Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
COMPSEC
2008
2008
SSL/TLS session-aware user authentication revisited
Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, and there are only a few technologies available to mitigate the risks. In [OHB05], we introduced the notion of SSL/TLS session-aware user authentication to protect SSL/TLSbased e-commerce applications against MITM attacks, and we proposed an implementation based on impersonal authentication tokens. In this paper, we present a number of extensions and variations of SSL/TLS session-aware user authentication. More specifically, we address multiinstitution tokens, possibilities for changing the PIN, and possibilities for making several popular and widely deployed user authentication systems be SSL/TLS session-aware. Furthermore, we also investigate the technical feasibility and the security implications of software-based implementations of SSL/TLS session-aware user authentication. Keywords. Electronic commerce, security, phishing, pharming, man-inthe-middle attack, SSL/TLS protocol, SSL/TLS-aw...
Real-time Traffic| Added | 09 Dec 2010 |
| Updated | 09 Dec 2010 |
| Type | Journal |
| Year | 2008 |
| Where | COMPSEC |
| Authors | Rolf Oppliger, Ralf Hauser, David A. Basin |
Comments (0)
Researcher Info
|
