customers also act as one of the major issue in the process. This issue
might land the entire situation in an illegal situation and hence wise the organization using
the PKI might be legally penalized for the instance.
ethical aspect that can be considered. In case improper validation of the certificates are made
then the authentication process will be performed in a wrong manner. This is considered as
one of the major issue as this will be proposing a conflictive certification process [7]. In case
of breaching, another aspect that can be considered is that original data can be distorted and
this might be affecting the certification process. Certification process is also cross checked
and in case the certification process is not legalized due to improper transaction or distortion
in the transaction, legal issues might arise. Industry 4.0 is completely dependent on the digital
transaction and in case there is an issue in the certification process the entire process of data
management and operational segmentation, will be getting affected in a negative manner.
Private Key protection is another risk that is present in the operational process of the
PKI system. This is one of the major aspect that is to be considered. There are 2 major keys
that are to be considered for performing the entire transaction process. The initial key that is
considered in the process is the public key and the other is the private key. In case the private
key of a customer is stolen, the entire data set that is present in the database of the PKI server
could be stolen. This acts as one of the major threat that might occur in the process. After
stealing of the private key, it can be used for generating the fraud certificates that will be
affecting the operational process [9]. This acts as another ethical issue that might be affecting
the entire operational process. Illegal certifications will be provided as well. This acts as one
of the major issue. Another legal issue that might be faced in the process is that issuing of
certificates to unwitting customers also act as one of the major issue in the process. This issue
might land the entire situation in an illegal situation and hence wise the organization using
the PKI might be legally penalized for the instance.
9SSL PKI Threat Modelling & Ethical Considerations
References:
[1] V. Welch, R. Heiland, W.C.Garrison III and A.J. Lee. PKI-ASAF Design Documents,
2016.
[2] L. Zhang, D. Choffnes, T. Dumitraş, D. Levin, A. Mislove, A. Schulman and C. Wilson.
Analysis of SSL certificate reissues and revocations in the wake of
heartbleed. Communications of the ACM, 61(3), pp.109-116, 2018.
[3] H. Tewari, A. Hughes, S. Weber and T. Barry. X509Cloud—Framework for a ubiquitous
PKI. In MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM) (pp.
225-230). IEEE, 2017.
[4] D. Kawula, C. Kawula, A. Rafuse, E. Cabot and C. Sun. Deploying Configuration
Manager Current Branch with PKI, 2018.
[5] T. Chung, Y. Liu, D. Choffnes, D. Levin, B.M. Maggs, A. Mislove and C. Wilson.
Measuring and applying invalid SSL certificates: The silent majority. In Proceedings of the
2016 Internet Measurement Conference (pp. 527-541). ACM, 2016.
[6] E. Yüce and A.A. Selçuk. Server notaries: a complementary approach to the web PKI
trust model. IET Information Security, 12(5), pp.455-461, 2018.
[7] M. Arshad and M.A. Hussain. Secure Framework to Mitigate Man-in-the-Middle Attack
over SSL Protocol. Indian Journal of Science and Technology, 9, p.47, 2016.
[8] J. Stapleton and W.C. Epstein. Security Without Obscurity: A Guide to PKI Operations.
Auerbach Publications, 2016.
[9] R. Oppliger. SSL and TLS: Theory and Practice. Artech House, 2016.
References:
[1] V. Welch, R. Heiland, W.C.Garrison III and A.J. Lee. PKI-ASAF Design Documents,
2016.
[2] L. Zhang, D. Choffnes, T. Dumitraş, D. Levin, A. Mislove, A. Schulman and C. Wilson.
Analysis of SSL certificate reissues and revocations in the wake of
heartbleed. Communications of the ACM, 61(3), pp.109-116, 2018.
[3] H. Tewari, A. Hughes, S. Weber and T. Barry. X509Cloud—Framework for a ubiquitous
PKI. In MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM) (pp.
225-230). IEEE, 2017.
[4] D. Kawula, C. Kawula, A. Rafuse, E. Cabot and C. Sun. Deploying Configuration
Manager Current Branch with PKI, 2018.
[5] T. Chung, Y. Liu, D. Choffnes, D. Levin, B.M. Maggs, A. Mislove and C. Wilson.
Measuring and applying invalid SSL certificates: The silent majority. In Proceedings of the
2016 Internet Measurement Conference (pp. 527-541). ACM, 2016.
[6] E. Yüce and A.A. Selçuk. Server notaries: a complementary approach to the web PKI
trust model. IET Information Security, 12(5), pp.455-461, 2018.
[7] M. Arshad and M.A. Hussain. Secure Framework to Mitigate Man-in-the-Middle Attack
over SSL Protocol. Indian Journal of Science and Technology, 9, p.47, 2016.
[8] J. Stapleton and W.C. Epstein. Security Without Obscurity: A Guide to PKI Operations.
Auerbach Publications, 2016.
[9] R. Oppliger. SSL and TLS: Theory and Practice. Artech House, 2016.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10SSL PKI Threat Modelling & Ethical Considerations
[10] Vargas, J., Mayorga, F., Guevara, D. and Martinez, H.D., 2018, August. Management of
SSL Certificates: Through Dynamic Link Libraries. In International Conference on
Technology Trends (pp. 29-40). Springer, Cham.
[11] J. Chen, K. He, Q. Yuan, M. Chen, R. Du and Y. Xiang “Blind filtering at third parties:
An efficient privacy-preserving framework for location-based services”, IEEE Transactions
on Mobile Computing, 17(11), pp.2524-2535, 2018
[12] T.R. Peltier and J. Peltier, “Complete guide to CISM certification”, Auerbach
Publications, 2016
[10] Vargas, J., Mayorga, F., Guevara, D. and Martinez, H.D., 2018, August. Management of
SSL Certificates: Through Dynamic Link Libraries. In International Conference on
Technology Trends (pp. 29-40). Springer, Cham.
[11] J. Chen, K. He, Q. Yuan, M. Chen, R. Du and Y. Xiang “Blind filtering at third parties:
An efficient privacy-preserving framework for location-based services”, IEEE Transactions
on Mobile Computing, 17(11), pp.2524-2535, 2018
[12] T.R. Peltier and J. Peltier, “Complete guide to CISM certification”, Auerbach
Publications, 2016
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.