Iotverif: Automatic Verification of SSL/TLS Certificate for IoT Applications
نویسندگان
چکیده
Although extensive research has been conducted on securing the Internet of Things (IoT) communication protocols, various vulnerabilities and exploits are continuously discovered reported. Since introduced from either insecure protocols or defectiveness applications, it is difficult to identify them during software development testing phase. In this paper, we present IoTVerif, a system that automatically verifies Secure Socket Layer/Transport Layer Security (SSL/TLS) certificate for IoT applications utilize broker-based messaging protocols. IoTVerif constructs specification an protocol its security properties, without relying prior knowledge about Once constructed, general-purpose model checker those as well generates counter-examples if any property does not hold. We analyze effectiveness with real-world IoT-related applications. Our evaluation results show can successfully which exploitable by man-in-the-middle (MITM) TLS renegotiation attacks. holds great promise reverse-engineering emerging identifies
منابع مشابه
automatic verification of authentication protocols using genetic programming
implicit and unobserved errors and vulnerabilities issues usually arise in cryptographic protocols and especially in authentication protocols. this may enable an attacker to make serious damages to the desired system, such as having the access to or changing secret documents, interfering in bank transactions, having access to users’ accounts, or may be having the control all over the syste...
15 صفحه اولApplying speaker verification to certificate revocation
The increasing popularity and importance of electronic commerce is evident today. However, global electronic commerce will not fully develop its immense potential unless trust is fully established. Digital certificates and electronic signature contribute to increase confidence and security by providing authenticity. However, authenticity on its own is not enough to provide trust. A credible ser...
متن کاملA Multiple Signature Based Certificate Verification Scheme
In this paper, we proposed a formal representation of certificate validation in Pretty Good Privacy (PGP) and X.509 systems. This representation uses new logical assertions to support public-key based certification systems and different trust levels. Although the meanings of some of those assertions are different in PGP and X.509 cases, the certificate validation can be expressed using the same...
متن کاملA Multiple Signature Based Certificate Verification Scheme
In this paper, we proposed a formal representation of certificate validation in Pretty Good Privacy (PGP) and X.509 systems. This representation uses new logical assertions to support public-key based certification systems and different trust levels. Although the meanings of some of those assertions are different in PGP and X.509 cases, the certificate validation can be expressed using the same...
متن کاملVeriKey: A Dynamic Certificate Verification System for Public Key Exchanges
This paper presents a novel framework to substantiate selfsigned certificates in the absence of a trusted certificate authority. In particular, we aim to address the problem of web-based SSL man-in-themiddle attacks. This problem originates from the fact that public keys are distributed through insecure channels prior to encryption. Therefore, a man-in-the-middle attacker may substitute an arbi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Access
سال: 2021
ISSN: ['2169-3536']
DOI: https://doi.org/10.1109/access.2019.2961918