Please use this identifier to cite or link to this item:
Full metadata record
DC FieldValueLanguage
dc.contributor.authorPathangi Janardhanan Jatinshravan
dc.description.abstractTLS is a commonly used protocol that provides a secure communication channel through the use of encryption and is widely used by HTTPS websites. TLS allows client/server applications to communicate securely in a way that is “designed to prevent eavesdropping, tampering and message forgery” [1]. However, there are possible ways an attacker can break the security offered by TLS, one of which is a cipher suite downgrade attack, which can take the form of a FREAK attack or a Logjam, both discovered in 2015, wherein a man in the middle can force the client and the server to use a weaker cipher suite which can be broken, thus allowing the attacker access to the communication between the client and the server. In this project, I attempted to defend a TLS virtual server running on a Xen Hypervisor against downgrade attack attempts by intercepting the TLS Client Hello, which is the first message in a TLS communication, and examining the client’s preferred cipher suite, dropping the client hello if the cipher suite is not of the desired standard, thus ensuring that a TLS connection does not take place. This is done by monitoring incoming network packets from the Hypervisor’s netback driver. This solution has the benefit of the user of the virtual machine or virtual server not having to modify or worry about placing restrictions on their TLS server, as TLS Security is handled by the Hypervisor without the interference of the virtual machine. This solution can have positive implications, especially considering that the world is moving more towards virtualization and virtualized servers.en_US
dc.format.extent47 p.en_US
dc.rightsNanyang Technological University
dc.subjectDRNTU::Engineering::Computer science and engineeringen_US
dc.titleDeveloping a Xen hypervisor based alternate defense against cipher suite downgrade attacks for virtual TLS serversen_US
dc.typeFinal Year Project (FYP)en_US
dc.contributor.supervisorAlwen Fernanto Tiuen_US
dc.contributor.schoolSchool of Computer Science and Engineeringen_US
dc.description.degreeBachelor of Engineering (Computer Engineering)en_US
item.fulltextWith Fulltext-
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)
Files in This Item:
File Description SizeFormat 
FYP Report.pdf
  Restricted Access
1.51 MBAdobe PDFView/Open

Page view(s)

Updated on Jul 14, 2024

Download(s) 50

Updated on Jul 14, 2024

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.