کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
456234 | 695680 | 2008 | 7 صفحه PDF | دانلود رایگان |
![عکس صفحه اول مقاله: SSL/TLS session-aware user authentication revisited SSL/TLS session-aware user authentication revisited](/preview/png/456234.png)
Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications. In Oppliger R, Hauser R, Basin D [SSL/TLS session-aware user authentication – or how to effectively thwart the man-in-the-middle. Computer Communications August 2006;29(12):2238–46] and Oppliger R, Hauser R, Basin D [SSL/TLS session-aware user authentication. IEEE Computer March 2008;41(3) 59-65], we introduced the notion of SSL/TLS session-aware user authentication to protect SSL/TLS-based e-commerce applications against MITM attacks and we proposed an implementation based on impersonal authentication tokens. In this paper, we present a number of extensions of the basic idea. These include multi-institution tokens, possibilities for changing the PIN, and different ways of making several popular and widely deployed user authentication systems SSL/TLS session-aware.
Journal: Computers & Security - Volume 27, Issues 3–4, May–June 2008, Pages 64–70