Master of Engineering Science
Electrical and Computer Engineering
Ouda, Abdelkader H.
In a world where digitalization is rapidly advancing, the security and privacy of intra-domain communication within organizations are of critical concern. The imperative to secure communication channels among physical systems has led to the deployment of various security approaches aimed at fortifying networking protocols. However, these approaches have typically been designed to secure protocols individually, lacking a holistic perspective on the broader challenge of intra-domain communication security. This omission raises fundamental concerns about the safety and integrity of intra-domain environments, where all communication occurs within a single domain. As a result, this thesis introduces SSL Everywhere, a comprehensive solution designed to address the evolving challenges of secure data transmission in intra-domain environments. By leveraging Hardware Security Modules (HSMs), SSL Everywhere aims to utilize the Secure Socket Layer (SSL) protocol within intra-domain environments to ensure data confidentiality, authentication, and integrity.
In addition, solutions proposed by academic researchers and industry have not addressed the issue in a holistic and integrative manner, as they only apply to specific types of environments or servers, and do not utilize all cryptographic operations for robust security. Thus, SSL Everywhere bridges this gap by offering a unified and comprehensive solution that includes certificate management, key management practices, and various security services.
By acknowledging the importance of secure communication principles and their application within the unique context of intra-domain communication, this research contributes to the ongoing discourse on network security and provides a promising pathway to secure the future of intra-domain environments.
Summary for Lay Audience
In today's digital age, ensuring the security of our online communication has become more critical than ever. One area where this security is paramount is within organizations, where multiple servers are placed to handle various requests. The optimal solution to ensure secure communication between those servers is to deploy Secure Socket Layer (SSL). SSL is a fundamental security protocol that helps transform readable data into an unreadable format during transmission. Moreover, Deploying SSL in a communication channel verifies the identities of the two parties communicating with each other.
While SSL is a powerful tool, implementing it within the communication channels in organizational domains can be quite challenging. SSL demands extensive cryptographic practices to ensure that cryptographic keys and digital certificates are correctly configured and up to date. This complexity often leaves organizations grappling with the complexities of SSL deployment.
Thus, multiple security mechanisms for the currently employed networking protocols have been proposed as potential alternatives to SSL. Plus, multiple solutions have been presented to overcome the issue of securing organizational communication. However, those solutions always have a gap in addressing the comprehensive security needs of intra-domain environments. These environments, where all communication occurs within a single domain, such as an organization, demand a unified approach to ensure communication security. The existing security mechanisms typically focus on securing individual aspects and lack the comprehensive protection required for sensitive data transmission.
As a result, this thesis introduces SSL Everywhere, a standardized solution designed to address the evolving challenges of secure data transmission in intra-domain environments. SSL Everywhere leverages Hardware Security Modules (HSMs), which are hardware devices that act as a root of trust to perform various cryptographic operations, to fully utilize SSL protocol within intra-domain environments.
Aref, Yazan, "SSL Everywhere: Leveraging HSMs for Enhanced Intra-Domain Security" (2023). Electronic Thesis and Dissertation Repository. 9897.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Available for download on Sunday, September 01, 2024