Browse

TLS Cross Credential (TLS-CC) for Authentication in Delegated Networks
위임된 네트워크에서의 인증을 위한 TLS 상호증명

DC Field Value Language
dc.contributor.advisor권태경-
dc.contributor.authorPWINT MYAT KAY KHINE-
dc.date.accessioned2017-10-31T07:40:39Z-
dc.date.available2017-10-31T07:40:39Z-
dc.date.issued2017-08-
dc.identifier.other000000144950-
dc.identifier.urihttps://hdl.handle.net/10371/137439-
dc.description학위논문 (석사)-- 서울대학교 대학원 공과대학 컴퓨터공학부, 2017. 8. 권태경.-
dc.description.abstractNowadays, most of the content providers such as media and entertainment companies use the Content Delivery Network (CDN) services for faster delivery and higher availability. Using a globally distributed server infrastructure to absorb the network traffic, CDNs are believed to offer faster experience to the end-users and a degree of protection from Distributed Denial of Service (DDoS) attacks. However, despite the benefits of such features, there are several drawbacks related to the authentication of the third party edge networks of CDN. Current mechanisms either trust the CDN providers with the private keys or allow a certification authority to issue the CDN a certificate. Both mechanisms are undesirable in terms of attack space expansion due to the sharing of private keys or in terms of domain confusion and complicated revocation process of the CDNs certificate.
This paper proposes an authentication mechanism in CDN edge networks which does not require trusting the CDN or allowing the certification authority to issue a shared certificate to CDN. Using an object called a cross credential (CC) which can prove the delegated relationship between the CDN edge and the origin server, the proposed mechanism offers efficient solution to the above security concerns with extremely low latency and computation overhead compared to the existing solutions. We implemented our proposed mechanism by extending the standard Transport Layer Security (TLS) protocol to create the CC in the back-end channel and verify the CC in the front-end channel for edge server authentication.
-
dc.description.tableofcontentsChapter 1 Introduction 1
Chapter 2 Background 5
2.1 Content Delivery Network (CDN) 5
2.2 SSL certificates for Edge Authentication 6
2.2.1 Custom certificate 7
2.2.2 Shared certificate 8
Chapter 3 Related Works 9
3.1 DANE-based HTTPS Delegation 9
3.2 CloudFlares Keyless SSL 10
3.3 HTTPS-based Redirection for Delegation 11
Chapter 4 TLS Cross Credential (TLS-CC) 12
4.1 Design Principles 12
4.2 Cross Credential (CC) 13
4.2.1 CC Generation 15
4.2.2 CC Verification 16
Chapter 5 Implementation 18
5.1 User-side modifications 18
5.2 Edge-side modifications 19
Chapter 6 Evaluation 21
6.1 Experiment Setup 21
6.2 Client-side Evaluation 22
6.2.1 Comparison of different delegation schemes 22
6.2.2 Comparison of TLS-CC and CDN Custom scheme 24
6.3 Server-side Evaluation 26
6.3.1 Comparison of outgoing traffic at Edge Server 26
6.3.2 Comparison of memory utilization at Edge Server 27
6.4 Security Evaluation 29
Chapter 7 Conclusion 31
Bibliography 33
초록 36
-
dc.formatapplication/pdf-
dc.format.extent4156437 bytes-
dc.format.mediumapplication/pdf-
dc.language.isoen-
dc.publisher서울대학교 대학원-
dc.subjectContent Delivery Network-
dc.subjectTransport Layer Security-
dc.subjectDelegation-
dc.subjectAuthentication-
dc.subject.ddc621.39-
dc.titleTLS Cross Credential (TLS-CC) for Authentication in Delegated Networks-
dc.title.alternative위임된 네트워크에서의 인증을 위한 TLS 상호증명-
dc.typeThesis-
dc.contributor.AlternativeAuthor케이카인-
dc.description.degreeMaster-
dc.contributor.affiliation공과대학 컴퓨터공학부-
dc.date.awarded2017-08-
Appears in Collections:
College of Engineering/Engineering Practice School (공과대학/대학원)Dept. of Computer Science and Engineering (컴퓨터공학부)Theses (Master's Degree_컴퓨터공학부)
Files in This Item:
  • mendeley

Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.

Browse