TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication
نویسندگان
چکیده
We describe TrustBase, an architecture that provides certificate-based authentication as an operating system service. TrustBase enforces best practices for certificate validation for all applications and transparently enables existing applications to be strengthened against failures of the CA system. The TrustBase system allows simple deployment of authentication systems that harden the CA system. This enables system administrators, for example, to require certificate revocation checks on all TLS connections, or require STARTTLS for email servers that support it. TrustBase is the first system that is able to secure all TLS traffic, using an approach compatible with all operating systems. We design and evaluate a prototype implementation of TrustBase on Linux, evaluate its security, and demonstrate that it has negligible overhead and universal compatibility with applications. To demonstrate the utility of TrustBase, we have developed six authentication services that strengthen certificate validation for all applications.
منابع مشابه
Securing Wireless Local Area Networks Based on Ieee 802.1x and X.509 Certificates
Deploying a secure WLAN is an especial challenge, because there are a number of extremely risks. These risks will have to be thwarted by the use of stronger security mechanisms while keeping an adequate level of network performance. The 802.1X authentication standard provides a method to protect the network behind the access point based on Extensible Authentication Protocol (EAP). Moreover, in ...
متن کاملAccess control in a distributed object environment using XML and roles
We discuss the design of an integrated security architecture for authorization and authentication in a distributed object environment. Our architecture will have four main components: an authentication engine, an interface, a session manager and an authorization engine. The core component of our model is the session manager, which issues XML-based session certificates to authenticated users. A ...
متن کاملCertificate-based Single Sign-On Mechanism for Multi-Platform Distributed Systems
We propose a certificate-based single sign-on mechanism in distributed systems. The proposed security protocols and authentication mechanisms are integrated in a middleware. The novelty of our middleware lies on the use of XPCOM components, this way we provide a different services that can be used on every platform where Mozilla is available. The component based architecture of the implemented ...
متن کاملA hybrid approach to secure hierarchical mobile IPv6 networks
Establishing secure access and communications in a hierarchical mobile IPv6 (HMIPv6) network, when a mobile node is roaming into a foreign network, is a challenging task and has so far received little attention. Existing solutions are mainly based on public key infrastructure (PKI) or identity-based cryptography (IBC). However, these solutions suffer from either efficiency or scalability proble...
متن کاملAn Evaluation of Zendeveri (Lifelikeness) in the Architecture of Imam Jome’eh House in Isfahan
The present study intends to shed light on 25 lifelikeness layers in Imam Jome’eh House (Khaneh Emam Jome’eh) in Isfahan as one of the prominent historical monuments dating back to Qajar dynasty. The present study intends to shed light on 25 lifelikeness layers in Imam Jome’eh House (Khaneh Emam Jome’eh) in Isfahan as one of the prominent historical monuments dating back to Qajar dynasty. The l...
متن کامل