Hide metadata

dc.contributor.authorHovlandsvåg, Joakim Salbu
dc.date.accessioned2014-09-02T22:00:53Z
dc.date.available2014-09-02T22:00:53Z
dc.date.issued2013
dc.identifier.citationHovlandsvåg, Joakim Salbu. Authenticating HTTPS servers through the use of DNS in an Offline Personal Authentication Device (OffPAD). Master thesis, University of Oslo, 2014
dc.identifier.urihttp://hdl.handle.net/10852/40464
dc.description.abstractThis Master's project investigates how to strengthen the server authentication for end users using an Offline Personal Authentication Device (OffPAD), especially when combined with DNSSEC. The Master's project is a part of the Local User-Centric Identity Management (LUCIDMAN) project - http://www.lucidman.org - a Franco-Norwegian research project seeking to strengthen the security usability for end users. The research project's main focus is an OffPAD, which is a physical device that should be mainly offline and should help the user in the authentication and transaction process when using services online on a computer or when in a physical location like a shop. The device contains functionality to help the end user in securing its activity and transactions, protecting its credentials and avoid phishing and network attacks. The goal of this thesis is to find a solution to authentication of online servers when the authentication process happens in an offline device. The information required for the authentication process must be transferred through an untrusted online device, like the user's computer, that might be infected with Trojans, or an online device in the shop, that might have been tampered with. The proposal is motivated by the increasing lack of trust in the Public-Key Infrastructure using X.509 that is used for HTTPS today, and the increased trust and popularity in using DNSSEC for authenticated information. By using DNSSEC for storing authenticated information, the OffPAD could make use of the newly standardized TLSA specification, which defines how to store certificates in DNS and how to use them in HTTPS and for other protocols. The solution should still be able to use the current X.509 PKI for servers that is not set up with DNSSEC or TLSA. The proposed solutions will in parts be useful for online entities too, as DNSSEC have been blocked in some networks, and might be slow to process for clients with a requirement of short response times, like web browsers.eng
dc.language.isoeng
dc.subjectLUCIDMAN
dc.subjectTLSA
dc.subjectauthentication
dc.subjectPKIX
dc.subjectHTTPS
dc.subjectdigital
dc.subjectsignature
dc.subjectOffPAD
dc.subjectDNSSEC
dc.subjectDANE
dc.subjectCA
dc.titleAuthenticating HTTPS servers through the use of DNS in an Offline Personal Authentication Device (OffPAD)eng
dc.typeMaster thesis
dc.date.updated2014-09-03T22:00:45Z
dc.creator.authorHovlandsvåg, Joakim Salbu
dc.identifier.urnURN:NBN:no-45186
dc.type.documentMasteroppgave
dc.identifier.fulltextFulltext https://www.duo.uio.no/bitstream/handle/10852/40464/1/masterthesis.pdf


Files in this item

Appears in the following Collection

Hide metadata