Akademik Veri Yönetim Sistemi
Tezin Türü: Doktora
Tezin Yürütüldüğü Kurum: Orta Doğu Teknik Üniversitesi, Fen Edebiyat Fakültesi, Matematik Bölümü, Türkiye
Tezin Onay Tarihi: 2016
Öğrenci: EMRE YÜCE
Danışman: ALİ DOĞANAKSOY
Özet:SSL/TLS is the de facto protocol for providing secure communication over the Internet. It relies on the Web PKI model for authentication and secure key exchange. Despite its relatively successful past, the number of Web PKI incidents observed have increased recently. These incidents revealed the risks of forged certificates issued by certificateauthoritieswithouttheconsentofthedomainowners. Severalsolutionshave beenproposedtosolvethisproblem,butnosolutionhasyetreceivedwidespreadadaption due to complexity and deployability issues. In this work, we propose a practical mechanism that enables servers to get their certificate views across the Internet, making detection of a certificate substitution attack possible. The origin of the certificate substitution attack can also be located by this mechanism. We have conducted simulation experiments and evaluated our proposal using publicly available, real-world BGP data. We have obtained promising results on the AS-level Internet topology.