Scribd Logo
Carica

Benvenuto in Scribd!

  • Ccit - Paper - 2012 - Science Article Check Sheet

    Caricato da

    kikfdksdks sds
    5 visualizzazioni2 pagine
    science checklist

    Titolo originale

    Ccit_paper_2012 - Science Article Check Sheet

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOC, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    science checklist

    Copyright:

    © All Rights Reserved
    Scarica in formato DOC, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    5 visualizzazioni2 pagine

    Ccit - Paper - 2012 - Science Article Check Sheet

    Caricato da

    kikfdksdks sds
    science checklist

    Copyright:

    © All Rights Reserved
    Scarica in formato DOC, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 2

    06/02/17 Holmes & Gordon & Cahill /Research Methods 6/02/17 p.

    Contents
    Key points..................................................................................................................2
    Follow up...................................................................................................................2
    Significant referenced sources...................................................................................2

    Name of article Cryptographic Vulnerabilities in Real-Life Web Servers

    Evaluation criteria Notes


    What type of article is it? Content: Conference paper
    What is the main issue/problem Content: vulnerabilities in deployed SSL secure websites
    being discussed?
    Skim read what could your Content: essentially a similar idea as my proposal but limited to
    dissertation gain by including checking SSL RSA key length.
    this article?
    What is the articles Content: large real world analysis
    contribution to knowledge?
    How can this information be Content: yes, recent publication 2013
    integrated into your review?
    Compare and contrast to similar Content:
    articles for or against/ or an
    extension of the literature?
    Are there recommendations for Content: no
    further research?
    Where is the article placed in Evaluation: no based on a thesis
    your field? Famous author?
    Is the article well written, Evaluation: reasonable some maths I dont understand
    interesting and easy to read?
    Is there a clear research question Evaluation of Hypothesis: how vulnerable are real world
    can it be tested? implementations of SSL

    What methods are used to carry Evaluation of the Research Design: gather certs from live
    out research servers, check key strength and vulnerabilities, geolocate

    Is the design appropriate for Evaluation of the Research Design: yes


    testing the stated hypothesis?
    What are the limitations of the Evaluation of the Research Design: list of domains used is
    design/research methods? outdated, not all commercial sites, programming issues

    Are there aspects of the design Evaluation of the Research Design: yes
    that could be applied to your
    work?
    Are the results well displayed Evaluation of Data Presentation: limited
    and clear?
    Are the results in keeping with Evaluation of the Research Results: yes
    the design?
    Are the implications of the Evaluation of the Research Results: yes
    study clear?
    Have the results been Evaluation of further calls for research: limited
    appropriately discussed?
    06/02/17 Holmes & Gordon & Cahill /Research Methods 6/02/17 p. 2

    Key points
    The article is from 2013 conference paper based on MSc thesis by the author.
    Discusses testing of SSL key strength in a large database of live servers - very
    large numbers (6,248,784 distinct domain names, 1,713,388 (27.42% of the
    original .com and .co set) SSL-enabled servers.
    Used multi-threaded java code might be more difficult than I thought to do
    the scripting
    Use geo loation rather than alexa to locate servers this is physical location
    based on IP range does not necessarily correlate to my plan - .ie domains can
    be hosted internationally

    Follow up
    Look at the key strength recommendations and

    Significant referenced sources


    N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman, Mining Your Ps and
    Qs: Detection of Widespread Weak Keys in Network Devices, in Proc. of the 21st
    USENIX conf. on Security symposium (Security'12), Berkeley, CA, USA, 2012, pp.
    35-35.

    E. Barker, W. Barker, W. Burr, P. William, and M. Smid. (2012, Jul.).


    Recommendation for Key Management Part 1: General (Revision3) [Online].
    Available: http://csrc.nist.gov/publications/nistpubs

    [19] A. Lenstra (2004, June), Key Lengths [Online]. Available FTP: ftp://cm.bell-
    labs.com/who/akl/key_lengths.pdf

    [20] D. Giry. (2013, Feb.). Cryptographic Key Length Recommendations [Online].


    Available: http://www.keylength.com.

    E. Barker, W. Barker, W. Burr, P. William, and M. Smid. (2012, Jul.).


    Recommendation for Key Management Part 1: General (Revision3) [Online].
    Available: http://csrc.nist.gov/publications/nistpubs

    [19] A. Lenstra (2004, June), Key Lengths [Online]. Available FTP: ftp://cm.bell-
    labs.com/who/akl/key_lengths.pdf

    [20] D. Giry. (2013, Feb.). Cryptographic Key Length Recommendations [Online].


    Available: http://www.keylength.com

    Potrebbero piacerti anche