Change search
ReferencesLink to record
Permanent link

Direct link
Analysis of Methods for Chained Connections with Mutual Authentication Using TLS
Linköping University, Department of Electrical Engineering, Information Coding. Linköping University, Faculty of Science & Engineering.
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Analys av metoder för kedjade anslutningar med ömsesidig autentisering användandes TLS (Swedish)
Abstract [en]

TLS is a vital protocol used to secure communication over networks and it provides an end- to-end encrypted channel between two directly communicating parties. In certain situations it is not possible, or desirable, to establish direct connections from a client to a server, as for example when connecting to a server located on a secure network behind a gateway. In these cases chained connections are required.

Mutual authentication and end-to-end encryption are important capabilities in a high assur- ance environment. These are provided by TLS, but there are no known solutions for chained connections.

This thesis explores multiple methods that provides the functionality for chained connec- tions using TLS in a high assurance environment with trusted servers and a public key in- frastructure. A number of methods are formally described and analysed according to multi- ple criteria reflecting both functionality and security requirements. Furthermore, the most promising method is implemented and tested in order to verify that the method is viable in a real-life environment.

The proposed solution modifies the TLS protocol through the use of an extension which allows for the distinction between direct and chained connections. The extension which also allows for specifying the structure of chained connections is used in the implementation of a method that creates chained connections by layering TLS connections inside each other. Testing demonstrates that the overhead of the method is negligible and that the method is a viable solution for creating chained connections with mutual authentication using TLS. 

Place, publisher, year, edition, pages
2015. , 80 p.
Keyword [en]
TLS, SSL, mutual authentication, chained connection, chain, proxy chain, TLS extension, extension, certificates, PKI
National Category
Computer Engineering
URN: urn:nbn:se:liu:diva-119455ISRN: LiTH-ISY-EX--15/4873--SEOAI: diva2:840363
External cooperation
link22 AB
Subject / course
Computer Engineering
2015-06-12, Systemet, B-Huset, Linköpings Universitet, 581 83, Linköping, Linköping, 13:15 (English)
Available from: 2015-08-10 Created: 2015-06-17 Last updated: 2015-08-10Bibliographically approved

Open Access in DiVA

fulltext(637 kB)113 downloads
File information
File name FULLTEXT01.pdfFile size 637 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Petersson, Jakob
By organisation
Information CodingFaculty of Science & Engineering
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 113 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 530 hits
ReferencesLink to record
Permanent link

Direct link