Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
COMCOM
2006
2006
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle
Abstract. Man-in-the-middle attacks pose a serious threat to SSL/TLSbased electronic commerce applications, such as Internet banking. In this paper, we argue that most deployed user authentication mechanisms fail to provide protection against this type of attack, even when they run on top of SSL/TLS. As a possible countermeasure, we introduce the notion of SSL/TLS session-aware user authentication, and present different possibilities for implementing it. More specifically, we start with a basic implementation that employs impersonal authentication tokens. Afterwards, we address extensions and enhancements and discuss possibilities for implementing SSL/TLS session-aware user authentication in software. Keywords. Security, man-in-the-middle (MITM) attack, SSL/TLS protocol, user authentication, electronic commerce
Real-time Traffic| Added | 11 Dec 2010 |
| Updated | 11 Dec 2010 |
| Type | Journal |
| Year | 2006 |
| Where | COMCOM |
| Authors | Rolf Oppliger, Ralf Hauser, David A. Basin |
Comments (0)
Researcher Info
|
