Design and Implementation of a Secure Communication Architecture

dc.contributor.authorFaisal, Md. Abuen
dc.contributor.supervisorZulkernine, Mohammad's University at Kingstonen
dc.description.abstractInternet communications transitioned from the traditional client-server model to the cloud model and are going towards a decentralized hybrid model. The communications are protected by the traditional security protocols. The participants (especially, server-side) are authenticated using a certificate authority (CA)-based public key infrastructure (PKI). However, the security protocols and the CA-based PKI are not always able to address the challenges associated with these communications. The significant growth in online activities in our everyday life over time increases the associated security threats even more. The lack of an efficient and scalable group key exchange (GKE) for secure group communications escalates the severity of the associated security threats even further. In this thesis, we design and implement a comprehensive secure communication architecture for any Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)-based internet communications between two or more participants. This architecture can address the associated security threats and overcome the shortcomings of the traditional security protocols and the CA-based PKI. This work involves the designing of a security protocol that works for both TCP and UDP communications, a distributed key server-based PKI for authentication, and a secure authenticated scalable group key exchange. This architecture ensures security for the data-in-transit in any TCP and UDP-based secure communications. The proposed PKI solves the certificate mis-issuance and revocation problems of the CA-based PKI. The proposed GKE ensures the security for static and dynamic group communications between large number of participants. It supports change-of-membership (i.e., adding or removing participants in an existing group communication) efficiently. The architecture protects the communications against some most common attacks, such as man-in-the-middle (MITM) (including eavesdropping, sniffing, identity spoofing, data tampering), sensitive information disclosure, compromised-key, key tampering, certificate mis-issuance, certificate cloning, repudiation, replay, and re-negotiation attacks. The results show prominent evidence that the designed architecture effectively enhances the security of TCP and UDP-based internet communications between two or more participants, offers adequate performance over the traditional security protocols, and overcomes the limitations of the traditional security protocols and the CA-based PKI.en
dc.relation.ispartofseriesCanadian thesesen
dc.rightsQueen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canadaen
dc.rightsProQuest PhD and Master's Theses International Dissemination Agreementen
dc.rightsIntellectual Property Guidelines at Queen's Universityen
dc.rightsCopying and Preserving Your Thesisen
dc.rightsThis publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.en
dc.subjectSecurity Protocolen
dc.subjectPublic Key Infrastructureen
dc.subjectGroup Key Exchangeen
dc.subjectPerfect Forward Secrecyen
dc.titleDesign and Implementation of a Secure Communication Architectureen
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
8.71 MB
Adobe Portable Document Format
Thesis document
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
1.67 KB
Item-specific license agreed upon to submission