Ensuring the security of web applications operating on the basis of the SSL/TLS protocol
SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications are designed to provide authentication based on a public key certificate, as well as generating a secure session key and traffic privacy based on a symmetric key. Today, a large number of e-commerce applications such as...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
EDP Sciences
2023-01-01
|
| Series: | E3S Web of Conferences |
| Online Access: | https://www.e3s-conferences.org/articles/e3sconf/pdf/2023/39/e3sconf_transsiberia2023_03028.pdf |
| _version_ | 1827896737316995072 |
|---|---|
| author | Razumov Pavel Cherckesova Larissa Revyakina Elena Morozov Sergey Medvedev Dmitry Lobodenko Andrei |
| author_facet | Razumov Pavel Cherckesova Larissa Revyakina Elena Morozov Sergey Medvedev Dmitry Lobodenko Andrei |
| author_sort | Razumov Pavel |
| collection | DOAJ |
| description | SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications are designed to provide authentication based on a public key certificate, as well as generating a secure session key and traffic privacy based on a symmetric key. Today, a large number of e-commerce applications such as stock trading, banking, shopping and gaming rely on the robustness of the SSL/TLS protocol. Recently, a potential threat known as a Man-in-the-Middle or main-in-the-middle (MITM) attack has been used by attackers to attack SSL/TLS-enabled web applications, especially when users want to connect to an SSL/TLS-enabled web server. SSL/TLS. The current article discusses the Man-in-the-Middle attack threat for SSL/TLS-enabled web applications. The existing solution space for countering a MITM attack on SSL/TLS-enabled applications is also considered, and an effective solution is proposed that can resist a MITM attack on SSL/TLS-enabled applications. The proposed solution uses a soft token approach for user authentication in addition to SSL/TLS security features. The proposed solution is claimed to be safe, effective and user-friendly compared to similar approaches. |
| first_indexed | 2024-03-12T22:40:07Z |
| format | Article |
| id | doaj.art-35ff73f539a641e290ae27723db0435f |
| institution | Directory Open Access Journal |
| issn | 2267-1242 |
| language | English |
| last_indexed | 2024-03-12T22:40:07Z |
| publishDate | 2023-01-01 |
| publisher | EDP Sciences |
| record_format | Article |
| series | E3S Web of Conferences |
| spelling | doaj.art-35ff73f539a641e290ae27723db0435f2023-07-21T09:41:17ZengEDP SciencesE3S Web of Conferences2267-12422023-01-014020302810.1051/e3sconf/202340203028e3sconf_transsiberia2023_03028Ensuring the security of web applications operating on the basis of the SSL/TLS protocolRazumov Pavel0Cherckesova Larissa1Revyakina Elena2Morozov Sergey3Medvedev Dmitry4Lobodenko Andrei5Don State Technical UniversityDon State Technical UniversityDon State Technical UniversityInstitute of Service and Entrepreneurship (branch) DSTUInstitute of Service and Entrepreneurship (branch) DSTUInstitute of Service and Entrepreneurship (branch) DSTUSSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications are designed to provide authentication based on a public key certificate, as well as generating a secure session key and traffic privacy based on a symmetric key. Today, a large number of e-commerce applications such as stock trading, banking, shopping and gaming rely on the robustness of the SSL/TLS protocol. Recently, a potential threat known as a Man-in-the-Middle or main-in-the-middle (MITM) attack has been used by attackers to attack SSL/TLS-enabled web applications, especially when users want to connect to an SSL/TLS-enabled web server. SSL/TLS. The current article discusses the Man-in-the-Middle attack threat for SSL/TLS-enabled web applications. The existing solution space for countering a MITM attack on SSL/TLS-enabled applications is also considered, and an effective solution is proposed that can resist a MITM attack on SSL/TLS-enabled applications. The proposed solution uses a soft token approach for user authentication in addition to SSL/TLS security features. The proposed solution is claimed to be safe, effective and user-friendly compared to similar approaches.https://www.e3s-conferences.org/articles/e3sconf/pdf/2023/39/e3sconf_transsiberia2023_03028.pdf |
| spellingShingle | Razumov Pavel Cherckesova Larissa Revyakina Elena Morozov Sergey Medvedev Dmitry Lobodenko Andrei Ensuring the security of web applications operating on the basis of the SSL/TLS protocol E3S Web of Conferences |
| title | Ensuring the security of web applications operating on the basis of the SSL/TLS protocol |
| title_full | Ensuring the security of web applications operating on the basis of the SSL/TLS protocol |
| title_fullStr | Ensuring the security of web applications operating on the basis of the SSL/TLS protocol |
| title_full_unstemmed | Ensuring the security of web applications operating on the basis of the SSL/TLS protocol |
| title_short | Ensuring the security of web applications operating on the basis of the SSL/TLS protocol |
| title_sort | ensuring the security of web applications operating on the basis of the ssl tls protocol |
| url | https://www.e3s-conferences.org/articles/e3sconf/pdf/2023/39/e3sconf_transsiberia2023_03028.pdf |
| work_keys_str_mv | AT razumovpavel ensuringthesecurityofwebapplicationsoperatingonthebasisofthessltlsprotocol AT cherckesovalarissa ensuringthesecurityofwebapplicationsoperatingonthebasisofthessltlsprotocol AT revyakinaelena ensuringthesecurityofwebapplicationsoperatingonthebasisofthessltlsprotocol AT morozovsergey ensuringthesecurityofwebapplicationsoperatingonthebasisofthessltlsprotocol AT medvedevdmitry ensuringthesecurityofwebapplicationsoperatingonthebasisofthessltlsprotocol AT lobodenkoandrei ensuringthesecurityofwebapplicationsoperatingonthebasisofthessltlsprotocol |