Omar Hassan


E-commerce applications have flourished on the Internet because of their ability to perform secure transactions in which the identities of the two parties could be verified and the communications between them encrypted. The Transport Layer Security (TLS) protocol is implemented to make secure transactions possible by creating a secure tunnel between the user's browser and the server with the help of Certificate Authorities (CAs).

CAs are a third party that can be trusted by both the user's browser and the server and are responsible for establishing secured communication between them. The major limitation of this model is the use of CAs as single points of trust that can introduce severe security breaches globally. In my thesis, I provide a high-level design for a new protocol in the application layer of the TCP/IP suite that will build a secure tunnel between the user's browser and the server without the involvement of any third party. My proposed protocol

is called User-Defined Key Pair (UDKP), and its objective is to build a secure tunnel between the user's browser and the server using a public/private key pair generated for the user on the fly inside the user's browser based on the user credential information. This key pair will be used by the protocol instead of the server certificate as the starting point for creating the secure tunnel.

Library of Congress Subject Headings

Data encryption (Computer science); Browsers (Computer programs)--Security measures; Electronic commerce--Security measures

Publication Date


Document Type


Student Type


Degree Name

Networking and System Administration (MS)

Department, Program, or Center

Information Sciences and Technologies (GCCIS)


Charles Border

Advisor/Committee Member

Yin Pan

Advisor/Committee Member

Matt Lidestri


Physical copy available from RIT's Wallace Library at QA76.9.A25 H377 2013


RIT Dubai

Plan Codes