Sciweavers

COMPUTER
2008

SSL/TLS Session-Aware User Authentication

13 years 3 months ago
SSL/TLS Session-Aware User Authentication
Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, such as Internet banking. SSL/TLS session-aware user authentication can be used to mitigate the risks and to protect users against MITM attacks in an SSL/TLS setting. In this paper, we further delve into SSL/TLS session-aware user authentication and possibilities to implement it. More specifically, we overview, discuss, and put into perspective a proof of concept implementation that demonstrates the feasibility of the token-based approach. The results are promising, and we intend to develop turnkey solutions that can be used to secure e-commerce applications in terms of protection against MITM attacks. Keywords. Electronic commerce, security, man-in-the-middle attack, SSL/TLS protocol, SSL/TLS-aware user authentication
Rolf Oppliger, Ralf Hauser, David A. Basin
Added 09 Dec 2010
Updated 09 Dec 2010
Type Journal
Year 2008
Where COMPUTER
Authors Rolf Oppliger, Ralf Hauser, David A. Basin
Comments (0)