Rolf Oppliger - Academia.edu (original) (raw)

Related Authors

Shujun Li

Daniyal Alghazzawi

Alvin Liu

Universidad Nacional de Colombia (National University of Colombia)

IRJET Journal

Josh Bond

Uploads

Papers by Rolf Oppliger

Research paper thumbnail of SSL/TLS session-aware user authentication revisited

Computers & Security, 2008

Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications. ... more Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications. In [OHB06], we introduced the notion of SSL/TLS session-aware user authentication to protect SSL/TLSbased e-commerce applications against MITM attacks and we proposed an implementation based on impersonal authentication tokens. In this paper, we present a number of extensions of the basic idea. These include multi-institution tokens, possibilities for changing the PIN, and, most importantly, different ways of making several popular and widely deployed user authentication systems SSL/TLS session-aware.

Research paper thumbnail of SSL/TLS session-aware user authentication revisited

Computers & Security, 2008

Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications. ... more Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications. In [OHB06], we introduced the notion of SSL/TLS session-aware user authentication to protect SSL/TLSbased e-commerce applications against MITM attacks and we proposed an implementation based on impersonal authentication tokens. In this paper, we present a number of extensions of the basic idea. These include multi-institution tokens, possibilities for changing the PIN, and, most importantly, different ways of making several popular and widely deployed user authentication systems SSL/TLS session-aware.

Log In