SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle

Rolf Oppliger; Ralf Hauser; David Basin

首页> 外文期刊>Computer Communications >SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle

【24h】

SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle

机译：SSL / TLS会话感知用户身份验证-或如何有效阻止中间人

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Man-in-the-middle attacks pose a serious threat to SSL/TLS-based electronic commerce applications, such as Internet banking. In this paper, we argue that most deployed user authentication mechanisms fail to provide protection against this type of attack, even when they run on top of SSL/TLS. As a possible countermeasure, we introduce the notion of SSL/TLS session-aware user authentication, and present different possibilities for implementing it. We start with a basic implementation that employs impersonal authentication tokens. Afterwards, we address extensions and enhancements and discuss possibilities for implementing SSL/TLS session-aware user authentication in software.

机译：中间人攻击对基于SSL / TLS的电子商务应用程序（例如互联网银行）构成了严重威胁。在本文中，我们认为，即使部署的用户身份验证机制运行在SSL / TLS之上，它们也无法提供针对这种类型攻击的保护。作为一种可能的对策，我们引入了SSL / TLS会话感知用户身份验证的概念，并提出了实现它的不同可能性。我们从采用非个人身份验证令牌的基本实现开始。之后，我们将介绍扩展和增强功能，并讨论在软件中实现SSL / TLS会话感知用户身份验证的可能性。

著录项

来源
《Computer Communications》 |2006年第12期|p.2238-2246|共9页
作者
Rolf Oppliger; Ralf Hauser; David Basin;
展开▼
作者单位

eSECURITY Technologies, Beethovenstrasse 10, CH-3073 Guemligen, Switzerland;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类计算技术、计算机技术;
关键词
security; man-in-the-middle attack; SSL/TLS protocol; user authentication; electronic commerce;

机译：安全性;中间人攻击;SSL / TLS协议;用户认证;电子商务;

相似文献

外文文献
中文文献
专利

1. SSL/TLS Session-Aware User Authentication [J] . Oppliger R., Hauser R., Basin D. Computer . 2008,第3期

机译：SSL / TLS会话感知用户身份验证
2. Ssl/tls Session-aware User Authentication Revisited [J] . Rolf Oppliger, Ralf Hauser, David Basin Computers & Security . 2008,第3a4期

机译：重新访问Ssl / tls支持会话的用户身份验证
3. A New Secure Passwordless Multi-Server Modified Authenticated Master-Key Agreement Scheme Based on Hardware-Software and Iriscode Identifiers Through SSL/TLS Protocol for E-learning and Similar Web-based Services [J] . Afshin Zivi, Gholamreza Farahani Journal of computer sciences . 2018,第10期

机译：基于SSL / TLS协议的软硬件和Iriscode标识符的新安全无密码多服务器修改的身份验证主密钥协议方案，用于电子学习和类似的基于Web的服务
4. SSL/TLS Session-Aware User Authentication Using a GAA Bootstrapped Key [C] . Chunhua Chen, Chris J. Mitchell, Shaohua Tang Information security theory and practice : Security and privacy of mobile devices in wireless communication . 2011

机译：使用GAA自举密钥的SSL / TLS会话感知用户身份验证
5. Large scale, automated detection of SSL Man-in-the-Middle vulnerabilities in Android applications. [D] . Sounthiraraj, David B. 2013

机译：大规模，自动检测Android应用程序中的SSL中间人漏洞。
6. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations [O] . Chad Brubaker, Suman Jana, Baishakhi Ray, -1

机译：在SSL / TLS实施中使用Frankencerts对证书验证进行自动对抗测试
7. SSL/TLS Session-Aware User Authentication — Or How to Effectively Thwart the Man-in-the-Middle [O] . Rolf Oppliger, Ralf Hauser, David Basin 2006

机译：ssL / TLs会话感知用户认证 - 或如何有效地阻止中间人

SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle

摘要

著录项

相似文献

相关主题

期刊订阅