.

Wednesday, June 10, 2020

Security Protocols SSL, Convergence And Dane - 1100 Words

Security Protocols: SSL, Convergence And Dane (Essay Sample) Content: SECURITY PROTOCOLSOver the years, many of our internet users have been working under a threat, in that their communication information is always prone to people with malicious intentions over the computer network. Therefore a need to create not just a system but a protocol that will prevent such cases. In addition to that, it will provide a free and secure platform for everyone who needs to communicate through the internet. This is what gave birth to all these protocols that we know of and of which the commonly used one is the Secure Sockets Layer (SSL).In our modern world, almost everything relies on SSL, from the Internet commerce to the real world commerce.A trusted environment is one of the most important components when one considers starting and online business since the people you will be working with need to be confident when purchasing your goods. This security is ensured by the SSL where one is granted a certificate that has two keys, a private and a public key by which these two keys work hand in hand to ensure an encrypted connection. In order to get this certificate, one has to create a certificate signing request an then send it to the Certificate Authority (CA) together with the public key. The CA then generates the private key and sends it to the individual of which even the CA cannot see this key. Then once you have received your certificate, you install it on your server together with an immediate certificate that ensures the credibility of your SSL certificate through bonding it with your CA root certificate. SSL is a security protocol and as we all know, protocols define how algorithms should or should not be used. It secures millions of data on the internet for people such as login passwords, credit card numbers and social security numbers.( Tuengerthal, 2013)After the development of the SSL protocol, a man by the name Moxie Marlinspike on the August of 2011, proposed the Convergence strategy which would be used to replace t he SSL certificate authorities. This type of protocol was aimed to reduce all the current problems with the CA system to a single missing property which would be known as trust agility. In convergence, man-in-the-middle (MITM) attacks would be detected by third party public servers called notaries which will act as the remote observers. With the SSL protocol, many people were prone to these MITM attacks. With the invention of convergence, however, there were a lot of redundancies and a reduced number of failures. This was enabled simply because several notaries would vouch for a site. Even though a user might not trust the notary, a non-malicious site could as well be chosen given the fact that the several remaining notaries vouch for it. However, convergence did not succeed in reaching wide-spread deployment as most of the technical glitches that were experienced in SSL used to bite convergence as well.A number of technologies have been competing as to which will provide the soluti on of the MiTM ever since convergence. A new protocol called the DNS-based Authentication of Named Entities (DANE) has emerged that allows you to securely specify which SSL certificate to connect to your own site. In the past few years, certificates have been offered to those well-known domains that never use their own domain. This is a big problem in that any breach of the CA could offer a certificate issued to any domain. However, DANE avoids this type of problems rendering it the better of the security protocols available. Apart from the internet, DANE is being used in securing communication over email and other instant messaging protocols. (Bella, 2007)In the process of finding a replacement to SSL due to the security vulnerabilities, convergence proposed that people will get browsers add on that completely replaces the CA infrastructure once it is activated. The add on will work on a principle that whenever you visit any SSL site, the browser will contact two or more remote par ties and ask them to check for you if the site is safe. Only then will you the user decide on whether to trust the site. In addition to that, one also gets the opportunity to choose to trust a certificate and that only applies when the user has seen the certificate in a number of sites. Here the user is advised on not to rush but take his time to assess the certificate and choose whether to trust it. DANE on the other end tends to introduce trust anchor assertions, which will enable the operator of a certain domain to advertise another trust anchor where the certificates of the domain are issued. Althou...