Design and Implementation of a Secure Communication Architecture
Loading...
Authors
Faisal, Md. Abu
Date
Type
thesis
Language
eng
Keyword
Security Protocol , Public Key Infrastructure , Group Key Exchange , Perfect Forward Secrecy , Authentication , PKI , GKE
Alternative Title
Abstract
Internet communications transitioned from the traditional client-server model to the cloud model and are going towards a decentralized hybrid model. The communications are protected by the traditional security protocols. The participants (especially, server-side) are authenticated using a certificate authority (CA)-based public key infrastructure (PKI). However, the security protocols and the CA-based PKI are not always able to address the challenges associated with these communications. The significant growth in online activities in our everyday life over time increases the associated security threats even more. The lack of an efficient and scalable group key exchange (GKE) for secure group communications escalates the severity of the associated security threats even further. In this thesis, we design and implement a comprehensive secure communication architecture for any Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)-based internet communications between two or more participants. This architecture can address the associated security threats and overcome the shortcomings of the traditional security protocols and the CA-based PKI. This work involves the designing of a security protocol that works for both TCP and UDP communications, a distributed key server-based PKI for authentication, and a secure authenticated scalable group key exchange. This architecture ensures security for the data-in-transit in any TCP and UDP-based secure communications. The proposed PKI solves the certificate mis-issuance and revocation problems of the CA-based PKI. The proposed GKE ensures the security for static and dynamic group communications between large number of participants. It supports change-of-membership (i.e., adding or removing participants in an existing group communication) efficiently. The architecture protects the communications against some most common attacks, such as man-in-the-middle (MITM) (including eavesdropping, sniffing, identity spoofing, data tampering), sensitive information disclosure, compromised-key, key tampering, certificate mis-issuance, certificate cloning, repudiation, replay, and re-negotiation attacks. The results show prominent evidence that the designed architecture effectively enhances the security of TCP and UDP-based internet communications between two or more participants, offers adequate performance over the traditional security protocols, and overcomes the limitations of the traditional security protocols and the CA-based PKI.
Description
Citation
Publisher
License
Queen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canada
ProQuest PhD and Master's Theses International Dissemination Agreement
Intellectual Property Guidelines at Queen's University
Copying and Preserving Your Thesis
This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.
ProQuest PhD and Master's Theses International Dissemination Agreement
Intellectual Property Guidelines at Queen's University
Copying and Preserving Your Thesis
This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.