Title :
Security analysis of TLS authentication
Author :
Ranjan, Aditya Kaushal ; Kumar, Vipin ; Hussain, Mutawarra
Author_Institution :
Dept. of Comput. Sci. & Eng., Central Univ. of Rajasthan, Kishangarh, India
Abstract :
TLS is the cryptographic protocol used in the internet. It consists of set of protocols which are used for negotiation of cryptographic parameters, encryption-decryption and reporting errors during the process. Security Analysis of any cryptographic protocol is very much needed to discover vulnerability and to evaluate its security properties. First we theoretically analysed the protocol using automated tool scyther and draw important conclusion. After that we have performed one real time experiment to identify the loopholes with TLS authentication. We gathered the data and prepared the record of it then we have analysed the reasons behind it and suggested some generic countermeasures to handle them. In this paper we intend to find out the loopholes of TLS and found that certificate forging could be considered as a loophole of TLS security mechanism and discovered its cause and proposed the countermeasures.
Keywords :
Internet; cryptography; Internet; TLS authentication; automated tool scyther; cryptographic protocol; security analysis; Authentication; Browsers; Protocols; Public key; Servers; ARP poison routing; TLS; authentication; certificate forging; formal analysis; man in the middle attack;
Conference_Titel :
Contemporary Computing and Informatics (IC3I), 2014 International Conference on
Conference_Location :
Mysore
DOI :
10.1109/IC3I.2014.7019737
