Enhancement of secured web protocol using attestation and pseudonymization techniques / Fazli Mat Nor
Lack of security awareness among end users when dealing with internet transactions leaves open many client-side application vulnerabilities as well as privacy threats. Attackers could exploit these vulnerabilities and launch client-side attacks such as the Man in the Middle (MitM) attack or the mali...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2016
|
| Online Access: | https://ir.uitm.edu.my/id/eprint/85770/1/85770.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Lack of security awareness among end users when dealing with internet transactions leaves open many client-side application vulnerabilities as well as privacy threats. Attackers could exploit these vulnerabilities and launch client-side attacks such as the Man in the Middle (MitM) attack or the malicious software attack due to lack of measures to detect malicious changes on the client-side platform and privacy protection. Thus, there is a need to implement a trusted environment and privacy enhancement between the client and the server. This research aims to enhance existing web protocol and preserve the privacy of users using attestation and pseudonymization technique with new proposed protocol, MyTrust. The advantages of proposed protocol include an end-to-end trusted environment which prevents identity impersonation by illegitimate parties. Prior to proposed protocol, this research presented a discussion on related works in term of its advantages and disadvantages. Subsequently, the proposed protocol is analyzed and evaluated based on its security vulnerabilities attack and performance. The analysis results showed that adding this additional preventive measure improved the overall protocol resistance to attack, and the performance of this approach is still comparable with existing implementations. This research emphasizes the significance of trusted computing technology and privacy enhancement technology for web protocols in aid of preventing client-side attacks. |
|---|