China 
Africa 
Explore chapters and articles related to this topic
Cyber Insecurity Is Growing
Published in Larry B. Rainey, Mo Jamshidi, Engineering Emergence, 2018
As an example of the broad consequences a vulnerability in a widely used software component can have, consider the recent Heartbleed vulnerability in OpenSSL and its impact. OpenSSL is an open-source implementation of the secure socket layer (SSL) and transport layer security (TLS) protocols used for securing web communications. The Heartbleed vulnerability occurred in the OpenSSL “assert” function, which is the initiator of a heartbeat protocol to verify that the OpenSSL server is live. The assert function allowed a violation of input parameter assumptions so the request can trigger a data leak. The security risk is that the additional data retrieved from the server’s memory could contain passwords, user identification information, and other confidential information (Woody et al. 2014).
Network Security
Published in Mário Marques da Silva, Cable and Wireless Networks, 2018
OpenSSL is a widely used open source toolkit responsible for implementing the SSL/TLS algorithms in a server. OpenSSL is a collaborative project that implements a commercial grade SSL/TLS. The Heartbleed corresponds to a vulnerability detected in OpenSSL versions 1.0.1 to 1.0.1f, being of buffer overflow type. The Heartbleed vulnerability results from an improper use of the memory that takes place during the keep alive handshaking implemented between both parties when they want to keep the session open even when they do not have any data to exchange, as defined in RFC 6520. The damages of the exploitation of this vulnerability may include message contents (eavesdropping), client credentials, session keys, or even copies of the server’s private keys. The immunization to this vulnerability relies on upgrading the OpenSSL to a version equal or newer than OpenSSL 1.0.1g.
IoT security algorithms
Published in Rajesh Singh, Anita Gehlot, Intelligent Circuits and Systems, 2021
Adnan Mukhtar, P.M. Tiwari, H.P. Singh
The command for generating the private key is Openssl genrsa -out private.pem 1024. The public key is extracted from the private key. The command for generating the public key from the private key is Openssl RSA -in private.pem -out public.pem –out form PEM –pub out. Figure 87.6 presents the generation of the private key.
Policy-based security for distributed manufacturing execution systems
Published in International Journal of Computer Integrated Manufacturing, 2018
Octavian Morariu, Cristina Morariu, Theodor Borangiu
The PKI implementation proposed for securing service-oriented manufacturing systems is based on OpenSSL (2015). OpenSSL is an Open Source toolkit implementing the SSL (v2/v3) and TLS (v1) protocols as well as a full-strength general-purpose cryptography library. The internal JADE agent architecture when integrated with OpenSSL is illustrated in Figure 8.