Author:
Razumov Pavel,Cherckesova Larissa,Revyakina Elena,Morozov Sergey,Medvedev Dmitry,Lobodenko Andrei
Abstract
SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications are designed to provide authentication based on a public key certificate, as well as generating a secure session key and traffic privacy based on a symmetric key. Today, a large number of e-commerce applications such as stock trading, banking, shopping and gaming rely on the robustness of the SSL/TLS protocol. Recently, a potential threat known as a Man-in-the-Middle or main-in-the-middle (MITM) attack has been used by attackers to attack SSL/TLS-enabled web applications, especially when users want to connect to an SSL/TLS-enabled web server. SSL/TLS. The current article discusses the Man-in-the-Middle attack threat for SSL/TLS-enabled web applications. The existing solution space for countering a MITM attack on SSL/TLS-enabled applications is also considered, and an effective solution is proposed that can resist a MITM attack on SSL/TLS-enabled applications. The proposed solution uses a soft token approach for user authentication in addition to SSL/TLS security features. The proposed solution is claimed to be safe, effective and user-friendly compared to similar approaches.
Reference13 articles.
1. Burkhold P., (2002) Man-in-the-Middle SSL Attacks. SANS Information Security Institute
2. Dhamija R., Tygar J. D., Phishing Fight: Dynamic Security Skins, Symposium on Useful Privacy and Security (ACM Press, 2005)
3. Dirks T., Rescorla E., Transport layer security protocol. Network Working Group, RFC 5246 (2008)
4. Kumar T.R., Raghavan S.V., PassPattern System (PPS): A template-based user authentication scheme. IFIP-TC6 International Networking Conference on AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet, ACM Press 162-169 (2008)
5. Trust on Web Browser: Attack vs. Defense