On the security of SSL/TLS-enabled applications
SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, ba...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Emerald Publishing
2014-01-01
|
| Series: | Applied Computing and Informatics |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2210832714000039 |
| _version_ | 1797727060988264448 |
|---|---|
| author | Manik Lal Das Navkar Samdaria |
| author_facet | Manik Lal Das Navkar Samdaria |
| author_sort | Manik Lal Das |
| collection | DOAJ |
| description | SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, banking, shopping, and gaming rely on the security strength of the SSL/TLS protocol. In recent times, a potential threat, known as main-in-the-middle (MITM) attack, has been exploited by attackers of SSL/TLS-enabled web applications, particularly when naive users want to connect to an SSL/TLS-enabled web server. In this paper, we discuss about the MITM threat to SSL/TLS-enabled web applications. We review the existing space of solutions to counter the MITM attack on SSL/TLS-enabled applications, and then, we provide an effective solution which can resist the MITM attack on SSL/TLS-enabled applications. The proposed solution uses a soft-token based approach for user authentication on top of the SSL/TLS’s security features. We show that the proposed solution is secure, efficient and user friendly in comparison to other similar approaches. |
| first_indexed | 2024-03-12T10:54:26Z |
| format | Article |
| id | doaj.art-572f01d145074e059b4a8af9f368f358 |
| institution | Directory Open Access Journal |
| issn | 2210-8327 |
| language | English |
| last_indexed | 2024-03-12T10:54:26Z |
| publishDate | 2014-01-01 |
| publisher | Emerald Publishing |
| record_format | Article |
| series | Applied Computing and Informatics |
| spelling | doaj.art-572f01d145074e059b4a8af9f368f3582023-09-02T06:32:31ZengEmerald PublishingApplied Computing and Informatics2210-83272014-01-01101688110.1016/j.aci.2014.02.001On the security of SSL/TLS-enabled applicationsManik Lal DasNavkar SamdariaSSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, banking, shopping, and gaming rely on the security strength of the SSL/TLS protocol. In recent times, a potential threat, known as main-in-the-middle (MITM) attack, has been exploited by attackers of SSL/TLS-enabled web applications, particularly when naive users want to connect to an SSL/TLS-enabled web server. In this paper, we discuss about the MITM threat to SSL/TLS-enabled web applications. We review the existing space of solutions to counter the MITM attack on SSL/TLS-enabled applications, and then, we provide an effective solution which can resist the MITM attack on SSL/TLS-enabled applications. The proposed solution uses a soft-token based approach for user authentication on top of the SSL/TLS’s security features. We show that the proposed solution is secure, efficient and user friendly in comparison to other similar approaches.http://www.sciencedirect.com/science/article/pii/S2210832714000039Secure Socket LayerTransport Layer SecurityAuthenticationPublic key certificateMan-in-the-middle attacksOne-time pad |
| spellingShingle | Manik Lal Das Navkar Samdaria On the security of SSL/TLS-enabled applications Applied Computing and Informatics Secure Socket Layer Transport Layer Security Authentication Public key certificate Man-in-the-middle attacks One-time pad |
| title | On the security of SSL/TLS-enabled applications |
| title_full | On the security of SSL/TLS-enabled applications |
| title_fullStr | On the security of SSL/TLS-enabled applications |
| title_full_unstemmed | On the security of SSL/TLS-enabled applications |
| title_short | On the security of SSL/TLS-enabled applications |
| title_sort | on the security of ssl tls enabled applications |
| topic | Secure Socket Layer Transport Layer Security Authentication Public key certificate Man-in-the-middle attacks One-time pad |
| url | http://www.sciencedirect.com/science/article/pii/S2210832714000039 |
| work_keys_str_mv | AT maniklaldas onthesecurityofssltlsenabledapplications AT navkarsamdaria onthesecurityofssltlsenabledapplications |