Performance analysis for extended TLS with mutual attestation for platform integrity assurance
A web service is a web-based application connected via the internet connectivity. The common web-based applications are deployed using web browsers and web servers. However, the security of Web Service is a major concern issues since it is not widely studied and integrated in the design stage of Web...
| Main Authors: | , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
IEEE
2014
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/48020/ http://psasir.upm.edu.my/id/eprint/48020/1/Performance%20analysis%20for%20extended%20TLS%20with%20mutual%20attestation%20for%20platform%20integrity%20assurance.pdf |
| _version_ | 1848850967401857024 |
|---|---|
| author | Abd Aziz, Norazah Udzir, Nur Izura Mahmod, Ramlan |
| author_facet | Abd Aziz, Norazah Udzir, Nur Izura Mahmod, Ramlan |
| author_sort | Abd Aziz, Norazah |
| building | UPM Institutional Repository |
| collection | Online Access |
| description | A web service is a web-based application connected via the internet connectivity. The common web-based applications are deployed using web browsers and web servers. However, the security of Web Service is a major concern issues since it is not widely studied and integrated in the design stage of Web Service standard. They are add-on modules rather a well-defined solutions in standards. So, various web services security solutions have been defined in order to protect interaction over a network. Remote attestation is an authentication technique proposed by the Trusted Computing Group (TCG) which enables the verification of the trusted environment of platforms and assuring the information is accurate. To incorporate this method in web services framework in order to guarantee the trustworthiness and security of web-based applications, a new framework called TrustWeb is proposed. The TrustWeb framework integrates the remote attestation into SSL/TLS protocol to provide integrity information of the involved endpoint platforms. The framework enhances TLS protocol with mutual attestation mechanism which can help to address the weaknesses of transferring sensitive computations, and a practical way to solve the remote trust issue at the client-server environment. In this paper, we describe the work of designing and building a framework prototype in which attestation mechanism is integrated into the Mozilla Firefox browser and Apache web server. We also present framework solution to show improvement in the efficiency level. |
| first_indexed | 2025-11-15T10:14:42Z |
| format | Conference or Workshop Item |
| id | upm-48020 |
| institution | Universiti Putra Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T10:14:42Z |
| publishDate | 2014 |
| publisher | IEEE |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | upm-480202016-08-03T04:37:05Z http://psasir.upm.edu.my/id/eprint/48020/ Performance analysis for extended TLS with mutual attestation for platform integrity assurance Abd Aziz, Norazah Udzir, Nur Izura Mahmod, Ramlan A web service is a web-based application connected via the internet connectivity. The common web-based applications are deployed using web browsers and web servers. However, the security of Web Service is a major concern issues since it is not widely studied and integrated in the design stage of Web Service standard. They are add-on modules rather a well-defined solutions in standards. So, various web services security solutions have been defined in order to protect interaction over a network. Remote attestation is an authentication technique proposed by the Trusted Computing Group (TCG) which enables the verification of the trusted environment of platforms and assuring the information is accurate. To incorporate this method in web services framework in order to guarantee the trustworthiness and security of web-based applications, a new framework called TrustWeb is proposed. The TrustWeb framework integrates the remote attestation into SSL/TLS protocol to provide integrity information of the involved endpoint platforms. The framework enhances TLS protocol with mutual attestation mechanism which can help to address the weaknesses of transferring sensitive computations, and a practical way to solve the remote trust issue at the client-server environment. In this paper, we describe the work of designing and building a framework prototype in which attestation mechanism is integrated into the Mozilla Firefox browser and Apache web server. We also present framework solution to show improvement in the efficiency level. IEEE 2014 Conference or Workshop Item PeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/48020/1/Performance%20analysis%20for%20extended%20TLS%20with%20mutual%20attestation%20for%20platform%20integrity%20assurance.pdf Abd Aziz, Norazah and Udzir, Nur Izura and Mahmod, Ramlan (2014) Performance analysis for extended TLS with mutual attestation for platform integrity assurance. In: 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent Systems (IEEE-CYBER 2014), 4-7 June 2014, Hong Kong, China. (pp. 13-18). 10.1109/CYBER.2014.6917428 |
| spellingShingle | Abd Aziz, Norazah Udzir, Nur Izura Mahmod, Ramlan Performance analysis for extended TLS with mutual attestation for platform integrity assurance |
| title | Performance analysis for extended TLS with mutual attestation for platform integrity assurance |
| title_full | Performance analysis for extended TLS with mutual attestation for platform integrity assurance |
| title_fullStr | Performance analysis for extended TLS with mutual attestation for platform integrity assurance |
| title_full_unstemmed | Performance analysis for extended TLS with mutual attestation for platform integrity assurance |
| title_short | Performance analysis for extended TLS with mutual attestation for platform integrity assurance |
| title_sort | performance analysis for extended tls with mutual attestation for platform integrity assurance |
| url | http://psasir.upm.edu.my/id/eprint/48020/ http://psasir.upm.edu.my/id/eprint/48020/ http://psasir.upm.edu.my/id/eprint/48020/1/Performance%20analysis%20for%20extended%20TLS%20with%20mutual%20attestation%20for%20platform%20integrity%20assurance.pdf |