Design and Implementation of a Secure Communication Architecture

Thumbnail Image
Faisal, Md. Abu
Security Protocol , Public Key Infrastructure , Group Key Exchange , Perfect Forward Secrecy , Authentication , PKI , GKE
Internet communications transitioned from the traditional client-server model to the cloud model and are going towards a decentralized hybrid model. The communications are protected by the traditional security protocols. The participants (especially, server-side) are authenticated using a certificate authority (CA)-based public key infrastructure (PKI). However, the security protocols and the CA-based PKI are not always able to address the challenges associated with these communications. The significant growth in online activities in our everyday life over time increases the associated security threats even more. The lack of an efficient and scalable group key exchange (GKE) for secure group communications escalates the severity of the associated security threats even further. In this thesis, we design and implement a comprehensive secure communication architecture for any Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)-based internet communications between two or more participants. This architecture can address the associated security threats and overcome the shortcomings of the traditional security protocols and the CA-based PKI. This work involves the designing of a security protocol that works for both TCP and UDP communications, a distributed key server-based PKI for authentication, and a secure authenticated scalable group key exchange. This architecture ensures security for the data-in-transit in any TCP and UDP-based secure communications. The proposed PKI solves the certificate mis-issuance and revocation problems of the CA-based PKI. The proposed GKE ensures the security for static and dynamic group communications between large number of participants. It supports change-of-membership (i.e., adding or removing participants in an existing group communication) efficiently. The architecture protects the communications against some most common attacks, such as man-in-the-middle (MITM) (including eavesdropping, sniffing, identity spoofing, data tampering), sensitive information disclosure, compromised-key, key tampering, certificate mis-issuance, certificate cloning, repudiation, replay, and re-negotiation attacks. The results show prominent evidence that the designed architecture effectively enhances the security of TCP and UDP-based internet communications between two or more participants, offers adequate performance over the traditional security protocols, and overcomes the limitations of the traditional security protocols and the CA-based PKI.
External DOI