A Proof of concept Implementation of SSL/TLS Session-Aware User Authentication (original) (raw)

2008

Abstract

Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, such as Internet banking. SSL/TLS session-aware user authentication can be used to mitigate the risks and to protect users against MITM attacks in an SSL/TLS setting. In this paper, we further delve into SSL/TLS session-aware user authentication and possibilities to implement it. More specifically, we overview, discuss, and put into perspective a proof of concept implementation that demonstrates the feasibility of the token-based approach. The results are promising, and we intend to develop turnkey solutions that can be used to secure e-commerce applications in terms of protection against MITM attacks.

Bruno Kaiser hasn't uploaded this paper.

Let Bruno know you want this paper to be uploaded.

Ask for this paper to be uploaded.