On the security of SSL/TLS-enabled applications
SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, ba...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
Emerald Publishing
2014-01-01
|
Series: | Applied Computing and Informatics |
Subjects: | |
Online Access: | http://www.sciencedirect.com/science/article/pii/S2210832714000039 |
_version_ | 1797727060988264448 |
---|---|
author | Manik Lal Das Navkar Samdaria |
author_facet | Manik Lal Das Navkar Samdaria |
author_sort | Manik Lal Das |
collection | DOAJ |
description | SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, banking, shopping, and gaming rely on the security strength of the SSL/TLS protocol. In recent times, a potential threat, known as main-in-the-middle (MITM) attack, has been exploited by attackers of SSL/TLS-enabled web applications, particularly when naive users want to connect to an SSL/TLS-enabled web server. In this paper, we discuss about the MITM threat to SSL/TLS-enabled web applications. We review the existing space of solutions to counter the MITM attack on SSL/TLS-enabled applications, and then, we provide an effective solution which can resist the MITM attack on SSL/TLS-enabled applications. The proposed solution uses a soft-token based approach for user authentication on top of the SSL/TLS’s security features. We show that the proposed solution is secure, efficient and user friendly in comparison to other similar approaches. |
first_indexed | 2024-03-12T10:54:26Z |
format | Article |
id | doaj.art-572f01d145074e059b4a8af9f368f358 |
institution | Directory Open Access Journal |
issn | 2210-8327 |
language | English |
last_indexed | 2024-03-12T10:54:26Z |
publishDate | 2014-01-01 |
publisher | Emerald Publishing |
record_format | Article |
series | Applied Computing and Informatics |
spelling | doaj.art-572f01d145074e059b4a8af9f368f3582023-09-02T06:32:31ZengEmerald PublishingApplied Computing and Informatics2210-83272014-01-01101688110.1016/j.aci.2014.02.001On the security of SSL/TLS-enabled applicationsManik Lal DasNavkar SamdariaSSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, banking, shopping, and gaming rely on the security strength of the SSL/TLS protocol. In recent times, a potential threat, known as main-in-the-middle (MITM) attack, has been exploited by attackers of SSL/TLS-enabled web applications, particularly when naive users want to connect to an SSL/TLS-enabled web server. In this paper, we discuss about the MITM threat to SSL/TLS-enabled web applications. We review the existing space of solutions to counter the MITM attack on SSL/TLS-enabled applications, and then, we provide an effective solution which can resist the MITM attack on SSL/TLS-enabled applications. The proposed solution uses a soft-token based approach for user authentication on top of the SSL/TLS’s security features. We show that the proposed solution is secure, efficient and user friendly in comparison to other similar approaches.http://www.sciencedirect.com/science/article/pii/S2210832714000039Secure Socket LayerTransport Layer SecurityAuthenticationPublic key certificateMan-in-the-middle attacksOne-time pad |
spellingShingle | Manik Lal Das Navkar Samdaria On the security of SSL/TLS-enabled applications Applied Computing and Informatics Secure Socket Layer Transport Layer Security Authentication Public key certificate Man-in-the-middle attacks One-time pad |
title | On the security of SSL/TLS-enabled applications |
title_full | On the security of SSL/TLS-enabled applications |
title_fullStr | On the security of SSL/TLS-enabled applications |
title_full_unstemmed | On the security of SSL/TLS-enabled applications |
title_short | On the security of SSL/TLS-enabled applications |
title_sort | on the security of ssl tls enabled applications |
topic | Secure Socket Layer Transport Layer Security Authentication Public key certificate Man-in-the-middle attacks One-time pad |
url | http://www.sciencedirect.com/science/article/pii/S2210832714000039 |
work_keys_str_mv | AT maniklaldas onthesecurityofssltlsenabledapplications AT navkarsamdaria onthesecurityofssltlsenabledapplications |